Siemens Clears RUGGEDCOM ROX I Issues

Wednesday, March 29, 2017 @ 12:03 PM gHale


Siemens mitigated a series of vulnerabilities in its RUGGEDCOM ROX I product line, according to a report with ICS-CERT.

The remotely exploitable vulnerability, which Maxim Rupp discovered and reported directly to Siemens, affects all versions of RUGGEDCOM ROX I.

RELATED STORIES
3S-Smart Software Solutions Patches Holes
BD Updates Hard-Coded Password Issue
LCDS Fixes Path Traversal Hole
Siemens Updates SIMATIC Fixes

These devices, affected by improper authorization, cross-site scripting, and cross-site request forgery vulnerabilities, could potentially allow attackers to perform actions with administrative privileges.

In an improper authorization vulnerability, an authenticated user could read arbitrary files through the web interface at Port 10000/TCP and access sensitive information.

CVE-2017-2686 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 6.5.

In the cross-site scripting hole, the integrated web server at Port 10000/TCP is prone to reflected cross-site scripting attacks if an unsuspecting user clicks on a malicious link.

CVE-2017-2687 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 6.1.

In the cross-site request forgery issue, the integrated web server at Port 10000/TCP could allow remote attackers to perform actions with the privileges of an authenticated user, provided the targeted user has an active session and clicks on a malicious link or visits a malicious web site.

CVE-2017-2688 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.6.

In the improper authorization vulnerability, an authenticated user could bypass access restrictions in the web interface at Port 10000/TCP to obtain privileged file system access or change configuration settings.

CVE-2017-2689 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 8.8.

In another cross-site scripting issue, the integrated web server at Port 10000/TCP could allow an authenticated user to perform stored cross-site scripting attacks.

CVE-2017-6864 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 6.4.

The product sees use mainly in the energy, healthcare and transportation sectors. It also sees action on a global basis.

No known public exploits specifically target these vulnerabilities. However, an attacker with low skill level could leverage the vulnerabilities.

Siemens recommends the following mitigations:
• Use the mitigation tool and follow the application note to disable the web interface and disable guest and operator accounts. The ROX I mitigation tool application is on the Siemens support web site.
• Restrict access to trusted administrators only
• Apply cell protection concept
• Use VPN for protecting network communication between cells
• Apply Defense-in-Depth

The mitigation tool for the affected ROX I-based products can end up obtained from Siemens by doing one of the following:
• Submit a support request online
• Call a local hotline center

As a general security measure Siemens recommends protecting network access to the web interface at Port 10000/TCP of ROX I-based devices with appropriate mechanisms and configuring the environment according to Siemens’ operational guidelines in order to run the devices in a protected IT environment.

For more information on these vulnerabilities and detailed instructions, see Siemens Security Advisory SSA-327980.



Leave a Reply

You must be logged in to post a comment.