SCADA Vulnerabilities & Exposures (SVE)

CRITIFENCE® SCADA Vulnerabilities and Exposures Database (SVE)

[SVE-998163123] Hirschmann Automation and Control GmbH Classic Platform Switches

Date Type Platform Author EDB-ID CVE-ID OSVDB-ID Download App SIS Signature
2018-03-06OtherBeldenIlya Karpov, Evgeniy Druzhinin, Mikhail Tsvetkov, and Damir Zainullin of Positive Technologies reported these vulnerabilities toN/ACVE-2018-5465 CVE-2018-5467 CVE-2018-5471 CVE-2018-5461 CVE-2018N/AN/AN/A

Source

						
							
								
#
# Hirschmann Automation and Control GmbH Classic Platform Switches
#


### VULNERABLE VENDOR
Belden


### VULNERABLE PRODUCT
Classic Platform Switches 


### RESEARCHER
Ilya Karpov, Evgeniy Druzhinin, Mikhail Tsvetkov, and Damir Zainullin of Positive Technologies reported these vulnerabilities to Belden.


### AFFECTED PRODUCTS
Hirschmann reports that the vulnerabilities affect the following Classic Platform Switches products:

RS all versions,
RSR all versions,
RSB all versions,
MACH100 all versions,
MACH1000 all versions,
MACH4000 all versions,
MS all versions, and
OCTOPUS all versions


### IMPACT
Successful exploitation of these vulnerabilities could allow the attacker to hijack web sessions, impersonate a legitimate user, receive sensitive information, and gain access to the device.


### VULNERABILITY OVERVIEW
SESSION FIXATION CWE-384
A session fixation vulnerability in the web interface has been identified, which may allow an attacker to hijack web sessions.
CVE-2018-5465 has been assigned to this vulnerability.
A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)


INFORMATION EXPOSURE THROUGH QUERY STRINGS IN GET REQUEST CWE-598
An information exposure through query strings vulnerability in the web interface has been identified, which may allow an attacker to impersonate a legitimate user.
CVE-2018-5467 has been assigned to this vulnerability.
A CVSS v3 base score of 4.2 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N)


CLEARTEXT TRANSMISSION OF SENSITIVE INFORMATION CWE-319
A cleartext transmission of sensitive information vulnerability in the web interface has been identified, which may allow an attacker to obtain sensitive information through a successful man-in-the-middle attack.
CVE-2018-5471 has been assigned to this vulnerability.
A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N)


INADEQUATE ENCRYPTION STRENGTH CWE-326
An inadequate encryption strength vulnerability in the web interface has been identified, which may allow an attacker to obtain sensitive information through a successful man-in-the-middle attack.
CVE-2018-5461 has been assigned to this vulnerability.
A CVSS v3 base score of 6.5 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N)


IMPROPER RESTRICTION OF EXCESSIVE AUTHENTICATION ATTEMPTS CWE-307
An improper restriction of excessive authentication vulnerability in the web interface has been identified, which may allow an attacker to brute force authentication.
CVE-2018-5469 has been assigned to this vulnerability.
A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)





### BACKGROUND
Critical Infrastructure Sectors: Multiple sectors
Countries/Areas Deployed: Worldwide
Company Headquarters Location: St. Louis, Missouri




### MITIGATION

Hirschmann strongly recommends users restrict access to remote management access and the following mitigation strategies should be applied:

Disable HTTP for remote management access.

Use the secure HTTPS or SSH protocols for remote management access.

Use of complex user passwords.

Use the “Restricted Management Access” feature to restrict access to known IP addresses.

Disable remote management access when not in use.