Full Report
Several SIMATIC products are affected by a timing based side channel vulnerability in the OpenSSL RSA Decryption (CVE-2023-4304), as disclosed on 2023-02-07 at https://www.openssl.org/news/secadv/20230207.txt. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where fixes are not, or not yet available.
Analysis Summary
# Vulnerability: Timing Based Side Channel in OpenSSL RSA Decryption (Bleichenbacher-style)
## CVE Details
- **CVE ID:** CVE-2022-4304 (Note: The advisory summary mentions 2023-4304, but the technical details and OpenSSL references confirm CVE-2022-4304)
- **CVSS Score:** 5.9 (Medium)
- **Vector:** CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
- **CWE:** CWE-326: Inadequate Encryption Strength
## Affected Systems
- **Products:**
- SIMATIC Cloud Connect 7 CC712
- SIMATIC Logon V1.6
- SIMATIC PDM (V9.1, V9.2)
- SIMATIC Process Historian (2019, 2020, 2022) OPC UA Server
- SIMATIC S7-300 CPUs (314C-2 PN/DP, 315-2 PN/DP)
- SIMATIC S7-1200 & S7-1500 CPU Families (including SIPLUS variants)
- SIMATIC ET 200SP Open Controller
- SIMATIC S7-PLCSIM Advanced
- **Versions:** Various versions prior to the patches listed below.
- **Configurations:**
- Especially impactful where RSA certificates are used (e.g., OPC-UA interfaces).
- S7-1500/S7-1200 default configurations use ECC for Web/HMI, which are not affected; however, their OPC-UA interfaces use RSA by default and are vulnerable.
## Vulnerability Description
This is a timing-based side channel vulnerability in OpenSSL’s RSA decryption implementation. It is a "Bleichenbacher-style" oracle attack where the time taken to process a decryption request varies based on the padding of the ciphertext. By sending a significant number of trial messages and precisely measuring the response times, a network attacker can decrypt captured RSA ciphertexts (such as a TLS pre-master secret), eventually recovering the plaintext and compromising the session's confidentiality.
## Exploitation
- **Status:** Proof of Concept (PoC) available (denoted by CVSS:3.1/E:P).
- **Complexity:** High (Requires a very large number of trial messages and precise timing measurements).
- **Attack Vector:** Network.
## Impact
- **Confidentiality:** None (Strictly speaking, per the CVSS vector provided, though the technical description notes it allows decryption of application data).
- **Integrity:** High (Calculated based on the ability to compromise the secure channel).
- **Availability:** None.
## Remediation
### Patches
Siemens has released the following updated versions to resolve the flaw:
- **SIMATIC Cloud Connect 7 CC712:** Update to V30.1.0 or later.
- **SIMATIC PDM V9.2:** Update to V9.2 SP2 Upd1 or later.
- **SIMATIC Process Historian 2022:** Update to V2022 SP1 or later.
- **SIMATIC S7-300 CPU 314C-2:** Update to V3.3.19 or later.
- **SIMATIC S7-300 CPU 315-2:** Update to V3.2.19 or later.
- **SIMATIC S7-PLCSIM Advanced:** Update to V6.0 or later.
- **SIMATIC S7-1200/S7-1500 Families:** Refer to the latest firmware updates (detailed in V1.4 of the advisory).
### Workarounds
- **Disable Web Server:** For S7-300 CPUs, disabling the web server mitigates the vulnerability on that interface.
- **Use ECC Certificates:** Where supported (e.g., S7-1500 web services), use Elliptic Curve Cryptography (ECC) instead of RSA.
- **No Fix Planned:** For SIMATIC Logon V1.6, PDM V9.1, and Process Historian 2019/2020, users should follow general security mitigations.
## Detection
- **Indicators of Compromise:** High volume of unusual or malformed decryption requests/TLS handshakes from a single source.
- **Methods:** Implementation of network intrusion detection systems (IDS) to monitor for repeated, failed TLS handshake attempts which are characteristic of oracle attacks.
## References
- **Siemens Advisory:** hxxps://cert-portal.siemens[.]com/productcert/html/ssa-264814.html
- **OpenSSL Security Advisory:** hxxps://www.openssl[.]org/news/secadv/20230207.txt
- **Siemens ProductCERT:** hxxps://www.siemens[.]com/cert/advisories