Multiple Vulnerabilities in Siemens A8000 CP-8050 and CP-8031 PLC

Title

Multiple Vulnerabilities

Product

Siemens A8000 CP-8050 PLC, Siemens A8000 CP-8031 PLC

Vulnerable Version

<05.40 for Vulnerability 1, <05.30 for Vulnerability 2

Fixed Version

05.40 for Vulnerability 1, 05.30 for Vulnerability 2

CVE Number

CVE-2024-39601, CVE-2024-53832

Impact

high

Homepage

https://www.siemens.com

Found

03.04.2023

By

Stefan Viehboeck, Steffen Robertz, Gerhard Hechenberger, Constantin Schieber-Knoebl (Office Vienna) | SEC Consult Vulnerability

Management summary

The Siemens A8000 CP-8050 and CP-8031 PLCs allowed to perform firmware downgrades, which made the PLCs vulnerable to the exploitation of previously patched vulnerabilities. Additionally, the used secure element could be used as decryption oracle to decrypt the encrypted firmware update files.

Vendor description

"We are a technology company focused on industry, infrastructure, transport, and healthcare. From more resource-efficient factories, resilient supply chains, and smarter buildings and grids, to cleaner and more comfortable transportation as well as advanced healthcare, we create technology with purpose adding real value for customers."

Source: https://new.siemens.com/global/en/company/about.html

Business recommendation

The vendor provides a patch which should be installed immediately.

SEC Consult highly recommends to perform a thorough security review of the product conducted by security professionals to identify and resolve potential further security issues.

Vulnerability overview/description

1) Firmware Downgrade (CVE-2024-39601)

The PLC allows the downgrade to previous firmware versions. Therefore, an attacker is able to downgrade to a firmware version with known vulnerabilities (e.g., RCE) and exploit them on the PLC, which may lead to leaking data or backdoored devices. A user account or physical access is required for firmware upgrades/downgrades.

2) Firmware Update Decryption via Secure Element Oracle (CVE-2024-53832)

The PLC includes a secure element which is connected via an unencrypted SPI bus. By connecting to this SPI bus, the password for the secure element authentication can be observed. This allows an attacker to use the secure element outside of the PLC as an oracle and leads to the possibility to decrypt all encrypted update files.

Proof of concept

1) Firmware Downgrade (CVE-2024-39601)

A firmware upgrade/downgrade can be triggered in multiple ways, here, the SICAM WEB interface was used. The current firmware version can be viewed at "Applications" -> "Installed applications" and was "CPCI85 04.93" at start. After successfully installing the firmware file "CPCI8504.F92" via the hamburger menu entry "Update" -> "Update firmware ..." at the top left corner, the current firmware version shows "CPCI85 04.92". The downgrade was successful.

2) Firmware Update Decryption via Secure Element Oracle (CVE-2024-53832)

The PLC uses a VaultIC405 secure element in a SOIC8 package connected via SPI. Its pinout can be seen below:

          +-----------+
SPI_MOSI =| *         |= SPI_MISO
     GND =|  VaultIC  |= VCC
 !SPI_SS =|    405    |= NC
!SPI_SEL =|           |= SPI_SCK
          +-----------+

When connecting to the SPI bus, cleartext data can be read. E.g., the SubmitPassword command, which looks as follows:

| 0x00 0x00 0x10 0x80 0x20 | UserID | RoleID | Password length | Password | Checksum |

Reverse engineering the communication, the used credentials can be identified as "SiemensUser", ID 1, Role 2. For decrypting updates, the algorithm "CIP_RSAES_PKCS" is used. After setting the algorithm, data can be sent to the secure element, the data is decrypted using the secure element's private key, and the data can be read from the secure element. This knowledge now allows to use the secure element as oracle to decrypt updates. For this, the VaultIC shared library /lib/libvaultic_api_4xx.so was loaded together with a custom library in between (using LD_PRELOAD) from a custom C program, which was executed on a Raspberry Pi using the SPI kernel driver to communicate with the connected secure element.

Every firmware update file contains multiple encrypted archive files, which are encrypted using a different, random, RSA encrypted AES key. However, all AES keys can be decrypted using the secure element oracle. For the following example, the "SICORE_KERNEL_V04.MB_arm.ear" archive from the "CPCI8504.F93" update archive was used. Extracted, it contains two files:

  • AES encrypted package “SICORE_KERNEL_V04.MB_arm.ipk.enc”
  • RSA encrypted AES key "SICORE_KERNEL_V04.MB_arm.ipk.key"

The .key file content is shown below:

00000000: 588c f4b8 50c9 27a9 6fcd 7aee 787d 87e2 ...."./uZ.....k{
[...]
000000f0: c3c0 ec53 c671 8024 748f e7ee 2e5f d6b6 ...S.q.$t...._..

