Siemens Clears ROX II Vulnerabilities

Wednesday, October 10, 2018 @ 01:10 PM gHale

Siemens has a new version to mitigate improper privilege management vulnerabilities in its ROX II, according to a report with NCCIC.

Successful exploitation of these vulnerabilities could allow valid users to escalate their privileges and execute arbitrary commands.

New Firmware Fixes SCALANCE W1750D
Siemens Fixes SIMATIC S7-1200 CPU Family
Siemens Clears SIMATIC Holes
GE Plugs Hole in iFix

ROX II: All versions prior to v2.12.1 suffer from the remotely exploitable vulnerability, which Siemens self-reported.

In the vulnerability, an attacker with network access to Port 22/TCP and valid low-privileged user credentials for the target device could perform a privilege escalation and gain root privileges.

CVE-2018-13801 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 8.8.

In addition, an authenticated attacker with a high-privileged user account access via SSH interface in on Port 22/TCP could circumvent restrictions and execute arbitrary operating system commands.

CVE-2018-13802 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.2.

The product sees use in the energy, healthcare and public health, and transportation systems sectors. It also sees action on a global basis.

No known public exploits specifically target these vulnerabilities. However, an attacker with low skill level could leverage the vulnerabilities.

Siemens recommends users update to the new version (v2.12.1) as soon as possible.

To reduce risk, Siemens recommends that administrators restrict network access to prevent potential attackers from accessing Port 22/TCP, if possible.

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens’ operational guidelines for industrial security, and following the recommendations in the product manuals.

Click here for additional information on industrial security by Siemens.

For more information on these vulnerabilities and detailed instructions, see Siemens Security Advisory SSA-493830.

Leave a Reply

You must be logged in to post a comment.