SCADA Vulnerabilities & Exposures (SVE)

CRITIFENCE® SCADA Vulnerabilities and Exposures Database (SVE)

[SVE-495615540] Siemens RUGGEDCOM ROX I

Date Type Platform Author EDB-ID CVE-ID OSVDB-ID Download App SIS Signature
2017-03-28OtherSiemensMaxim Rupp reported these vulnerabilities directly to Siemens. N/ACVE-2017-2686 CVE-2017-2687 CVE-2017-2688 CVE-2017-2689 CVE-2017N/AN/AN/A

Source

						
							
								
#
# Siemens RUGGEDCOM ROX I
#


### VULNERABLE VENDOR
Siemens


### VULNERABLE PRODUCT
RUGGEDCOM ROX I



### RESEARCHER
Maxim Rupp reported these vulnerabilities directly to Siemens.



### AFFECTED PRODUCTS

Siemens reports that the vulnerability affects the following RUGGEDCOM VPN endpoints and firewall devices:

RUGGEDCOM ROX I: All versions.



### IMPACT

These devices are affected by several vulnerabilities which could potentially allow attackers to perform actions with administrative privileges.



### VULNERABILITY OVERVIEW

IMPROPER AUTHORIZATION CWE-285
An authenticated user could read arbitrary files through the web interface at Port 10000/TCP and access sensitive information.
CVE-2017-2686 has been assigned to this vulnerability.
A CVSS v3 base score of 6.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)


CROSS-SITE SCRIPTING CWE-79
The integrated web server at Port 10000/TCP is prone to reflected Cross-Site Scripting attacks if an unsuspecting user is induced to click on a malicious link.
CVE-2017-2687 has been assigned to this vulnerability.
A CVSS v3 base score of 6.1 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)


CROSS-SITE REQUEST FORGERY CWE-352
The integrated web server at Port 10000/TCP could allow remote attackers to perform actions with the privileges of an authenticated user, provided the targeted user has an active session and is induced to click on a malicious link or visits a malicious web site.
CVE-2017-2688 has been assigned to this vulnerability.
A CVSS v3 base score of 7.6 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L)


IMPROPER AUTHORIZATION CWE-285
An authenticated user could bypass access restrictions in the web interface at Port 10000/TCP to obtain privileged file system access or change configuration settings.
CVE-2017-2689 has been assigned to this vulnerability.
A CVSS v3 base score of 8.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)


CROSS-SITE SCRIPTING CWE-80
The integrated web server at Port 10000/TCP could allow an authenticated user to perform stored Cross-Site Scripting attacks.
CVE-2017-6864 has been assigned to this vulnerability.
A CVSS v3 base score of 6.4 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N)





### BACKGROUND

Critical Infrastructure Sectors: Energy, Healthcare, and Transportation
Countries/Areas Deployed: Worldwide
Company Headquarters Location: Germany




### MITIGATION

Siemens recommends the following mitigations:

Use the mitigation tool and follow the application note to disable the web interface and disable guest and operator accounts. The ROX I mitigation tool application note can be obtained from the Siemens support web site at the following location:

https://support.industry.siemens.com/cs/ww/en/view/109746106


Restrict access to trusted administrators only,
Apply cell protection concept,
Use VPN for protecting network communication between cells, and
Apply Defense-in-Depth.

The mitigation tool for the affected ROX I-based products can be obtained from Siemens by doing one of the following:

Submit a support request online
https://www.siemens.com/automation/support-request


Call a local hotline center:

https://w3.siemens.com/aspa_app/


As a general security measure Siemens strongly recommends protecting network access to the web interface at Port 10000/TCP of ROX I-based devices with appropriate mechanisms and configuring the environment according to Siemens' operational guidelines in order to run the devices in a protected IT environment:

https://www.siemens.com/cert/operational-guidelines-industrial-security


For more information on these vulnerabilities and detailed instructions, please see Siemens Security Advisory SSA-327980 at the following location:

http://www.siemens.com/cert/advisories/