Siemens Siclock: How do threat actors exploit these devices?

News

Siemens AG Siclock central plant clocks were recently found to be affected by several vulnerabilities, some of which have been rated critical. What are these Siemens Siclock flaws and how can they be exploited?

German manufacturer and tech giant Siemens recently disclosed six vulnerabilities — three classified as critical — that were found in its Siclock central plant clock systems. These systems are used to synchronize all the components of industrial control systems that automate industrial processes.

The flaws affected the Siemens Siclock TC100 and TC400 product lines; however, those products are being discontinued, so Siemens did not release patches for the newly found vulnerabilities.

The most serious vulnerability, tracked as CVE-2018-4853, enables an attacker with network access to UDP port 69 to modify the device’s firmware and run arbitrary code on the device with no user interaction required. This vulnerability received a Common Vulnerability Scoring System (CVSS) rating of 9.8 out of 10.

Another vulnerability, tracked as CVE-2018-4854 and with a CVSS rating of 9.6, enables a different attack through UDP port 69 in which a threat actor can modify the system’s administrative client. If a legitimate user downloads the malicious client, the system can be compromised.

The third critical vulnerability, tracked as CVE-2018-4851 and with a CVSS rating of 9.1, causes Siemens Siclock to reboot when it receives malicious packets. The resulting denial-of-service attack can disrupt operations because time synchronization can be interrupted when the devices reboot.

Siemens did not offer patches for the vulnerabilities, but it instead posted workarounds and mitigations for customers to reduce the risk of these vulnerabilities. Siemens’ suggestions included using redundant time sources for critical plant controllers, protecting all network devices behind properly configured firewalls, implementing plausibility checks to verify that the Siemens Siclock devices are functioning correctly and using network segmentation techniques for defense in depth.

Ask the expert:
Want to ask Judith Myerson a question about security? Submit your question now via email. (All questions are anonymous.)

Products You May Like

Articles You May Like

Gift Guide: The best gear for that friend who wants to start a podcast
BlackBerry Acquires Cylance for $1.4bn
Google report: Southeast Asia’s digital economy to triple to $240 billion by 2025
Another Facebook Bug Could Have Exposed Your Private Information
Pitching a $99 tax advisory service for the masses, Visor has raised $9 million

Leave a Reply

Your email address will not be published. Required fields are marked *