Full Report
OpenSSL has published a security advisory [0] about a vulnerability in OpenSSL versions 1.1.1 Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends countermeasures for products where updates are not, or not yet available. [0] https://www.openssl.org/news/secadv/20210824.txt
Analysis Summary
# Vulnerability: OpenSSL Out-of-bounds Read in Siemens Industrial Products
## CVE Details
- **CVE ID:** CVE-2021-3711
- **CVSS Score:** 7.4 (High)
- **CWE:** CWE-125 (Out-of-bounds Read)
## Affected Systems
- **Products:** Various Siemens industrial networking and automation products including RUGGEDCOM (ROX II, RM1224), SCALANCE (M-800, S615, W-700, X-200, X-300), SIMATIC (S7-1200, CP 1543-1, CP 1243), Industrial Edge connectors, and SINEMA Remote Connect.
- **Versions:**
- OpenSSL versions 1.1.1 through 1.1.1k
- OpenSSL versions 1.0.2 through 1.0.2y
- **Configurations:** Systems utilizing SM2 decryption within the OpenSSL library.
## Vulnerability Description
A flaw exists in the implementation of the SM2 decryption algorithm within OpenSSL. To decrypt SM2-encrypted data, an application typically calls `EVP_PKEY_decrypt()`. If the first call provides a `NULL` buffer to determine the required output length, and a second call provides the actual buffer, a mismatch can occur. An attacker can manipulate the ciphertext so that the second call calculates a larger numerical length than the buffer allocated during the first call, resulting in an out-of-bounds write (buffer overflow).
## Exploitation
- **Status:** PoC available (Proof of Concept exists).
- **Complexity:** High (Requires specific manipulation of SM2 ciphertext).
- **Attack Vector:** Network (Applicable to any application that decrypts SM2 data from untrusted sources).
## Impact
- **Confidentiality:** High (Potential disclosure of private memory content, including private keys or sensitive plaintext).
- **Integrity:** None.
- **Availability:** High (Can lead to application crashes or Denial of Service).
## Remediation
### Patches
Siemens recommends updating to the following versions (or later):
- **Industrial Edge PROFINET IO Connector:** V1.1.1
- **RUGGEDCOM RM1224 / SCALANCE M800 Series:** V7.1
- **RUGGEDCOM ROX II (RX/MX series):** V2.15.0
- **SCALANCE X-200/X-300:** Refer to specific product update pages.
- **SIMATIC S7-1200 / CP 1543-1:** Update to the latest firmware provided in the advisory links.
### Workarounds
- For products where no fix is planned (e.g., Industrial Edge - Machine Insight App) or not yet available, Siemens recommends implementing general security countermeasures:
- Protect network access to devices with appropriate mechanisms (firewalls, segmentation).
- Follow the Siemens Operational Technology Security (UM) guidelines.
## Detection
- **Indicators of Compromise:** Unusual application crashes in services utilizing OpenSSL for SM2 decryption.
- **Detection methods:** Vulnerability scanners can identify outdated versions of OpenSSL (pre-1.1.1l or 1.0.2za) within the software bill of materials (SBOM).
## References
- **Siemens Advisory:** hxxps://cert-portal.siemens[.]com/productcert/html/ssa-244969.html
- **OpenSSL Security Advisory:** hxxps://www.openssl[.]org/news/secadv/20210824.txt
- **Siemens CERT:** hxxps://www.siemens[.]com/cert/advisories