Siemens Mitigates SCALANCE Hole

Tuesday, March 12, 2019 @ 05:03 PM gHale

Siemens has a fix and workarounds to mitigate a vulnerability identified in SCALANCE X switches that could allow an attacker to feed information into a network via the mirror port with the monitor barrier feature enabled, according to a report on Siemens ProductCERT.

The monitor barrier implementation in various SCALANCE products does allow traffic to be directed back into the mirroring network. This might allow an attacker to feed back information into the network that is mirrored.

RELATED STORIES
Update to WibuKey Digital Rights Management Holes
Rockwell Patches RSLinx Classic Issue
PSI GridConnect has Fix for Telecontrol
Moxa Clears IKS, EDS Holes

SCALANCE X switches are used to connect industrial components like Programmable Logic Controllers (PLCs) or Human Machine Interfaces (HMIs).

Affected products include:
• Scalance X-200, all versions
• Scalance X-300, all versions
• Scalance XP/XC/XF-200, All versions below V4.1

The monitor barrier of the affected products insufficiently blocks data from being forwarded over the mirror port into the mirrored network. An attacker might use this behavior to transmit malicious packets to systems in the mirrored network, possibly influencing their configuration and runtime behavior.

The security vulnerability could be exploited by an attacker with network access to the traffic-receiving network. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise the confidentiality and availability of the traffic-generating network.

The case number for the vulnerability is CVE-2019-6569, which has a CVSS score of 5.4.
No public exploitation of this security vulnerability was known.

For the Scalance XP/XC/XF-200, All versions below V4.1 issues, users can update to V4.1.

For Scalance X-200 and Scalance X-300, Siemens recommends the following specific workarounds and mitigations that customers can apply to reduce the risk: Apply defense in depth principles, in particular make sure that no devices that transmit data back into the mirroring network are operated within the mirrored network

As a general security measure, Siemens recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens’ operational guidelines for Industrial Security.

Click here for additional information on Industrial Security by Siemens.



Leave a Reply

You must be logged in to post a comment.