Today the DHS ICS-CERT published two control system advisories from products from Siemens. Both advisories are related to system communications services. The affected products are Ruggedcom WIN devices and SCALANCE-X switches.
This advisory describes multiple vulnerabilities in Ruggedcom WIN devices. The vulnerabilities were reported by IOActive in a coordinated disclosure. Siemens has produced firmware updates that mitigate these vulnerabilities but there is no indication that IOActive has confirmed the efficacy of those updates.
The vulnerabilities are:
● Improper authentication - CVE- 2015-1448;
● Buffer overflow - CVE- 2015-1449; and
● Storing passwords in a recoverable format - CVE- 2015-1357
ICS-CERT reports that a relatively unskilled attacker with network access to the devices could exploit these vulnerabilities to perform administrative actions over the network or execute arbitrary code. The Siemens advisory notes that an attacker must be able to access the log files to exploit the third vulnerability.
This advisory describes an apparently self-reported user impersonation vulnerability in the SCALANCE X-200IRT Switch Family. Siemens has developed a firmware update that mitigates the vulnerability.
ICS-CERT reports that a moderately skilled attacker could remotely exploit this vulnerability to impersonate a legitimate user on the system. The Siemens advisory notes that a successful exploit requires network access while a legitimate user is signed into the switches’ web interface.
NOTE: It is taking much less time for the CVE links in the ICS-CERT advisories to point to active pages. It used to take a day or two (business days). The CVE’s in both advisories were active this evening. That may be because they were originated yesterday. Still it is nice to see live links being provided instead of early links.