Siemens SCALANCE S613 DoS Hole
Wednesday, April 13, 2016 @ 09:04 AM gHale
Siemens identified a resource exhaustion vulnerability that causes a denial-of-service (DoS) condition in the SCALANCE S613 device, according to a report on ICS-CERT.
Siemens recommends customers contact Siemens customer support in order to obtain advice on a solution for the customer’s specific environment.
The following Siemens SCALANCE versions suffer from the remotely exploitable vulnerability: SCALANCE S613 (MLFB: 6GK5613-0BA00-2AA3): All versions.
An attacker exploiting this vulnerability can cause the device to enter a state that requires a manual reboot to recover.
Siemens is a multinational company headquartered in Munich, Germany.
The affected product, Siemens SCALANCE firewall, sees use to protect trusted industrial networks from untrusted networks. It allows filtering of incoming and outgoing network connections in different ways.
Siemens SCALANCE deploys across several sectors including chemical, critical manufacturing, defense industrial base, energy, transportation systems, and water and wastewater systems. Siemens estimates this product sees use on a global basis.
Certain legitimate messages sent to Port 443/TCP could cause a denial-of-service condition affecting the integrated web server of affected devices. A manual reboot ends up needed to recover the web server of the device.
CVE-2016-3963 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 5.3.
No known public exploits specifically target this vulnerability. However, an attacker with a low skill would be able to exploit this vulnerability.
Siemens recommends email contact Siemens Customer Support in order to obtain advice on a solution for the customer’s specific environment.
For more information on this vulnerability and more detailed mitigation instructions, see Siemens Security Advisory SSA-751155.