Hirschmann’s Mitigation Plan for Platform Switches

Tuesday, March 6, 2018 @ 05:03 PM gHale

Hirschmann Automation and Control GmbH, a division of Belden Inc., has a mitigation plan to handle multiple vulnerabilities in its Classic Platform Switches, according to a report with ICS-CERT.

The remotely exploitable vulnerabilities include a session fixation, information exposure through query strings in GET request, cleartext transmission of sensitive information, inadequate encryption strength and improper restriction of excessive authentication attempts.

RELATED STORIES
Schneider Updates SoMove, DTM Software
ICS Spectre, Meltdown Update Part IV
Delta Electronics Clears DOPSoft Hole
Moxa Fixes OnCell G3100-HSPA Series

Hirschmann said the vulnerabilities, discovered by Ilya Karpov, Evgeniy Druzhinin, Mikhail Tsvetkov, and Damir Zainullin of Positive Technologies, affect the following Classic Platform Switches products:
• RS all versions
• RSR all versions
• RSB all versions
• MACH100 all versions
• MACH1000 all versions
• MACH4000 all versions
• MS all versions
• OCTOPUS all versions

Successful exploitation of these vulnerabilities could allow the attacker to hijack web sessions, impersonate a legitimate user, receive sensitive information, and gain access to the device.

No known public exploits specifically target these vulnerabilities. An attacker with high skill level could leverage the vulnerabilities.

A session fixation vulnerability in the web interface has been identified, which may allow an attacker to hijack web sessions.

CVE-2018-5465 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.5.

In addition, an information exposure through query strings vulnerability in the web interface has been identified, which may allow an attacker to impersonate a legitimate user.

CVE-2018-5467 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 4.2.

Also, a cleartext transmission of sensitive information vulnerability in the web interface has been identified, which may allow an attacker to obtain sensitive information through a successful man-in-the-middle attack.

CVE-2018-5471 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 5.3.

In addition, an inadequate encryption strength vulnerability in the web interface has been identified, which may allow an attacker to obtain sensitive information through a successful man-in-the-middle attack.

CVE-2018-5461 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 6.5.

Also, an improper restriction of excessive authentication vulnerability in the web interface has been identified, which may allow an attacker to brute force authentication.

CVE-2018-5469 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.5.

The products see use in multiple sectors and on a global basis,

Hirschmann recommends users restrict access to remote management access and apply the following mitigation strategies:
• Disable HTTP for remote management access
• Use the secure HTTPS or SSH protocols for remote management access
• Use of complex user passwords
• Use the “Restricted Management Access” feature to restrict access to known IP addresses
• Disable remote management access when not in use



Leave a Reply

You must be logged in to post a comment.