02 February 2021
Much ado about the certificate: what one should know about Siemens SCALANCE X switch configuration to avoid MitM
Two related vulnerabilities with very high severity ratings – each has a CVSS 3.0 base score of 9.1 – have been identified in Siemens Scalance X network devices.
The first of the vulnerabilities, CVE-2020-28391 (Siemens internal ID SSA-274900), has to do with a hardcoded encryption key being used to protect network communications – but only in those cases where the device is used together with the C-PLUG memory module.
The C-PLUG (a registered Siemens trademark) memory module enables various network components to be quickly replaced without having to re-configure them. It is designed to store configuration parameters automatically and load those parameters automatically if a new communication component is installed. It also supports additional data storage functions. When a blank C-PLUG module is installed into a network component, the component’s configuration parameters are automatically stored in the C-PLUG module. Any changes to configuration settings are automatically registered in the C-PLUG module without having to perform any additional operations.
Although the memory module can be used in all SIMATICNET communication components that have a C-PLUG connector, the vulnerability affects only SCALANCE X-200 series switches (including SIPLUS NET modifications), SCALANCE X-200IRT switches (including SIPLUS NET modifications), and SCALANCE X-300 switches (including X408 and SIPLUS NET modifications). This means that the vulnerability is due to a sloppy device firmware implementation rather than any limitations of the C-PLUG technology. The mitigation measures recommended by the vendor are to manually update the device X.509 certificates for the former two series and to update device firmware to V4.1.0 or later on devices of the latter series. Details can be found in the SSA-274900 security advisory.
However, even if C-PLUG is not used with the vulnerable network components, it is a good idea to follow the vendor’s recommendations and update the certificates or device firmware. This is because such vulnerabilities in network devices can change the attack kill chain and the associated risk assessment. If all an attacker needs to do to change the encryption key to one known to them is just to perform a small physical manipulation, rather than having to completely compromise the device, gain access to the administrator account and reconfigure the device, in many cases this invalidates assessments of risks associated with a MitM attack.
The second vulnerability, CVE-2020-28395, which has the same internal Siemens ID SSA-274900, has to do with devices failing to generate a unique random key after factory reset and using hardcoded private encryption keys after reset. Conditions under which devices show such behavior are not disclosed. Perhaps this could happen after every hard reset. The list of affected devices is the same as for CVE-2020-28391. The vendor’s mitigation recommendations are the same as for CVE-2020-28391, that is, to update the self-signed device certificates and certificates that have the fingerprints specified by the vendor on SCALANCE X-200 and SCALANCE X-200IRT series devices and to update the firmware on SCALANCE X-300 series devices.
It should be noted that, as in the case of other MitM attacks based on certificate replacement, the success of this attack is largely determined not by the severity of the vulnerability (in this case, CVSS score of 9.1) but by the user’s awareness of the conditions under which such an attack is possible. If a user has configured their own certificate instead of the device’s self-signed certificate in accordance with the vendor’s recommendation, the user’s browser will still display alerts on the danger of an attack being carried out against the connection. The same alert would be displayed in the event of an actual MitM attack, which can only be detected by checking the certificate – something an overwhelming majority of users don’t do. Adding the certificate as trusted on the system connecting to the device is not part of the vendor’s recommendations.
It follows that an attack exploiting one of the above vulnerabilities is not particularly dangerous to technically savvy users, while all others are prone to MitM attacks in any case. The presence of a vulnerability and its high severity rating contribute little to the significance of the threat. Vendors should make more of an emphasis on raising user awareness that certificates should not be added as trusted (and connections with untrusted certificates should not be allowed), unless a user is confident about what he or she is doing.
Vulnerability information publication date: January 12, 2021
Source: Siemens, Kaspersky ICS CERT