Siemens updated mitigations it set up for resource exhaustion and improper restriction of operations within the bounds of a memory buffer vulnerabilities in its SCALANCE W1750D, M800, and S615, according to a report with ICS-CERT.
Successful exploitation of these remotely exploitable vulnerabilities, which Siemens self-reported, could allow a remote attacker to crash the DNS service or execute arbitrary code by crafting malicious DNS responses.
The following versions of SCALANCE, network interfaces suffer from the issues:
• SCALANCE W1750D: All versions
• SCALANCE M800/S615: All versions
An attacker can cause a crash of the DNSmasq process by sending specially-crafted request messages to the service.
An attacker with low skill level could leverage the vulnerabilities.
The following CVEs have been assigned to this group of vulnerabilities: CVE-2017-13704, CVE-2017-14495 and CVE-2017-14496. A CVSS v3 base score of 5.3 has been assigned.
In addition, an attacker can cause a crash or potentially execute arbitrary code by sending specially-crafted DNS responses to the DNSmasq process. In order to exploit this vulnerability, an attacker must be able to trigger DNS requests from the device, and must be in a position that allows the injection of malicious DNS responses.
CVE-2017-14491 has been assigned to this vulnerability, which has a CVSS v3 base score of 8.1.
The products see action in the chemical, energy, food and agriculture, healthcare and public health, transportation systems, and water and wastewater systems sectors. The products see use on a global basis
Siemens said they are preparing updates for the affected products and recommends the following mitigations until patches are available:
• For SCALANCE W1750D: Users who do not use the “OpenDNS,” “Captive Portal,” or “URL redirection” functionalities can deploy firewall rules in the device configuration to block incoming access to Port 53/UDP
• For SCALANCE M800/S615: Siemens recommends users install V5.0 of the software. Alternatively, users can disable DNS proxy in the device configuration (System – DNS – DNS Proxy – Disable Checkbox for Enable DNS Proxy) and configure the connected devices in the internal network to use a different DNS server.
• Apply Defense-in-Depth
Click here to view Siemens’ advisory.
Siemens also reports SCALANCE W1750D devices are operated in controller mode on an Aruba Mobility Controller are not affected if AOS versions newer than V22.214.171.124, V126.96.36.199 V188.8.131.52, V184.108.40.206, V220.127.116.11, or 18.104.22.168 are used.