Siemens identified and fixed multiple vulnerabilities in Scalance X200 IRT, according to a report on ICS-CERT.
Exploitation of these remotely exploitable vulnerabilities could allow an attacker to execute privileged commands using an unprivileged account.
The following Siemens products suffer from the issue:
SCALANCE X204IRT versions < V5.1.0 SCALANCE X204IRT PRO versions < V5.1.0 SCALANCE X202-2IRT versions < V5.1.0 SCALANCE X202-2P IRT versions < V5.1.0 SCALANCE X202-2P IRT PRO versions < V5.1.0 SCALANCE X201-3P IRT versions < V5.1.0 SCALANCE X201-3P IRT PRO versions < V5.1.0 SCALANCE X200-4P IRT versions < V5.1.0 SCALANCE XF204IRT versions < V5.1.0 Successful exploitation of these vulnerabilities may result in an attacker executing privileged commands using an unprivileged account. Munich, Germany-based Siemens develops products mainly in the energy, transportation, and healthcare sectors. Scalance X switches connect industrial components like PLCs or HMIs. These switches have a Web interface to enable administrators to change the configuration using a common Web browser. The Scalance X200 IRT user privileges for the Web interface end up properly verified on the client side but not on the server side. This could allow the attacker to execute privileged commands using an unprivileged account. CVE-2013-3633 is the number assigned to this vulnerability, which has a CVSS v2 base score of 8.0. The Scalance SNMPv3 does not properly check user credentials. This could allow the attacker to execute privileged SNMP commands while only having unprivileged credentials. CVE-2013-3634 is the number assigned to this vulnerability, which has a CVSS v2 base score of 7.5. No known public exploits specifically target these vulnerabilities and an attacker with a low skill would be able to exploit these vulnerabilities. Siemens created a software update, Scalance X-200IRT V5.1.0 that resolves these vulnerabilities. Siemens recommends asset owners and operators contact Siemens customer support to acquire the update. Click here for Siemens update information.
Click here for Siemens security advisory.
Siemens did say if it is not possible to install the update, a workaround for CVE-2013-3634 is either to disable SNMP or to completely disable any read-write access.