Siemens Fixes SCALANCE Hole

Wednesday, February 4, 2015 @ 01:02 PM gHale

Siemens created an update that mitigates a user impersonation vulnerability in its SCALANCE X-200IRT Switch Family, according to a report on ICS-CERT.

The SCALANCE X-200IRT switch family, all versions prior to V5.2.0, suffers from the remotely exploitable vulnerability.

HART DTM Vulnerability a Small Risk
Honeywell Updates HART DTM Vulnerability
Schneider Mitigates Buffer Overflow
Magnetrol Integrates HART DTM Update

This vulnerability could allow an attacker to impersonate legitimate users of the web interface.

Siemens is a multinational company headquartered in Munich, Germany.

SCALANCE-X switches connect industrial components like PLCs or HMIs. The switches offer a web interface to enable users to change the configuration using a common web browser, as well as an FTP server to download and upload configuration and firmware files. According to Siemens, these devices deploy across most sectors including chemical, communications, critical manufacturing, dams, defense industrial base, energy, food and agriculture, government facilities, transportation systems, and water and wastewater systems. Siemens estimates see action worldwide.

The device’s web server could allow unauthenticated attackers to impersonate legitimate users of the web interface (Port 80/TCP and Port 443/TCP) if an active web session of an authenticated user exists at the time of attack.

CVE- 2015-1049 is the case number assigned to this vulnerability, which has a CVSS v2 base score of 6.8.

No known public exploits specifically target this vulnerability. An attacker with a medium skill would be able to exploit this vulnerability.

Siemens provides firmware update V 5.2.0, which fixes the vulnerabilities, and recommends updating as soon as possible.

Siemens recommends protecting network access to the web interface of SCALANCE X 200IRT switches by appropriate mechanisms. Users should follow recommended security practices and configure the environment according to operational guidelines in order to run the devices in a protected IT environment. Click here for Siemens operational guidelines.

For more information on these vulnerabilities and detailed instructions, click here for Siemens Security Advisory SSA-954136.

Leave a Reply

You must be logged in to post a comment.