Siemens created a software update to fix multiple vulnerabilities in the Siemens Scalance W-7xx product family and reported them to ICS-CERT, according to a report on ICS-CERT.
Siemens tested the software update to validate that it resolves the remotely exploitable vulnerabilities. Exploitation of these vulnerabilities could allow a man-in-the-middle attack or the ability to gain complete control of the system.
Firmware Version V4.5.4 and earlier suffer from the issue for the following Siemens Scalance W-7xx product family supporting IEEE 802.11a/b/g:
• SCALANCE W744-1, W746-1, W747-1
• SCALANCE W744-1PRO, W746-1PRO, W747-1RR
• SCALANCE W784-1, W784-1RR
• SCALANCE W786-1PRO, W786-2PRO, W786-3PRO, W786-2RR
• SCALANCE W788-1PRO, W788-2PRO, W788-1RR, W788-2RR
The affected products may end up identified by using their MLFB. Products with the following MLFBs suffer from the issue (“x” represents a wild-card symbol):
• 6GK5 7xx-xAxx0-xAx0
• 6GK5 7xx-xBxx0-xAx0
• 6GK5 746-1AA60-4BA0
Siemens is a multinational company headquartered in Munich, Germany. The affected products, Siemens Scalance W7xx product family, are wireless communication devices that are for noncritical communication and process-critical data. Siemens develops products mainly in the energy, transportation, and healthcare sectors. The devices see use where users require mobility of machines and parts, or cable installation is not practical.
The Siemens Scalance W-7xx product family uses a hard-coded SSL certificate for secure communication with the management Web interface (HTTPS). It is not possible to change this certificate using the management Web interfaces. This could allow the attacker to perform man in-the-middle attacks.
CVE-2013-4651 is the number assigned to this vulnerability, which has a CVSS v2 base score of 6.6.
The Siemens Scalance W-7xx product family has implemented a command-line based management interface that contains a vulnerability allowing attackers to gain complete system access over the network without authentication. This affects protocols SSH (Port 22/TCP) and telnet (Port 23/TCP).
CVE-2013-4652 is the number assigned to this vulnerability, which has a CVSS v2 base score of 10.0.
No known public exploits specifically target these vulnerabilities and an attacker with a low to high skill would be able to exploit these vulnerabilities.
Siemens produced a software update that resolves these vulnerabilities. The update applies to all versions of Scalance. Siemens recommends asset owners and operators contact Siemens customer support to acquire the update.
Click here for Siemens update information.
Click here for Siemens security advisory.