Siemens has issued a security advisory concerning vulnerabilities discovered in the Discovery and Basic Configuration Protocol (DCP), a protocol widely utilized in industrial settings. The DCP protocol, originally designed for operational functionalities like initial setup and component reset, lacks built-in security measures, making it susceptible to exploitation by malicious actors. Specifically, attackers could abuse DCP to alter device configurations, potentially resulting in denial of service incidents. The affected products encompass all PROFINET devices not compliant with Security Class 1 and those supporting configuration via DCP. While attacks are confined to the local network due to DCP’s non-routable nature, the consequences could be severe.
To mitigate these risks, Siemens recommends implementing PROFINET Security Class 1 or higher and adopting read-only mode or disabling DCP usage based on the specific environment and use cases. Additionally, ensuring strict access policies within the network is advised, especially for scenarios where deactivating DCP is not feasible. Detailed instructions for protocol deactivation or Security Class configuration can be found in the respective product manuals.
In line with broader security practices, Siemens emphasizes the importance of safeguarding network access to devices and aligning operational configurations with Siemens’ guidelines for Industrial Security. These measures aim to fortify the IT environment and mitigate potential risks associated with industrial operations. Users are encouraged to adhere to these recommendations and leverage additional resources provided by Siemens to enhance overall security posture.
