RuggedCom ROS Fixes POODLE

Wednesday, July 22, 2015 @ 11:07 AM gHale

Siemens created an update to mitigate a Transport Layer Security (TLS) Padding Oracle On Downgraded Legacy Encryption (POODLE) vulnerability that exists in the web interface in its RuggedCom ROS and ROX-based devices, according to a report on ICS-CERT.

The following Siemens RuggedCom ROS versions suffer from the remotely exploitable vulnerability:
• RuggedCom devices with ROS: All firmware versions prior to v4.2.0
• RuggedCom devices with ROX: All firmware versions prior to v2.6.3

Mitigation Plan for Infusion System Hole
Eaton Fixes Power System Hole
Siemens Fixes Authentication Bypass Hole
Siemens Fixes XSS Vulnerability

Successful exploitation of this vulnerability may allow attackers to hijack an active web session and access administrative functions on the devices without proper authorization or allow unprivileged users to perform privilege escalation.

The affected products, Siemens RuggedCom ROS and ROX-based devices, end up used to connect devices that operate in harsh environments such as electric utility substations and traffic control cabinets. RuggedCom ROS and ROX-based devices see action across several sectors including energy, healthcare and public health, and transportation systems. Siemens said these products see use worldwide.

The web interface (Port 443/TCP) of the affected devices is vulnerable to a padding oracle attack (also known as TLS POODLE). A remote attacker in a privileged network position could possibly recover parts of the plain text if unsuspecting users click on a malicious link.

CVE-2015-5537 is the case number assigned to this vulnerability, which has a CVSS v2 base score of 4.3.

Exploitation of this vulnerability could allow remote attackers to recover parts of the plaintext of an encrypted connection under certain circumstances. This vulnerability can end up staged remotely but and attacker cannot exploit it without user interaction. The exploit only triggers when a local user voluntarily interacts with the attack mechanism.

No known public exploits specifically target this vulnerability. Crafting a working exploit for this vulnerability would be difficult. Social engineering would be mandatory to convince the user to accept the malformed file. Additional user interaction would have to take place for the user to load the malformed file. This decreases the likelihood of a successful exploit.

Siemens produced a firmware update v4.2.0 for ROS-based devices, which fixes the vulnerability.

Click here to download the update.

Asset owners and operators should contact Siemens customer support to acquire the update. For more information on this vulnerability and detailed instructions, click on the Siemens Security Advisory SSA-396873.