Today the DHS ICS-CERT published an alert concerning two vulnerabilities in the Siemens Scalence switch family. Siemens ProductCERT self-reported these two vulnerabilities. The vulnerabilities are:
• Privilege escalation vulnerability - CVE-2013-3633; and
• Input validation vulnerability - CVE-2013-3634
NOTE: Since these vulnerabilities were reported to the US-CERT National Vulnerability Database last Friday the CVE links above are already active. The long weekend is the apparent reason for the delay in the ICS-CERT Advisory.
ICS-CERT reports that a relatively unskilled attacker could remotely exploit these vulnerabilities to execute arbitrary commands or execute a denial of service attack. Siemens notes that the attacker must have network access to exploit both vulnerabilities and specific device access for the second.
The advisory notes that Siemens has provided a firmware update for the affected devices that mitigates both vulnerabilities. Siemens also notes (pg 2 of Siemens Advisory) that for the second vulnerability there is an additional workaround available to mitigate the vulnerability; the device owner can “either disable SNMP or to completely disable any read-write access”.