Siemens Updates Switch Vulnerabilities

Tuesday, January 20, 2015 @ 06:01 PM gHale


Siemens created as firmware update that mitigates denial-of-service (DoS) vulnerabilities in the SCALANCE X-300/X408 switch family, according to a report on ICS- CERT.

These remotely exploitable vulnerabilities ended up reported directly to Siemens by Déjà vu Security.

RELATED STORIES
Schneider Fixes HMI Gateway Holes
GE Updates CimView Application
GPS Clock Spoofing Vulnerability
Upgraded GE Switches Fix Vulnerabilities

The following Siemens SCALANCE switches suffer from the issue:
• SCALANCE X-300 switch family: All versions prior to V4.0
• SCALANCE X408: All versions prior to V4.0

Alternatively, users may be able to identify the affected products by using their machine-readable product designation (MLFB). A full list of the affected MLFBs are in Siemens Security Advisory SSA-321046.

Exploitation of these vulnerabilities may cause the target device to reboot. No packets forward to connected devices until the reboot completes.

Siemens is an international company headquartered in Munich, Germany.

SCALANCE-X switches connect industrial components like PLCs or HMIs. The switches offer a web interface to enable users to change the configuration using a common web browser, as well as a FTP server to download and upload configuration and firmware files. According to Siemens, these devices deployed across most sectors including chemical, communications, critical manufacturing, dams, defense industrial base, energy, food and agriculture, government facilities, transportation systems, and water and wastewater systems. Siemens said these products see use globally.

The web server of the affected switches could allow unauthenticated users to cause a device to reboot if malformed HTTP requests end up sent to the web server (Port 80/TCP or Port 443/TCP). To achieve this, an attacker must be able to reach the HTTP interface over the network. No packets forward to connected devices until the reboot completes.

CVE-2014-8478 is the case number assigned to this vulnerability, which has a CVSS v2 base score of 7.8.

The FTP server of the affected switches could allow authenticated users to cause a device reboot if specially crafted network packets send out to the FTP server (Port 21/TCP). No packets forward to connected devices until the reboot completes.

CVE-2014-8479 is the case number assigned to this vulnerability, which has a CVSS v2 base score of 6.8.

No known public exploits specifically target these vulnerabilities. An attacker with a low skill would be able to exploit these vulnerabilities.

Siemens provides firmware update V4.0, which fixes the vulnerabilities, and recommends updating as soon as possible.

Siemens also recommends protecting network access to all products except for perimeter devices with appropriate mechanisms. Siemens advises users to follow recommended security practices and to configure the environment according to operational guidelines in order to run the devices in a protected IT environment. Click here for Siemens operational guidelines.

For more information on these vulnerabilities and detailed instructions, click on Siemens Security Advisory SSA-321046.



Leave a Reply

You must be logged in to post a comment.