SCADA Vulnerabilities & Exposures (SVE)

CRITIFENCE® SCADA Vulnerabilities and Exposures Database (SVE)

[SVE-928925366] Siemens BACnet Field Panels

Date Type Platform Author EDB-ID CVE-ID OSVDB-ID Download App SIS Signature
2017-10-12OtherSiemensSiemens reported these vulnerabilities to ICS-CERT. N/ACVE-2017-9946 CVE-2017-9947 N/AN/AN/A

Source

						
							
								
#
# Siemens BACnet Field Panels
#


### VULNERABLE VENDOR
Siemens


### VULNERABLE PRODUCT
BACnet Field Panels



### RESEARCHER
Siemens reported these vulnerabilities to ICS-CERT.



### AFFECTED PRODUCTS

Siemens reports that the vulnerabilities affect the following BACnet field panels:

APOGEE PXC BACnet Automation Controllers: All versions prior to V3.5
TALON TC BACnet Automation Controllers: All versions prior to V3.5



### IMPACT

Successful exploitation of these vulnerabilities could allow unauthenticated attackers with access to the integrated webserver to download sensitive information.



### VULNERABILITY OVERVIEW

AUTHENTICATION BYPASS USING AN ALTERNATE PATH OR CHANNEL CWE-288
An attacker with network access to the integrated web server (Ports 80/TCP and 443/TCP) could bypass the authentication and download sensitive information from the device.
CVE-2017-9946 has been assigned to this vulnerability.
A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)


IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL') CWE-22
A directory traversal vulnerability could allow a remote attacker with network access to the integrated web server (Ports 80/TCP and 443/TCP) to obtain information on the structure of the file system of the affected devices.
CVE-2017-9947 has been assigned to this vulnerability.
A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)





### BACKGROUND

Critical Infrastructure Sector: Commercial facilities
Countries/Areas Deployed: Worldwide
Company Headquarters Location: Germany




### MITIGATION

Siemens has provided firmware Version V3.5 for BACnet Field Panels Advanced modules, which fixes the vulnerabilities, and they recommend that users update to the new fixed version. Users should contact the local service organization for further information on how to obtain and apply V3.5. The web form is available at the following location on the Siemens web site:

http://w3.usa.siemens.com/buildingtechnologies/us/en/contact-us/Pages/bt-contact-form.aspx


For more information on this vulnerability and more detailed mitigation instructions, please see Siemens Security Advisory SSA-148078 at the following location:

http://www.siemens.com/cert/en/cert-security-advisories.htm