Siemens rushes to patch IoT devices against Intel AMT flaw

Industrial control devices vulnerable to remote attack

Hacking

Siemens has issued patches to 38 of its industrial control products after it was discovered they were vulnerable to an Intel AMT flaw that could let hackers gain system privileges and run remote code.

According to an advisory published by Siemens, a flaw within several Intel chipsets found in Siemens products used in industrial control units feature Intel's Active Management Technology (AMT). These are susceptible to remote code execution vulnerability (CVE-2017-5689). 

The advisory said that a hacker could "gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT), Intel Standard Manageability (ISM) and Intel Small Business Technology (SBT)."

Up to 38 products are affected by the bug. These include SIMATIC industrial PCs, SINUMERIK control panels and SIMOTION P320 PCs. The bug has a CVSS Base Score of 9.8.

While the company has provided a firmware update, it urged organisations to ensure that AMT is set to "un-configured" in the BIOS setup as a mitigation. It also advised protection of the following ports: 16992/TCP, 16993/TCP, 16994/TCP, 16995/TCP, 623/TCP, and 664/TCP.

"As a general security measure, Siemens strongly recommends to protect network access to the non-perimeter Industrial Products with appropriate mechanisms. It is advised to configure the environment according to our operational guidelines in order to run the products in a protected IT environment," it warned.

The firm also notified users of another bug, this time with its ViewPort for Web Office Portal. This is used by some energy companies to retrieve data from control centres.

In another advisory, it said that the flaw could enable an unauthenticated remote user could upload arbitrary code and execute it with the permissions of the operating system user running the web server by sending specially crafted network packets to port 443/TCP or port 80/TCP.

"The attacker must have network access to the web server on port 443/TCP or port 80/TCP of the affected product. Siemens recommends operating the affected product only within trusted networks," the firm said.

Featured Resources

Navigating the new normal: A fast guide to remote working

A smooth transition will support operations for years to come

Download now

Leading the data race

The trends driving the future of data science

Download now

How to create 1:1 customer experiences at scale

Meet the technology capable of delivering the personalisation your customers crave

Download now

How to achieve daily SAP releases

Accelerate the pace of SAP change to support your digital strategy

Download now

Recommended

Your essential guide to internet security
Security

Your essential guide to internet security

23 Sep 2020
How to enable private browsing on any device
privacy

How to enable private browsing on any device

22 Sep 2020
Third-party apps are tracking your WhatsApp activity
social media

Third-party apps are tracking your WhatsApp activity

21 Sep 2020
Ransomwiz lets you test your security with simulated ransomware
ransomware

Ransomwiz lets you test your security with simulated ransomware

21 Sep 2020

Most Popular

Unilever adopts Google Cloud’s complex data processing for deforestation drive
big data analytics

Unilever adopts Google Cloud’s complex data processing for deforestation drive

22 Sep 2020
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020