Siemens Industrial Products

Siemens released patches for 38 of its industrial control products to address a critical remote code execution vulnerability, CVE-2017-5689, present in Intel Active Management Technology. Successful exploitation could allow a remote threat actor to execute code and gain system privileges to Intel manageability SKUs. Affected products include SIMATIC industrial PCs, SINUMERIK control panels, and SIMOTION P320 PCs. Siemens released firmware updates to address this vulnerability; however, they encouraged organizations to set AMT to “un-configured” in the BIOS and set protections for the following ports: 16992/TCP, 16993/TCP, 16994/TCP, 16995/ TCP, 623/TCP, and 664/TCP. The NJCCIC recommends all administrators review the Siemens Security Advisory for a full list of affected products and additional vulnerability information, immediately implement the mitigations provided by Siemens, and apply the necessary updates as they become available. Additionally, Siemens released a separate advisory addressing a vulnerability in ViewPort for Web Office Portal that could allow an unauthenticated remote threat actor access to the web server on port 443/TCP or port 80/TCP to execute arbitrary code. The NJCCIC recommends administrators review the Siemens Security Advisory and apply the necessary update or implement the provided mitigations until patches can be applied.