Siemens Plugs SCALANCE S Hole

Tuesday, November 13, 2018 @ 08:11 PM gHale

Siemens has a new version available to mitigate a cross-site scripting (XSS) vulnerability in its SCALANCE S, according to a report with NCCIC.

If an attacker tricks a user into clicking a malicious link, the device could allow arbitrary script injection (XSS). Nelson Berg of Applied Risk reported this vulnerability to Siemens.

RELATED STORIES
Siemens Fixes SIMATIC Panels, SIMATIC WinCC
Siemens Mitigates Hole in S7-400 CPUs
Siemens Clears Improper Access Control Hole
Roche Updates Point of Care Fix

Siemens reports the following SCALANCE S products suffer from the remotely exploitable vulnerability:
• SCALANCE S602: All versions prior to v4.0.1.1
• SCALANCE S612: All versions prior to v4.0.1.1
• SCALANCE S623: All versions prior to v4.0.1.1
• SCALANCE S627-2M: All versions prior to v4.0.1.1

In the vulnerability, the device could allow XSS attacks if unsuspecting users click a malicious link. User interaction is required for a successful exploitation. The user must be logged into the web interface in order for the exploitation to succeed.

CVE-2018-16555 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 4.7.

The products see use in multiple sectors including the chemical, communications, critical manufacturing, dams, defense industrial base, energy, good and agriculture, government facilities, transportation systems, and water and wastewater systems. They also see action on a global basis.

No known public exploits specifically target this vulnerability. High skill level is needed to exploit.

Siemens said users should update to Version 4.0.1.1.

Siemens has identified the following specific workarounds and mitigations that users can apply to reduce the risk: Only access links from trusted sources in the browser you use to access the SCALANCE S administration website.

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens’ operational guidelines for industrial security, and following the recommendations in the product manuals.

Click here for additional information on Industrial Security by Siemens.

For more information on this vulnerability and associated software updates, please see Siemens security advisory SSA-242982.



Leave a Reply

You must be logged in to post a comment.