Siemens mitigated a missing authentication vulnerability in its OZW672 and OZW772 devices, according to a report with ICS-CERT.
Successful exploitation of this vulnerability could allow attackers to read and write historical measurement data under certain conditions, or to read and modify data in TLS sessions.
Siemens said the remotely exploitable vulnerability, which Stefan Viehböck from SEC Consult reported directy to the company, affects the following OZW672 and OZW772 devices for monitoring building controller devices:
• OZW672: All versions
• OZW772: All versions
In terms of the missing authentication vulnerability, an attacker with access to Port 21/TCP could access or alter historical measurement data stored on the device.
CVE-2017-6872 is the case number for the vulnerability, which has a CVSS v3 base score of 6.5.
In another case of a missing authentication issue, a vulnerability in the integrated web server on Port 443/TCP could allow an attacker to read and manipulate data in TLS sessions while performing a man-in-the-middle (MitM) attack.
CVE-2017-6873 is the case number for the vulnerability, which has a CVSS v3 base score of 7.4.
The devices see action mainly in the commercial facilities sector and see use on a global basis.
No known public exploits specifically target these vulnerabilities. However, an attacker with a low skill level would be able to leverage the issue.
Siemens recommended applying the following mitigations:
• Protect network access to the affected devices
• Disable integrated service on Port 21/TCP in the device settings by changing the value of “ACS access” under “Settings > Communication > Services to “Off”. Applying this configuration change mitigates CVE-2017-6872 entirely
• Use the web portal as described in the product documentation for all applications; Connections to the web portal are not affected by CVE-2017-6873.
• If use of web portal is not possible, then use the integrated web server only in trusted networks.
For more information on this vulnerability and more detailed mitigation instructions, please see Siemens Security Advisory SSA-563539.