Siemens Default Password Hole

Thursday, August 2, 2012 @ 06:08 PM gHale


A default password vulnerability exists in the Siemens Synco OZW Web Server device used for building automation systems. Siemens urges their customers to set a secure password on their device’s web interface as an attacker could exploit this hole remotely.

The vulnerability affects the following Synco models:
• OZW775
• OZW672.01, OZW672.04, OZW672.16
• OZW772.01, OZW772.04, OZW772.16, OZW772.250.

RELATED STORIES
Software Providers Suffer Vulnerabilities
Fixes for Sielco Sistemi Holes
Hot Fix for ICONICS Zero Day
Siemens SIMATIC DoS Holes

An attacker could use the default password in these devices to gain unauthorized administrative access to the building automation network, according to a report on ICS-CERT.

Siemens Synco OZW devices see use for remote operation and monitoring of building automation devices.

Siemens Synco OZW devices ship with a default password protecting administrative functions. The installation procedure does not enforce a password change. This leaves a potential security gap in the asset owner/operator’s network. CVE-2012-3020 is the number assigned to this vulnerability, which has a CVSS v2 base score of 9.0.

An attacker with a low-skill level could exploit these vulnerabilities.

Siemens released a firmware update (Version 4) for the OZW672 and OZW772 devices that enforces a password change at initial login. Users may upgrade to this firmware version, but this is not a requirement to change the default password on existing devices. Siemens urges users to set a secure password on the web interface for all network devices.



Leave a Reply

You must be logged in to post a comment.