Siemens warns of the presence of six vulnerabilities in some of its SICLOCK central clocks, which synchronize the time in industrial environments, as reported by specialists in pentest from the International Institute of Cyber Security.
“In case of failure or loss of reception from the primary time source, the central clock of the plant ensures the steady continuation of the clock time and the monitoring of the time of the system without jumps of time as soon as the reception is restored”, says a statement on the Siemens website.
Vulnerabilities are identified with codes from CVE-2018-4851 to CVE-2018-4856, three of these failures are considered as critical by pentest experts.
“SICLOCK TC devices are affected by multiple vulnerabilities that could allow a hacker to cause DoS, bypass authentication, and modify the device or administrative client firmware”, can be read in the issued notice by the company.
One of the critical vulnerabilities (CVE-2018-4851) could be exploited attackers with network access to cause denial-of-service (DoS) condition and potentially restart by sending packages especially designed.
According to pentest specialists, for this vulnerability to be exploited no user interaction is required.
“An attacker with network access could cause DoS when sending certain packets to the device, causing possible clock restarts”, the security alert continues. “The main functionality of the device may be affected. The time service functionality is retrieved when time synchronization is complete with GPS devices. The vulnerability could affect the availability of the device and could affect the integrity of the device’s time-service functionality”.
The second critical vulnerability (CVE-2018-4853) can be exploited by an attacker with access to UDP Port 69 to modify the firmware on a vulnerable device.
The flaw could be exploited by an attacker to run his own code on the SICLOCK device.
The third critical problem (CVE-2018-4854) can be exploited by an attacker with access to UDP Port 69 to modify the administrative client stored on the device.
Siemens has also reported a serious vulnerability that could be exploited by an attacker to bypass authentication process.
The other problems discovered by Siemens are medium-gravity flaws that could be exploited to launch a Man-in-the-Middle (MitM) attack and intercept unencrypted passwords stored in the client configuration files, as well as low-gravity flaws that can be exploited by attackers with access to the management interface to block legitimate users.
The company is still unaware of the extent to which vulnerabilities could be exploited.
The defects affected the devices SICLOCK TC100 and SICLOCK TC400.
Siemens has not released updates for the products because they are in phase of elimination, the industrial giant only provided midterm solutions and mitigations to reduce the risk of attacks.