On September 11th, Siemens officially issued a notice to fix various levels of security vulnerabilities in its different products. The affected products include SIMATIC WinCC OA, SCALANCE X switches and so on.
SIMATIC WinCC OA
A vulnerability affecting SIMATIC WinCC OA CVE-2018-13799 was created due to improper access control of the 5678/TCP port. Successful exploitation of this vulnerability could allow unauthenticated remote attackers to escalate their privileges in the SIMATIC WinCC OA environment.
CVSS v3.0 Base Score 9.1
CVSS: 3.0/AV: N/AC: L/PR: N/UI: N/S: U/C: N/I: H/A: H
- SIMATIC WinCC OA Version <= 3.14
- SIMATIC WinCC OA Version 3.14-P021
The official patch has been released by Siemens to fix the above vulnerability and is available at the link.
Siemens also recommends the following manual mitigation measures to reduce risk:
- Follow the steps in this link to manually fix the vulnerability.
- Follow the SIMATIC WinCC OA Safety Guide to maintain a secure SIMATIC WinCC OA environment.
- Apply defence in depth
For more information, please refer to the Siemens Security Advisory SSA-346256.
SCALANCE X switch
Vulnerability CVE-2018-13807 affecting multiple versions of SCALANCE X switches may allow an attacker to cause a denial of service by sending a specially crafted packet to the web server. Make the device automatically restart, affecting the network availability of other devices. However, an attacker must have network access to the 443/TCP port to exploit this vulnerability. This vulnerability does not require valid credentials or interaction with legitimate users.
CVSS v3.0 Base Score 8.6
CVSS: 3.0/AV: N/AC: L/PR: N/UI: N/S: C/C: N/I: N/A: H
- SCALANCE X300 Version < 4.0.0
- SCALANCE X408 Version < 4.0.0
- SCALANCE X414 all versions
- SCALANCE X300 Version 4.1.2
- SCALANCE X408 Version 4.1.2
- See the solution for SCALANCE X414
Siemens provides updates for the SCALANCE X300 and SCALANCE X408 and provides mitigation measures for the SCALANCE X414.
SCALANCE X300: Updated to version 4.1.2
SCALANCE X408: Updated to version 4.1.2
Siemens has determined that users can apply the following solutions and mitigation measures to reduce risk:
- Use appropriate mechanisms to protect network access to the integrated web server on the 443/TCP port.
- Limit network access to the 443/TCP port to a trusted IP address and avoid running a vulnerability scan tool from a trusted IP address on the affected device.