ICS-CERT Publishes New Siemens Advisory

Yesterday the DHS ICS-CERT published an advisory for the Siemens SCALANCE X-200 switches concerning an authentication bypass vulnerability that was apparently self-identified. This advisory had previously been published on the US-CERT secure portal to allow owners an opportunity to correct the vulnerability prior to public disclosure.

The Advisories

ICS-CERT reports that a relatively low skilled attacker could remotely exploit this vulnerability to ‘perform administrative operations’ over the network.

The Siemens ProductCERT advisory noted that this vulnerability had been corrected in earlier firmware updates that were published to correct reported vulnerabilities in the X-200 and X-200IRT switch families. Both advisories recommend any users that had not previously upgraded to do so now.

Federal Shutdown Communications

It appears that communications between Siemens and ICS-CERT may have been adversely impacted by the current shut down. The same day that ICS-CERT published their initial advisory on the US-CERT secure portal the Siemens ProductCERT published their advisory on their open web page. I’m pretty sure that if ICS-CERT had understood that Siemens was publishing their advisory in an open forum then ICS-CERT would not have made their initial distribution to just the limited number of folks with access to the US-CERT secure portal.

I generally applaud the early publication of these advisories to limited distribution (and recommend that all ICS owners register for and regularly check that secure portal via the Homeland Security Information Network- HSIN) to allow owners the earliest opportunity to correct the vulnerabilities before they are made public. Of course, it does no good to do this is the vendor is already making the vulnerability public knowledge.