Security restrictions bypass in Siemens products

#VU10886 Security restrictions bypass in Siemens products

Published: 2018-03-09

Vulnerability identifier: #VU10886

Vulnerability risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4839

CWE-ID: CWE-326

Exploitation vector: Network

Exploit availability: No

Vendor: Siemens

Description
The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to inadequate encryption strength. A remote attacker with local access to the engineering system or in a privileged network position can capture certain network traffic, and possibly reconstruct access authorization passwords.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Siprotec Compact: All versions

SIPROTEC 4: All versions

SIPROTEC Compact 7SK80: All versions

SIPROTEC Compact 7SJ80: All versions

SIPROTEC 4 7SJ66: All versions

EN100 Ethernet module IEC 104 variant: All versions

EN100 Ethernet module DNP3 TCP variant: All versions

EN100 Ethernet module Modbus TCP variant: All versions

EN100 Ethernet module PROFINET IO variant: All versions

EN100 Ethernet module IEC 61850 variant: All versions

DIGSI 4: All versions

External links
http://cert-portal.siemens.com/productcert/pdf/ssa-203306.pdf

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Siemens SIPROTEC 4, SIPROTEC Compact, DIGSI 4, and EN100 Ethernet Module