Multiple vulnerabilities in Hirschmann Automation and Control GmbH Classic Platform Switches



Published: 2018-03-07
Risk Low
Patch available NO
Number of vulnerabilities 5
CVE-ID CVE-2018-5465
CVE-2018-5467
CVE-2018-5471
CVE-2018-5461
CVE-2018-5469
CWE-ID CWE-384
CWE-598
CWE-300
CWE-307
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe 		OCTOPUS
Hardware solutions / Routers & switches, VoIP, GSM, etc

MS
Hardware solutions / Routers & switches, VoIP, GSM, etc

MACH4000
Hardware solutions / Routers & switches, VoIP, GSM, etc

MACH1000
Hardware solutions / Routers & switches, VoIP, GSM, etc

MACH100
Hardware solutions / Routers & switches, VoIP, GSM, etc

RSB
Hardware solutions / Routers & switches, VoIP, GSM, etc

RSR
Hardware solutions / Routers & switches, VoIP, GSM, etc

RS
Hardware solutions / Routers & switches, VoIP, GSM, etc

Vendor Hirschmann

Security Bulletin

This security bulletin contains information about 5 vulnerabilities.

1) Session hijacking

EUVDB-ID: #VU10875

Risk: Low

CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:W/RC:C]

CVE-ID: CVE-2018-5465

CWE-ID: CWE-384 - Session Fixation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform session fixation attack on the target system.

The weakness exists in the web interface due to session fixation vulnerability. A remote attacker can hijack an existing user's session.

Mitigation

Workarounds are available on vendor's website.

Vulnerable software versions

OCTOPUS: All versions

MS: All versions

MACH4000: All versions

MACH1000: All versions

MACH100: All versions

RSB: All versions

RSR: All versions

RS: All versions

External links

http://ics-cert.us-cert.gov/advisories/ICSA-18-065-01


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Information disclosure

EUVDB-ID: #VU10876

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:W/RC:C]

CVE-ID: CVE-2018-5467

CWE-ID: CWE-598 - Information Exposure Through Query Strings in GET Request

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists in the web interface due to information exposure through query strings. A remote attacker can gain access to arbitrary data and impersonate a legitimate user.

Mitigation

Workarounds are available on vendor's website.

Vulnerable software versions

OCTOPUS: All versions

MS: All versions

MACH4000: All versions

MACH1000: All versions

MACH100: All versions

RSB: All versions

RSR: All versions

RS: All versions

External links

http://ics-cert.us-cert.gov/advisories/ICSA-18-065-01


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Man-in-the-middle attack

EUVDB-ID: #VU10877

Risk: Low

CVSSv3.1: 3.3 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:W/RC:C]

CVE-ID: CVE-2018-5471

CWE-ID: CWE-300 - Channel Accessible by Non-Endpoint ('Man-in-the-Middle')

Exploit availability: No

Description

The vulnerability allows a remote attacker to conduct man-in-the-middle attack.

The weakness exists in the web interface due to cleartext transmission of sensitive information. A remote attacker can use man-in-the-middle technique and obtain sensitive information through a successful man-in-the-middle attack.

Mitigation

Workarounds are available on vendor's website.

Vulnerable software versions

OCTOPUS: All versions

MS: All versions

MACH4000: All versions

MACH1000: All versions

MACH100: All versions

RSB: All versions

RSR: All versions

RS: All versions

External links

http://ics-cert.us-cert.gov/advisories/ICSA-18-065-01


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Man-in-the-middle attack

EUVDB-ID: #VU10878

Risk: Low

CVSSv3.1: 3.3 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:W/RC:C]

CVE-ID: CVE-2018-5461

CWE-ID: CWE-300 - Channel Accessible by Non-Endpoint ('Man-in-the-Middle')

Exploit availability: No

Description

The vulnerability allows a remote attacker to conduct man-in-the-middle attack.

The weakness exists in the web interface due to inadequate encryption strength vulnerability. A remote attacker can use man-in-the-middle technique and obtain sensitive information.

Mitigation

Workarounds are available on vendor's website.

Vulnerable software versions

OCTOPUS: All versions

MS: All versions

MACH4000: All versions

MACH1000: All versions

MACH100: All versions

RSB: All versions

RSR: All versions

RS: All versions

External links

http://ics-cert.us-cert.gov/advisories/ICSA-18-065-01


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Brute-force attack

EUVDB-ID: #VU10879

Risk: Low

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:W/RC:C]

CVE-ID: CVE-2018-5469

CWE-ID: CWE-307 - Improper Restriction of Excessive Authentication Attempts

Exploit availability: No

Description

The vulnerability allows a remote attacker to conduct brute-force attack.

The weakness exists in the web interface due to improper restriction of excessive authentication. A remote attacker can brute force authentication.

Mitigation

Workarounds are available on vendor's website.

Vulnerable software versions

OCTOPUS: All versions

MS: All versions

MACH4000: All versions

MACH1000: All versions

MACH100: All versions

RSB: All versions

RSR: All versions

RS: All versions

External links

http://ics-cert.us-cert.gov/advisories/ICSA-18-065-01


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###