Siemens Clears Data Manager Hole

Thursday, October 5, 2017 @ 04:10 PM gHale

Siemens released new firmware to mitigate an authentication bypass using an alternative path or channel vulnerability in its 7KT PAC1200 data manager, according to a report with ICS-CERT.

All versions of the 7KT PAC1200 data manager prior to V2.03 suffer from the remotely exploitable vulnerability discovered by Maxim Rupp who sent it directly to Siemens.

Siemens Updates OPC Vulnerability
Siemens Fills Ruggedcom, SCALANCE Hole
Schneider Patches InduSoft Hole

Successful exploitation of this vulnerability could allow an attacker to bypass authentication mechanisms and perform administrative functions.

No known public exploits specifically target this vulnerability. However, an attacker with low skill level could leverage the vulnerability.

In the vulnerability, the integrated web server (Port 80/TCP) of the affected devices could allow an unauthenticated remote attacker to perform administrative operations over the network.

CVE-2017-9944 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 9.8.

The product mainly sees action in the energy sector on a global basis.

Siemens provides firmware Version V2.03 for 7KT PAC1200 data manager (7KT1260) from the SENTRON portfolio, which fixes the vulnerability and recommends users update to the new fixed version. The firmware update V2.0.3 for 7KT PAC1200 data manager (7KT1260) from the SENTRON portfolio can be found on the Siemens web site.

As a general security measure, Siemens recommends protecting network access to the devices with appropriate mechanisms. Siemens advises configuring the environment according to Siemens operational guidelines in order to run the devices in a protected IT environment.

For more information on this vulnerability and more detailed mitigation instructions, see Siemens Security Advisory SSA-971654.

Leave a Reply

You must be logged in to post a comment.