×
Siemens Industry Online Support
Siemens AG
Entry type: FAQ Entry ID: 109755665, Entry date: 04/06/2018
(0)
Rate

How do you rectify the KRACK weak point in the WLAN encryption?

  • Entry
  • Associated product(s)
Information about closing the KRACK security gap of the WLAN adapter of SIMATIC ITP1000 and SIMATIC Field-PG M5

Description
It is currently recommended to use the security standard WPA2 to encrypt WLAN networks. This security standard is vulnerable at a critical weak point.

The safety gap named "KRACK" (Key Reinstallation Attack) uses a design fault in the handshake when the WPA2 connection is established. This might lead to violation of the confidentiality of the WLAN connection. The data transfer based on this in the WLAN might be able to be read by unauthorized third parties.

Validity
The described behavior affects the following SIMATIC devices.

  • SIMATIC ITP1000 with WLAN Adapter: Intel® Dual Band Wireless-AC 8260
  • SIMATIC Field PG M5 with WLAN Adapter: Intel® Dual Band Wireless-AC 7265

The following versions of the WLAN Adapter drivers are affected.

  • Windows 7
     Driver date < 2017-10-16
     Driver version < 19.10.10.2
  • Windows 10
     Driver date < 2017-11-2
     Driver version < 20.10.2.2

Remedy
The safety gap is closed by installing the latest version of the Intel® WLAN driver. Download the latest driver for the WLAN Adapter of your SIMATIC device either from the Intel® Download Center or via Entry ID: 109755666.

Installation of the driver

  1. Uninstall via the Control Panel the WLAN driver currently being used:
    Start -> Control Panel -> Programs and Features -> Intel PROSet/Wireless Software -> Uninstall -> Save settings
  2. Install the new WLAN driver. For this you open the ZIP file downloaded from the link above in the Explorer and start the Autorun.exe program.
  3. Confirm the "User account control" dialog with the "Yes" button.
  4. Read the End User License Agreement and confirm it. Then click the "Install" button.
  5. After completion of the installation the WLAN function is once again available for use. You do not need to do a restart.

Note
Further information about the weak points known as "KRACK Attacks" is available in the associated Siemens Security Advisory SSA-901333.


    Security information
    In order to protect technical infrastructures, systems, machines and networks against cyber threats, it is necessary to implement – and continuously maintain – a holistic, state-of-the-art IT security concept. Siemens’ products and solutions constitute one element of such a concept. For more information about cyber security, please visit
    http://www.siemens.com/industrialsecurity.