Siemens has a new version available to mitigate a cross-site scripting (XSS) vulnerability in its SCALANCE S, according to a report with NCCIC.
If an attacker tricks a user into clicking a malicious link, the device could allow arbitrary script injection (XSS). Nelson Berg of Applied Risk reported this vulnerability to Siemens.
Siemens reports the following SCALANCE S products suffer from the remotely exploitable vulnerability:
• SCALANCE S602: All versions prior to v126.96.36.199
• SCALANCE S612: All versions prior to v188.8.131.52
• SCALANCE S623: All versions prior to v184.108.40.206
• SCALANCE S627-2M: All versions prior to v220.127.116.11
In the vulnerability, the device could allow XSS attacks if unsuspecting users click a malicious link. User interaction is required for a successful exploitation. The user must be logged into the web interface in order for the exploitation to succeed.
CVE-2018-16555 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 4.7.
The products see use in multiple sectors including the chemical, communications, critical manufacturing, dams, defense industrial base, energy, good and agriculture, government facilities, transportation systems, and water and wastewater systems. They also see action on a global basis.
No known public exploits specifically target this vulnerability. High skill level is needed to exploit.
Siemens said users should update to Version 18.104.22.168.
Siemens has identified the following specific workarounds and mitigations that users can apply to reduce the risk: Only access links from trusted sources in the browser you use to access the SCALANCE S administration website.
As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens’ operational guidelines for industrial security, and following the recommendations in the product manuals.
Click here for additional information on Industrial Security by Siemens.
For more information on this vulnerability and associated software updates, please see Siemens security advisory SSA-242982.