Rewterz Threat Advisory – CVE-2019-10953 – PLC Cycle Time Influences Resource Consumption Vulnerability

Severity

High

Analysis Summary

Researchers have found some controllers are susceptible to a denial-of-service attack due to a flood of network packets.

Impact

Uncontrolled Resource Consumption

Affected Vendors

• ABB
• Phoenix Contact
• Schneider Electric
• Siemens
• WAGO

Affected Products

• Programmable Logic Controllers
• ABB 1SAP120600R0071 PM554-TP-ETH
• Phoenix Contact 2700974 ILC 151 ETH
• Schneider Modicon M221
• Siemens 6ES7211-1AE40-0XB0 Simatic S7-1211
• Siemens 6ES7314-6EH04-0AB0 Simatic S7-314
• Siemens 6ED1052-1CC01-0BA8 Logo! 8
• WAGO 750-889 Controller KNX IP
• WAGO 750-8100 Controller PFC100
• WAGO 750-880 Controller ETH
• WAGO 750-831 Controller BACnet/IP

Remediation

PHOENIX CONTACT

Phoenix Contact acknowledges this as a “known, won’t fix” issue for old products. Currently available products provide countermeasures to mitigate the impact on the safety-related functionality.

https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info

/ah_en_industrial_security_107913_en_01.pdf

ABB

ABB concludes the reported behavior is not a vulnerability but is due to a misconfiguration of the PLC watchdog,

SIEMENS

Siemens has investigated the vulnerability report on PLC cycle time influences and concludes the report does not demonstrate a valid vulnerability for Siemens PLCs.

WAGO

WAGO recommends users operate the devices in closed networks or protect them with a firewall against unauthorized access. Another recommended mitigation is to limit network traffic via the switch rate limit feature according to application needs.

SCHNEIDER ELECTRIC

Fixes are available in the Modicon M221 firmware v1.10.0.0 and the EcoStruxure Machine Expert – Basic v1.0 software (formerly SoMachine Basic) using either of the following options:

https://www.schneider-electric.com/en/download/document/Machine_Expert_Basic