Siemens Beats the BEAST

Wednesday, April 9, 2014 @ 04:04 PM gHale

Siemens produced an update that mitigates a BEAST (Browser Exploit Against SSL/TLS) attack vulnerability in its Ruggedcom WIN products, according to a report on ICS-CERT.

This remotely exploitable vulnerability originally came directly to Siemens ProductCERT from Dan Frein and Paul Cotter of West Monroe Partners.

Advantech Fixes WebAccess Vulnerabilities
Schneider Patches OPC Buffer Overflow
Siemens ROS Improper Input Validation
Schneider Modbus Driver Buffer Overflow

The following Siemens Ruggedcom WIN product lines suffer from the issue:
• WIN7000: all versions prior to v4.4,
• WIN7200: all versions prior to v4.4,
• WIN5100: all versions prior to v4.4, and
• WIN5200: all versions prior to v4.4.

An attacker who successfully exploits a system using this vulnerability may be able to access the session ID of the user’s current web session. If combined with a social engineering attack, the attacker may be able to read traffic exchanged between the user and the device.

Siemens is a multinational company headquartered in Munich, Germany. The Ruggedcom WIN product line is a family of products compliant with the WiMAX 802.16e Wave 2 mobile broadband wireless standard. The product family includes a variety of base stations and subscriber stations. Siemens estimates these products end up used primarily in the United States and Europe with a small percentage in Asia.

The SSL/TLS secured web interface of the affected products is vulnerable to the BEAST attack. As it uses SSL libraries, which are not compatible with 1/n-1 record splitting, some newer browser versions are not able to connect to the web interface.

CVE-2011-3389 is the case number assigned to this vulnerability, which has a CVSS v2 base score of 4.3.

No known public exploits specifically target this vulnerability. However, an attacker with a moderate skill level would be able to exploit this vulnerability.

Siemens has provided a firmware update (Ruggedcom WIN v4.4) that supports the mitigation technique and recommends customers to update to this version. The update does not fix the BEAST vulnerability itself. After the update, it is possible for users to securely access the web interface with current version browsers, as the mitigation for the BEAST attack is within the browser code.

For more information on this vulnerability and detailed instructions, click on the Siemens Security Advisory SSA-353456.

Leave a Reply

You must be logged in to post a comment.