Siemens SCALANCE Vulnerabilities

Wednesday, May 29, 2013 @ 04:05 PM gHale


Siemens created a firmware upgrade that mitigates two privilege escalation vulnerabilities in SCALANCE X200 IRT switch devices, according to a report on ICS-CERT.

These vulnerabilities, discovered by Siemens ProductCERT, could suffer from remote exploitation.

RELATED STORIES
3S Fixes Gateway Bug
Mitsubishi ActiveX Vulnerability
TURCK Fixes Gateway Bugs
Wonderware Mitigates Server Holes

The vulnerabilities affect the following versions of SCALANCE:
• SCALANCE X204IRT versions < V5.1.0 • SCALANCE X204IRT PRO versions < V5.1.0 • SCALANCE X202-2IRT versions < V5.1.0 • SCALANCE X202-2P IRT versions < V5.1.0 • SCALANCE X202-2P IRT PRO versions < V5.1.0 • SCALANCE X201-3P IRT versions < V5.1.0 • SCALANCE X201-3P IRT PRO versions < V5.1.0 • SCALANCE X200-4P IRT versions < V5.1.0 • SCALANCE XF204IRT versions < V5.1.0 Successful exploitation of these vulnerabilities could allow an attacker to escalate his privileges within the Web interface. Users with administrator privileges can change configuration of the switches. SCALANCE X Industrial Ethernet switches are industrial-grade Ethernet switches used to connect networked industrial components. This product line provides a Web interface to manage the switch configuration. SCALANCE X sees use in the agriculture and food, critical manufacturing, government facilities, dams, transportation systems, water, chemical, defense industrial base, energy, and communications sectors. The user privileges for the Web interface are on the client side and not properly verified on the server side. Therefore, an attacker is able to execute privileged commands using an unprivileged account. CVE-2013-3633 is the numbers assigned to this vulnerability, which has a CVSS v2 base score of 8.0. The implementation of SNMPv3 does not check the user credentials sufficiently. Therefore, an attacker is able to execute SNMP commands via Port 161/UDP without correct credentials. CVE-2013-3634 is the number assigned to this vulnerability, which has a CVSS v2 base score of 7.5. No known public exploits specifically target these vulnerabilities, however, an attacker with a low skill would be able to exploit these vulnerabilities. Siemens provided a firmware update, SCALANCE X-200IRT V5.1.0, which fixes both vulnerabilities. If it is not possible to install the firmware update, a workaround for the SNMP vulnerability is to either disable SNMP or completely disable any read-write access.



Leave a Reply

You must be logged in to post a comment.