Siemens Clears TeleControl Holes

Tuesday, January 30, 2018 @ 04:01 PM gHale


Siemens has an updated version to mitigate multiple vulnerabilities in its TeleControl Server Basic product, according to a report with ICS-CERT.

The remotely exploitable vulnerabilities, which Siemens self-reported, are an authentication bypass using an alternate path or channel, permissions, privileges, and access controls, resource exhaustion.

RELATED STORIES
Phoenix Contact Clears mGuard Hole
ICS Spectre, Meltdown Update
Siemens Updates its Desigo PXC Line
Holes in Nari’s PCS-9611

A monitoring platform TeleControl Server Basic versions prior to V3.1 suffer from the issues.

Successful exploitation of these vulnerabilities could allow for escalation of privileges to perform administrative actions.

No known public exploits specifically target these vulnerabilities. However, an attacker with low skill level would be able to leverage the vulnerabilities.

In one vulnerability, an attacker with network access to Port 8000/TCP could bypass the authentication mechanism gaining access to limited information.

CVE-2018-4835 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 5.3.

In addition, an authenticated attacker with network access to Port 8000/TCP could escalate privileges and perform administrative operations.

CVE-2018-4836 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 8.8.

Also, an attacker with access to the TeleControl Server Basic’s webserver (Ports 80/TCP or 443/TCP) could cause a Denial of Service (DoS) condition on the web server. The remaining functionality of the TeleControl Server Basic is not affected by the DoS condition.

CVE-2018-4837 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 5.3.

The product sees use mainly in the critical manufacturing sector. It also sees action on a global basis.

Siemens recommends users install the latest version of TeleControl Server Basic.

Siemens also identified other mitigations that affected users can take:
• If TeleControl Server Basic is operated in standalone mode, then users can close Port 8000/TCP on the Windows firewall to mitigate vulnerabilities CVE-2018-4835 and CVE-2018-4836
• If TeleControl Server Basic is operated in redundancy mode, then users can use the Windows firewall to restrict access to Port 8000/TCP to the second TeleControl Server Basics’ IP address to mitigate vulnerabilities CVE-2018-4835 and CVE-2018-4836
• Users can use the Windows firewall to close Ports 80/TCP and 443/TCP to mitigate vulnerability CVE-2018-4837

For more information on these vulnerabilities and more detailed mitigation instructions, please see Siemens Security Advisory SSA-65145.



Leave a Reply

You must be logged in to post a comment.