Siemens has a new version to mitigate an improper authentication vulnerability in its Desigo PXC, according to a report with ICS-CERT.
Successful exploitation of this remotely exploitable vulnerability, discovered by Can Demirel and Melih Berk Eksioglu from Biznet Bilisim, could allow unauthenticated remote attackers to upload malicious firmware without prior authentication.
The vulnerability affects the following versions of Desigo PXC:
• Desigo Automation Controllers Compact PXC12/22/36-E.D all versions prior to V6.00.204
• Desigo Automation Controllers Modular PXC00/50/100/200-E.D all versions prior to V6.00.204
• Desigo Automation Controllers PXC00/64/128-U with Web module all versions prior to V6.00.204
• Desigo Automation Controllers for Integration PXC001-E.D all versions prior to V6.00.204
• Desigo Operator Unit PXM20-E all versions prior to V6.00.204
No known public exploits specifically target this vulnerability. However, an attacker with low skill level could leverage the vulnerability.
A remote attacker with network access to the device could potentially upload a new firmware image to the devices without prior authentication.
CVE-2018-4834 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 9.8.
The product sees use mainly in the commercial facilities sector. It also sees action on a global basis.
Siemens provided an updated version that fixes the vulnerability for the affected products and recommends users update to the newest version V6.00.204 or a later version.
As a general security measure, Siemens recommends protecting network access to the devices with appropriate mechanisms. Siemens advises configuring the environment according to Siemens operational guidelines in order to run the devices in a protected IT environment.