Siemens Fixes XSS Vulnerability

Friday, June 26, 2015 @ 02:06 PM gHale

Siemens created firmware that mitigates a cross-site scripting (XSS) vulnerability in its Climatix BACnet/IP communication module, according to a report on ICS-CERT.

This remotely exploitable vulnerability ended up reported directly to Siemens by Juan Francisco Bolivar Hernandez.

PACTware Fixes Exceptional Conditions Hole
Wind River Patches TCP Predictability Hole
Wonderware Patches Vulnerability
GarrettCom Plugs Magnum Holes

Climatix BACnet/IP communication module: All versions prior to V10.34 suffers from the issue.

An attacker using this vulnerability to exploit a system may be able to affect the integrity of the data on the system.

BACnet/IP communication modules help integrate controller types POL6XX of the Climatix family into BACnet networks. These devices see use across several sectors including commercial facilities, according to Munich, Germany-based Siemens. Siemens estimates these products see action primarily in the United States and Europe with a small percentage in Asia.

The integrated web server (Port 80/TCP) of the affected devices could allow cross-site scripting attacks if unsuspecting users end up tricked into accessing a malicious link.

CVE-2015-4174 is the case number assigned to this vulnerability, which has a CVSS v2 base score of 4.3.

No known public exploits specifically target this vulnerability. An attacker with medium skill would be able to exploit this vulnerability.

Siemens provides firmware update Climatix BACnet/IP communication module V10.34 to fix the vulnerability. Registered users can obtain the firmware update.

The new firmware update includes further security improvements (e.g., web server authentication enabled by default), and Siemens recommends all users update to this new release. For further information please see the release notes of firmware version V10.34.

As a general security measure, Siemens recommends to protect network access to the Climatix BACnet/IP communication module with appropriate mechanisms.

For more information on this vulnerability and more detailed mitigation instructions, click on Siemens Security Advisory SSA-142512.