Siemens reported to ICS-CERT an incorrect certificate verification in RuggedCom ROX based devices.
Siemens is working on a firmware update for the remotely exploitable vulnerability.
The following Siemens RuggedCom ROX-based devices suffer from the issue:
• ROX version 1.16, and
• ROX version 2.2 through 2.5
In RuggedCom ROX-based devices, GnuTLS sees use for client certificate verification. Because GnuTLS is vulnerable to an incorrect error handling issue within this function, an attacker would be able to perform man-in-the-middle attacks.
Munich-Germany-based Siemens has offices all over the world. It develops products mainly in the energy, healthcare and public health sectors, and transportation systems.
The affected products, RuggedCom switches and serial-to-Ethernet devices, connect devices that operate in harsh environments such as electric utility substations and traffic control cabinets.
ROX-based Ruggedcom devices use GnuTLS libraries to enable secure communication. GnuTLS suffers from incorrect error handling in certificate verification, which could allow man in-the-middle attacks, and this may affect multiple services in these devices.
The following client-side services use GnuTLS libraries:
• Secure Syslog (only affects ROX Version 1.16)
• Software upgrades with HTTPS-based connections. Nonsecure connections do not have the issue. (Only affects ROX Versions 2.4 and 2.5)
• FTPS (only affects ROX versions from v2.2 through v2.5 inclusive)
CVE-2014-0092 is the case number assigned to this vulnerability, which has a CVSS v2 base score of 5.8.
No known public exploits specifically target this vulnerability and an attacker with a moderate skill would be able to exploit this vulnerability.
Siemens is working on a firmware update to resolve this vulnerability. In the mean time, Siemens recommends using alternate services (e.g., SFTP) to secure communication. In cases where these alternative services are not viable, Siemens recommends ensuring data transfers only over trusted networks.
Siemens recommends the following for the affected services:
• Secure Syslog: Siemens recommends placing the syslog server inside the trusted network boundary until a corrected update is available.
• Software upgrade: When updating devices running the affected ROX versions, the identity of the update server is not verifiable. Siemens recommends placing the upgrade server inside the trusted network boundary.
• FTPS: Siemens recommends using SFTP for data transfer until a corrected update is available.
For more information, click on Siemens advisory SSA-839231.