Siemens has an upgrade available to mitigate multiple vulnerabilities in its SCALANCE W1750D, according to a report with NCCIC.
The remotely exploitable vulnerabilities include a command injection, information exposure, and cross-site scripting.
Successful exploitation of these vulnerabilities, which Siemens self-reported, could allow an attacker to execute arbitrary commands within the underlying operating system, discover sensitive information, take administrative actions on the device, or expose session cookies for an administrative session.
A direct access point, all versions of W1750D prior to 22.214.171.124 are vulnerable.
In one vulnerability, an unauthenticated user with access to the web interface can execute arbitrary system commands within the underlying operating system, which may allow the attacker to copy files, read configuration, write files, delete files, or reboot the device.
CVE-2018-7084 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 9.8.
In addition, an unauthenticated attacker can access core dumps of previously crashed processes through the web interface of the device, which may allow disclosure of sensitive information.
CVE-2018-7083 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.5.
Also, an unauthenticated user may retrieve recently cached configuration commands by sending a crafted URL to the web interface of an affected device, which may allow disclosure of sensitive information.
CVE-2018-16417 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.5.
In another issue, an authenticated administrative user can execute arbitrary commands on the underlying operating system.
CVE-2018-7082 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.2.
In addition, if an attacker can trick an administrator into clicking a link, they could then take administrative actions on the device or expose a session cookie for an administrative session.
CVE-2018-7064 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 6.4.
The product sees use in the chemical, energy, food and agriculture, healthcare and public health, transportation systems, and water and wastewater systems sectors. It also sees action on a global basis.
No known public exploits specifically target these vulnerabilities. However, an attacker with low skill level could leverage the vulnerabilities.
Siemens recommends users upgrade to Version 126.96.36.199 or later.
Siemens identified the following specific workarounds and mitigations that users can apply:
• Restrict access to the web-based management interface to the internal or VPN network
• Do not browse other websites and do not click on external links while being authenticated to the administrative web interface
• Apply appropriate strategies for mitigation
As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens’ operational guidelines for industrial security, and following the recommendations in the product manuals.
Click here for additional information on Industrial Security by Siemens.
For more information on these vulnerabilities and associated software updates, see Siemens security advisory SSA-549547.