Siemens FactoryLink Flaws Allow Hackers to Execute Arbitrary Code

Buffer overflow and data corruption vulnerabilities were discovered by Kuang-Chun Hung, a researcher at Taiwan’s Information and Communication Security Technology Center (ICST), in Siemens’ Tecnomatix FactoryLink application, used to develop things such as human-machine interface systems.

The flaws that affected the ActiveX components found in the software could have allowed an attacker to remotely execute code or launch denial of service (DoS) attacks.

Even though the security holes were discovered earlier, US-CERT released an advisory only now to give Siemens the chance to patch up the issues.

The affected versions include V8.0.2.54, V7.5.217 (V7.5 SP2), V6.6.1 (V6.6 SP1), and ICS-CERT advises companies to evaluate the impact of these vulnerabilities based on their specific architecture, product implementation and operational environment.

The buffer overflow weakness could allow a cybercriminal to execute malicious code, but some social engineering is required to convince the victim to access a certain website.

The same type of social engineering is required to exploit the data corruption vulnerability, which would permit an attacker to save a file to any location on the targeted system.

For the time being, no public exploits target these specific vulnerabilities, but to make sure their customers aren’t exposed to any malicious activities, Siemens released a patch to address them.

In addition, in August 2011, Microsoft released a new set of ActiveX kill bits to address the vulnerabilities.

Siemens Tecnomatix FactoryLink customers are advised by US-CERT to deploy the patches to make sure they’re protected against cybercriminal operations, but also to take other defensive measures to secure their infrastructures against online threats.

These measures include minimizing network exposures for all control system devices, placing control system networks and remote devices behind firewalls, isolating them from the business network, and using secure methods, such as Virtual Private Networks (VPNs), when remote access is required.