Privilege escalation in Siemens ROX II



Published: 2018-10-10
Severity Low
Patch available YES
Number of vulnerabilities 2
CVE ID CVE-2018-13801
CVE-2018-13802
CWE ID CWE-269
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
ROX II
Server applications / SCADA systems

Vendor Siemens

Security Advisory

1) Improper privilege management

Severity: Low

CVSSv3: 7.7 [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-13801

CWE-ID: CWE-269 - Improper Privilege Management

Description

The vulnerability allows a remote authenticated attacker to gain elevated privileges on the target system.

The vulnerability exists due to improper privilege management. A remote attacker with network access to Port 22/TCP and valid low-privileged user credentials can gain root privileges.

Mitigation

Update to version 2.12.1.

Vulnerable software versions

ROX II: -

CPE External links

https://cert-portal.siemens.com/productcert/pdf/ssa-493830.pdf

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper privilege management

Severity: Low

CVSSv3: 6.3 [CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-13802

CWE-ID: CWE-269 - Improper Privilege Management

Description

The vulnerability allows a remote high-privileged attacker to execute arbitrary commands with elevated privileges on the target system.

The vulnerability exists due to improper privilege management. A remote attacker with a high-privileged user account access via SSH interface in on Port 22/TCP can circumvent restrictions and execute arbitrary operating system commands.

Mitigation

Update to version 2.12.1.

Vulnerable software versions

ROX II: -

CPE External links

https://cert-portal.siemens.com/productcert/pdf/ssa-493830.pdf

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.