Several Siemens Devices Affected by Intel MDS Vulnerabilities
Siemens informed customers on Tuesday that several of its products are affected by the Microarchitectural Data Sampling (MDS) vulnerabilities impacting a majority of the Intel processors made in the last decade.
The vulnerabilities, discovered by researchers at Intel and other organizations, have been named ZombieLoad, RIDL (Rogue In-Flight Data Load), Fallout, and Store-to-Leak Forwarding, and they have been assigned the CVE identifiers CVE-2018-12130, CVE-2018-12126, CVE-2018-12127 and CVE-2018-11091.
The flaws are related to speculative execution and they allow attacks against both PCs and cloud environments. Exploitation of the vulnerabilities can result in applications, operating systems, virtual machines and trusted execution environments leaking information, including passwords, website content, disk encryption keys and browser history.
Attacks can be launched both by a piece of malware present on the targeted system and from the internet, but Intel says real-world attacks are not easy to carry out and even if the exploit is successful the attacker may not obtain any valuable information.
One of the advisories published by Siemens as part of its July 2019 Patch Tuesday updates reveals that the vulnerabilities impact some of its SIMATIC Field PG programming devices, SIMATIC Industrial PCs, SIMOTION motion control systems, SINUMERIK CNC automation solutions and their PCU and TCU human-machine interfaces (HMIs), and SIMATIC S7-1500 MFP CPUs.
Siemens has released BIOS updates that address the vulnerabilities for several Industrial PC devices, but the company has highlighted that customers also need to install operating system patches and possibly implement other mitigations — depending on the operating system — in order to completely eliminate the risk of attacks.
For the other products, Siemens recommends taking steps to ensure that untrusted code cannot be executed on the impacted devices — this is a requirement for an attack — including by applying its Defense-in-Depth concept for industrial systems.
Siemens published five other new security advisories on Tuesday, including for a high-severity code upload vulnerability in SIMATIC WinCC and PCS7 products, medium-severity flaws related to TLS in SIMATIC RF6XXR, a high-severity authentication issue in the TIA Portal, an XSS vulnerability in Spectrum Power, and high-severity DoS and file upload/download flaws in SIPROTEC 5 relays and their engineering software DIGSI 5.
Schneider Electric has also published some new advisories on Tuesday. They describe vulnerabilities in Modicon controllers, its Interactive Graphical SCADA System, and Zelio Soft 2. Schneider released an advisory for the MDS vulnerabilities shortly after their disclosure by Intel, but the company has yet to say if its products are impacted.