Siemens Tecnomatix FactoryLink SCADA CSService Filter File Download

Vulnerability
Protection

Check Point Reference:	CPAI-2011-279
Date Published:
Severity:
Source:	Check Point IPS Research team
Protection Provided by:	Security Gateway R75 R71 R70
Who is Vulnerable? Siemens Tecnomatix FactoryLink SCADA 8.0.1.1473 and prior
Vulnerability Description A possible file downloading vulnerability has been reported in Siemens Tecnomatix FactoryLink SCADA system. A remote attacker could exploit this issue by sending a specially crafted CSService filter message to the target server which would lead to file downloading from the affected server.

Vulnerability Details
The vulnerability is due to a boundary error in Siemens Tecnomatix FactoryLink CSService while handling Filter message request sent to the server. Attacker could exploit this issue by sending a specially crafted CSService filter message to the target server which would lead to file downloading from the affected server.

Protection Overview
This protection will detect and block specially crafted CSService Filter message to the target server.

To configure the defense, select your product from the list below and follow the related protection steps.

Security Gateway R70 / R71 / R75

How Can I Protect My Network?

In the IPS tab, click Protections and find the Siemens Tecnomatix FactoryLink SCADA CSService Filter File Download protection using the Search mechanism and Edit the protection's settings.
Install policy on all modules.

How Do I Know if My Network is Under Attack?

SmartView Tracker will log the following entries:

Attack Name: Application Servers Protection Violation

Attack Information: Siemens Tecnomatix FactoryLink SCADA CSService Filter File Download

Legal Notice for Threat Center Advisories