Siemens Sinec NMS (Network Management)

2023: U.S. authorities warn of dangerous holes in Siemens and GE industrial software

On January 17, 2023, the US Cybersecurity and Infrastructure Protection Agency (CISA) announced the discovery of dangerous vulnerabilities in industrial software (software) manufactured by Siemens, GE Digital and Contec.

In particular, the problems affect the Siemens SINEC INS (Infrastructure Network Services) platform, which provides access to industrial network services. It is said that there are problems with bypassing the CVE-2022-45092 path (CVSS score - 9.9) and implementing CVE-2022-2068 commands (CVSS score - 9.8). These holes can be used by attackers to remotely execute arbitrary program code on the victim's computer. The CVSS (Common Vulnerability Scoring System) criterion is an open standard used to calculate quantitative assessments of vulnerabilities in the security of a computer system (up to 10 points). In other words, the discovered vulnerabilities pose almost the maximum danger.

Attackers attack Siemens software

Siemens also reports authentication bypass problems in the llhttp parser (CVE-2022-35256, CVSS score 9.8) and an out-of-bounds write error in the OpenSSL library (CVE-2022-2274, CVSS score 9.8). These holes can be exploited by attackers to remotely execute malicious code.

A critical flaw has been discovered in the GE Digital Proficy Historian solution that can lead to arbitrary code execution regardless of authentication status. The issue described in Bulletin CVE-2022-46732 (CVSS score 9.8) affects Proficy Historian version 7.0 and above. In addition, there is a command injection vulnerability in the Contec CONPROSYS HMI CVE-2022-44456 system (CVSS estimate - 10.0), which allows an attacker to send specially created requests for remote execution of arbitrary commands.^[1]

2018: Platform launch

On November 20, 2018, Siemens announced the launch of the Sinec NMS platform for network infrastructure management (NMS). The solution allows users to adapt to the rapidly growing requirements of industrial networks in APCS, for example, an increase in the number of connected devices, the amount of information transmitted and the complexity of network topologies. According to the developer, from 50 to 12,500 network devices can be centrally configured, managed and monitored around the clock using software. The solution implements forward planning and fast response times to prevent potential failures and therefore improve performance. The software can be used in any industry.

According to the developer, Sinec NMS provides users with a high degree of transparency of the entire architecture of the industrial network. Components can be easily integrated into the network, and existing devices can be easily configured and maintained. Network components are configured according to rules called "policies," which apply to a specific range of devices or section of the network. For example, users can change the passwords needed to access devices centrally. This saves a lot of time when configuring network devices, and when troubleshooting, especially in large networks with a large number of devices.

The unified NMS approach allows you to easily and flexibly adapt to the requirements of all types of network topologies. To manage large networks, the system is divided into two levels - management and operations, noted in Siemens. Management is the main component of Sinec NMS; it displays the overall state of the network quickly and clearly. The operations themselves are distributed throughout the network and implement configuration specifications from controls on all devices.

As a Network Management System (NMS), Sinec NMS covers all five cornerstones of the ISO (International Organization for Standardization) defined FCAPS model, according to the developer's statement. First, "error management" for quick and easy fault detection. Secondly, "configuration management" to save time and money through centralized configuration and maintenance of the entire network. Third, "account management" to ensure security by reliably checking the network and documenting events. Fourth, "performance management" for flexibility by optimizing the network, transparency by creating statistics, and high availability by continuously monitoring the network. Fifth, "security management" for greater network information security. Sinec NMS also offers two common elements: system administration and north interface. They are specifically designed to meet the requirements of industrial networks.

As of November 2018, the software is already available to customers and partners for testing and implementation.