The German industrial conglomerate Siemens AG released numerous patches for various vulnerabilities. The most glaring of these vulnerabilities was a cross-site scripting exploit that affected Siemens’ SCALANCE firewall variants S602, S612, S623, S627-2. The exploit in question was uncovered by researchers at Applied Risk, who had this to say in their report:
The integrated web server allows a Cross-Site Scripting (XSS) attack if an administrator is misled into accessing a malicious link. User interaction is required for a successful exploitation. The administrator must be logged into the web interface in order for the exploitation to succeed. Successful exploitation may lead to the ability to bypass critical security measures provided by the firewall.
The other vulnerabilities vary in danger, but some are highly critical with high Common Vulnerability Scoring System (CVSS) scores. In their various advisories on the ICS-CERT website, all of the exploits were detailed. One standout is the vulnerability (CVE-2018-16556) which is described in the ICS-CERT advisory as a serious Improper Input Validation that earns a CVSS rating of 8.2 (severe). The vulnerability affects Siemens S7-400 CPUs in that, the advisory’s wording, “successful exploitation of these vulnerabilities could crash the device being accessed which may require a manual reboot or firmware re-image to bring the system back to normal operation.”
Another notable vulnerability patched is (CVE-2018-4858) which, according to the ICS-CERT advisory, holds a lower CVSS rating of 4.2. Don’t be fooled by the lower rating, however, as this exploit is still dangerous. If exploited successfully, (CVE-2018-4858) allows “a remote attacker to exfiltrate limited data from the system or execute code with operating system user permissions.” Considering that Siemens creates products for industries like chemical, critical manufacturing, and energy, one can only imagine the level of damage that can be done with the right target and usage of this exploit.
That point can be made for any of these vulnerabilities. It was vital for Siemens to create these patches, and it is strongly encouraged that users of the affected technologies implement the patches as soon as possible.
Featured image: Flickr / Tony Webster