Multiple vulnerabilities in Siemens SCALANCE Products



Published: 2019-08-21
Risk Medium
Patch available NO
Number of vulnerabilities 2
CVE-ID CVE-2019-10927
CVE-2019-10928
CWE-ID N/A
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe 		SCALANCE SR-300WG
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XP-200
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XF-200BA
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XC-200
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE XB-200
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE SC-600
Hardware solutions / Routers & switches, VoIP, GSM, etc

Vendor Siemens

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Improper Adherence to Coding Standards

EUVDB-ID: #VU20347

Risk: Medium

CVSSv3.1: 6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:U/RC:C]

CVE-ID: CVE-2019-10927

CWE-ID: N/A

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to the software does not follow certain coding rules for development. A remote authenticated attacker with network access to Port 22/TCP of an affected device can cause a denial-of-service condition. 

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

SCALANCE SR-300WG: 4.1

SCALANCE XP-200: 4.1

SCALANCE XF-200BA: 4.1

SCALANCE XC-200: 4.1

SCALANCE XB-200: 4.1

SCALANCE SC-600: 2.0

External links

http://cert-portal.siemens.com/productcert/pdf/ssa-671286.pdf


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper Adherence to Coding Standards

EUVDB-ID: #VU20348

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-10928

CWE-ID: N/A

Exploit availability: No

Description

the vulnerability allows an attacker to execute arbitrary commands on the target device.

The vulnerability exists due to the software does not follow certain coding rules for development. An authenticated attacker with access to Port 22/TCP as well as physical access to an affected device can execute arbitrary commands on the target device.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

SCALANCE SC-600: 2.0

External links

http://cert-portal.siemens.com/productcert/pdf/ssa-671286.pdf


Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###