Siemens has a mitigation plan in place to handle an improper input validation in its SCALANCE X Switches, according to a report with NCCIC.
Successful exploitation of this remotely exploitable vulnerability, which Siemens self-reported, could allow an attacker with network access to the device to cause a denial-of-service condition. Public exploits are available. In addition, an attacker with low skill level could leverage the vulnerability.
The following versions of SCALANCE X Switches, which are used to connect industrial components like programmable logic controllers (PLCs) or human machine interfaces (HMIs), are affected:
• SCALANCE X300: All versions prior to 4.0.0
• SCALANCE X408: All versions prior to 4.0.0
• SCALANCE X414: All versions
In the vulnerability, the web interface on Port 443/TCP could allow an attacker to cause a denial-of-service condition by sending specially crafted packets to the web server. The device will automatically reboot, impacting network availability for other devices.
An attacker must have network access to Port 443/TCP to exploit the vulnerability. Neither valid credentials nor interaction by a legitimate user are required to exploit the vulnerability. There is no confidentiality or integrity impact, availability is only temporarily impacted.
This vulnerability could be exploited by publicly available tools.
CVE-2018-13807 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 8.6.
The product sees use in the chemical, energy, food and agriculture, and water and wastewater systems sectors. The product sees action on a global basis.
Siemens provides updates for SCALANCE X300, and SCALANCE X408, and provides mitigations for the SCALANCE X414.
• SCALANCE X300: Update to Version 4.1.2
• SCALANCE X408: Update to Version 4.1.2
• SCALANCE X424: Siemens has identified the following specific workarounds and mitigations that users can apply to reduce the risk:
1. Protect network access to the integrated web server on Port 443/TCP with appropriate mechanisms.
2. Restrict network access to Port 443/TCP to trusted IP addresses, and avoid running vulnerability scanning tools from trusted IP addresses on affected devices.
As a general security measure, Siemens recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens’ operational guidelines for Industrial Security, and to follow the recommendations in the product manuals.
Click here for additional information on industrial security by Siemens.
For more information on this vulnerability and associated software updates, see Siemens security advisory SSA-447396.