Siemens Tecnomatix FactoryLink SCADA CSService Multiple MSGs File Download

Vulnerability
Protection

Check Point Reference:	CPAI-2011-278
Date Published:
Severity:
Source:	Check Point IPS Research Team
Protection Provided by:	Security Gateway R75 R71 R70
Who is Vulnerable? Siemens Tecnomatix FactoryLink SCADA 8.0.1.1473 and prior
Vulnerability Description A possible file downloading vulnerability has been reported in Siemens Tecnomatix FactoryLink SCADA system. A remote attacker could exploit this issue by sending a specially crafted CSService messages to the target server. Successful exploitation of this vulnerability would lead to file downloading from the affected server.

Vulnerability Details
The vulnerability is due to a boundary error in Siemens Tecnomatix FactoryLink CSService while handling muultiple file listing requests sent to the server. A remote attacker could exploit this issue by sending a specially crafted CSService messages to the target server. Successful exploitation of this vulnerability would lead to file downloading from the affected server.

Protection Overview
This protection will detect and block specially crafted CSService messages to the target server.

To configure the defense, select your product from the list below and follow the related protection steps.

Security Gateway R70 / R71 / R75

How Can I Protect My Network?

In the IPS tab, click Protections and find the Siemens Tecnomatix FactoryLink SCADA CSService Multiple MSGs File Download protection using the Search mechanism and Edit the protection's settings.
Install policy on all modules.

How Do I Know if My Network is Under Attack?

SmartView Tracker will log the following entries:

Attack Name: Application Servers Protection Violation

Attack Information: Siemens Tecnomatix FactoryLink SCADA CSService Multiple MSGs file download

Legal Notice for Threat Center Advisories