19 June 2018
Dangerous vulnerabilities fixed in Siemens routers and switches
Siemens has published several advisories on vulnerabilities identified and closed in its solutions.
- RFID 181-EIP and SIMATIC RF182C modules;
- RUGGEDCOM WiMAX wireless WAN devices: versions 4.4 and 4.5;
- SCALANCE X-200 switches: all versions prior to 5.2.3;
- SCALANCE X-200 IRT switches: all versions prior to 5.4.1;
- SCALANCE X-204RNA access points
- SCALANCE X-300, SCALANCE X408 and SCALANCE X414 switches.
The security issue identified could allow non-privileged remote attackers located in the same local network segment to execute arbitrary code on affected products by sending a specially crafted DHCP response to a client’s DHCP request.
To fix the vulnerability in SCALANCE X-200 and X-200 IRT, updating the firmware of these devices to versions 5.2.3 and 5.4.1, respectively, is recommended. For the remaining products, the vendor recommends using static IP addresses instead of DHCP.
Additionally, two XSS vulnerabilities, CVE-2018-4842 and CVE-2018-4848, have been fixed in SCALANCE X switches. These vulnerabilities were found in the built-in configuration web server. The following switch models are affected:
- SCALANCE X-200 – all versions prior to 5.2.3 (affected by CVE-2018-4842 only);
- SCALANCE X-200 IRT – all versions prior to 5.4.1;
- SCALANCE X300.
Successful exploitation of CVE-2018-4848 is only possible if the user clicks on a special link while being logged in. And to exploit CVE-2018-4842, an attacker needs to be able to log into the administrative web application.
In addition to the above flaws, six vulnerabilities, three of them dangerous, have been identified in SCALANCE M875 industrial routers. These vulnerabilities include arbitrary code execution (CVE-2018-4859 and CVE-2018-4860), XSS (CVE-2018-11448) and cross-site request forgery (CVE-2018-11447).
These vulnerabilities were fixed in the new router model, SCALANCE M876-4.