SCADA Vulnerabilities & Exposures (SVE)

CRITIFENCE® SCADA Vulnerabilities and Exposures Database (SVE)

[SVE-323449607] Siemens OZW672 and OZW772

Date Type Platform Author EDB-ID CVE-ID OSVDB-ID Download App SIS Signature
2017-07-06OtherSiemensStefan Viehb÷ck from SEC Consult reported these vulnerabilities to Siemens. N/ACVE-2017-6872 CVE-2017-6873 N/AN/AN/A

Source

						
							
								
#
# Siemens OZW672 and OZW772
#


### VULNERABLE VENDOR
Siemens


### VULNERABLE PRODUCT
OZW672 and OZW772



### RESEARCHER
Stefan Viehb÷ck from SEC Consult reported these vulnerabilities to Siemens.



### AFFECTED PRODUCTS

Siemens reports that the vulnerability affects the following OZW672 and OZW772 devices for monitoring building controller devices:

OZW672: All versions, and
OZW772: All versions.



### IMPACT

Successful exploitation of this vulnerability could allow attackers to read and write historical measurement data under certain conditions, or to read and modify data in TLS sessions.



### VULNERABILITY OVERVIEW

MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306
An attacker with access to Port 21/TCP could access or alter historical measurement data stored on the device.
CVE-2017-6872 has been assigned to this vulnerability.
A CVSS v3 base score of 6.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)


MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306
A vulnerability in the integrated web server on Port 443/TCP could allow an attacker to read and manipulate data in TLS sessions while performing a man-in-the-middle (MITM) attack.
CVE-2017-6873 has been assigned to this vulnerability.
A CVSS v3 base score of 7.4 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)





### BACKGROUND

Critical Infrastructure Sector: Commercial Facilities
Countries/Areas Deployed: Worldwide
Company Headquarters Location: Germany




### MITIGATION

Siemens recommends applying the following mitigations:

Protect network access to the affected devices.

Disable integrated service on Port 21/TCP in the device settings by changing the value of "ACS access" under "Settings > Communication > Services to "Off". Applying this configuration change mitigates CVE-2017-6872 entirely.

Use the web portal as described in the product documentation for all applications.

Connections to the web portal are not affected by CVE-2017-6873.

If use of web portal is not possible, then use the integrated web server only in trusted networks.

For more information on this vulnerability and more detailed mitigation instructions, please see Siemens Security Advisory SSA-563539 at the following location:

http://www.siemens.com/cert/advisories