Using the secure element oracle, the .key file can be decrypted as  "key.bin" file below:

00000000: 027a XXXX XXXX XXXX XXXX XXXX XXXX XXXX .z.0XXXXXXXXXXXX 
00000010: XXXX XXXX XXXX XXXX XXXX XXXX XXXX 28e4 XXXXXXXXXXXX^r(.

The decryption was reverse engineered from the "IDEC00.elf" binary on the PLC and turned out to be AES in CTR mode. A small C program "decrypt" was written to decrypt the .enc file with a given key, using the OpenSSL "CRYPTO_ctr128_encrypt" function. It was used as follows: 

$ ./decrypt SICORE_KERNEL_V04.MB_arm.ipk.enc out.ipk key.bin 
key 02 7a XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX 28 e4 
filesize 5131094 bytes

The created out.ipk file is now a valid IPK software archive. The first few bytes are given below: 

00000000: 213c 6172 6368 3e0a 6465 6269 616e 2d62 !<arch>.debian-b 
00000010: 696e 6172 792f 2020 3136 3736 3930 3936 inary/ 16769096 
00000020: 3736 2020 3020 2020 2020 3020 2020 2020 76  0    0 
00000030: 3130 3036 3434 2020 3520 2020 2020 2020 100644 5 
00000040: 2020 600a 322e 300d 0a0a 636f 6e74 726f   `.2.0...contro 
00000050: 6c2e 7461 722e 677a 2f20 3136 3736 3930 l.tar.gz/ 167690

The archive contains a control.tar.gz, data.tar.gz, and a debian-binary file and can be opened with an archive manager. The decryption was successful.

Vulnerable / tested versions

The following products were tested and identified to be vulnerable:

  • Siemens A8000 CP-8050 04.92
  • Siemens A8000 CP-8031 04.92

According to the vendor, the following previous firmware versions are affected:

  • <05.40 for vulnerability 1
  • <05.30 for vulnerability 2

Vendor contact timeline

2023-04-18 Contacting vendor through productcert@siemens.com, sending PGP encrypted advisory.
2023-04-19 Advisory will be handled as case #92461.
2023-06-13 Siemens releases advisory for vulnerability CVE-2023-33919 which was originally included in this advisory. SEC Consult published first advisory for this device (https://sec-consult.com/vulnerability-lab/advisory/multiple-vulnerabilities-siemens-a8000/) and included CVE-2023-33919 in issue 2. Removed issue CVE-2023-33919 from this advisory.
2023-10-09 Requesting status update
2023-10-10 Advisory release scheduled for December.
2024-04-03 Could not find any further Siemens advisory, requesting status update.
2024-04-04 Firmware downgrade issue fix scheduled for August 2024, Siemens advisory will be published in August or September Unsafe Storage of MQTT password fix will be released in April 2024, Siemens advisory scheduled for May 2024 Firmware update decryption via oracle fix in April 2024, for full bugfix new hardware is required. Supposed to be introduced to manufacturing in Summer 2024.
2024-05-14 Siemens released CVE-2024-31486 in SSA-871704 for Vulnerability 3
2024-06-18 Vulnerability 3 now released in SEC Consult SA-20240626-0 https://sec-consult.com/vulnerability-lab/advisory/multiple-vulnerabilities-in-siemens-power-automation-products-cp-8000-cp-8021-cp8-022-cp-8031-cp-8050-sicore/ Removed from this advisory.
2024-07-04 Siemens informs that Vulnerability 1 will be published in August, asks for the researcher's names.
2024-07-22 Siemens fixes vulnerability 1 and assignes CVE-2024-39601. Siemens advisory information can be found at https://cert-portal.siemens.com/productcert/html/ssa-071402.html
2024-10-22 Meeting with ProductCERT, discussing all open / reported issues.
2025-02-10 Requested updated timeline for vulnerability 2.
2025-02-11 Vulnerability 2 released in SSA-128393 on 2024-12-10. Siemens advisory information can be found at https://cert-portal.siemens.com/productcert/html/ssa-128393.html
2025-02-26 Coordinated release of security advisory.

Solution

The vendor provides software updates for the identified security issues:

Workaround

Restrict network access to the A8000 CP-8050/CP-8031 module or disable the SICAM Web Interface.
Disable SD-Card usage to prevent unauthenticated firmware downgrades with physical access. Use strong credentials and limit access for users allowed to perform firmware upgrades. Make sure to strictly limit physical access to the PLC during and also after its life cycle and strictly limit access to the configured MQTT server. 

Advisory URL

https://sec-consult.com/vulnerability-lab/

 

EOF Stefan Viehboeck, Steffen Robertz, Gerhard Hechenberger, Constantin Schieber-Knoebl / @2025

 

Interested to work with the experts of SEC Consult? Send us your application.
Interested in improving your cyber security with the experts of SEC Consult? Contact our local offices

Back