Dangerous vulnerabilities in Siemens industrial solutions

Siemens has reported dangerous vulnerabilities in several of its industrial solutions.

The most dangerous of the vulnerabilities (CVSS v.3 base score of 9.1) is CVE-2018-13799, which affects SIMATIC WinCC OA HMI system. The vulnerability has to do with improper access control and could allow a remote attacker with network access to port 5678/TCP to escalate its privileges in the context of SIMATIC WinCC OA V3.14. The issue affects all versions of the software up to 3.14 (inclusive). It was fixed in SIMATIC WinCC OA V3.14-P021. The relevant update is available on the vendor’s website.

SCALANCE X switches are affected by CVE-2018-13807, which is a denial-of-service issue caused by improper input validation. Successful exploitation of the vulnerability by sending specially crafted packets to an affected device’s integrated web server could cause the device to malfunction. The flaw has been assigned CVSS v.3 base score of 8.6. It affects the following devices: SCALANCE X300 (all versions prior to 4.0.0), Х408 (all versions prior to 4.0.0) and Х414 (all versions). The issue has been fixed in SCALANCE X300 v4.1.2 and SCALANCE X408 v4.1.2.

TD Keypad Designer, a utility for creating custom faceplates for Text Display devices, is is affected by CVE-2018-13806, an “uncontrolled search path element” type vulnerability. It could allow a local low-privileged attacker to execute arbitrary code in the system with the current user’s privileges. To exploit the vulnerability, the attacker must have write access to the directory containing the TD project file. The vulnerability affects all versions of the product.

In 2012, TD Keypad Designer was discontinued and replaced  with KTP Basic with the Express Design option. However, to reduce the risk of the vulnerability being exploited, it is recommended that users of TD Keypad Designer should restrict write permissions to directories with TD project files and only open TD projects from trusted sources.

Source: Siemens