#VU13570 Privilege escalation in SICLOCK TC400 and SICLOCK TC100 - CVE-2018-4854
Published: July 5, 2018
Vulnerability identifier: #VU13570
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber
CVE-ID: CVE-2018-4854
CWE-ID: CWE-264
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
SICLOCK TC400
SICLOCK TC100
SICLOCK TC400
SICLOCK TC100
Software vendor:
Siemens
Siemens
Description
The vulnerability allows a remote attacker to gain elevated privileges on the target system.
The weakness exists due to unspecified flaw. A remote attacker with network access to port 69/udp, can download and execute the modified client from the affected device and execute arbitrary code with elevated privileges.
Remediation
Siemens has identified the following specific workarounds and mitigations that customers can apply to
reduce the risk:
• Provide redundant time sources and implement plausibility checks for the time information in critical
plant controllers.
• Protect network access to the affected devices with appropriate measures, e.g. protect SICLOCK
TC devices with firewalls to reduce the risk.
It is recommended to filter traffic to all ports excluding those needed for time synchronization. If
time synchronization is performed using NTP, then port 123/udp must be opened on the firewall. If
time synchronization is performed using SIMATIC time synchronization, then port 22223/udp and
port 22224/udp must be opened on the firewall.
For configuring parameters, it is recommended to use a direct connection to the SICLOCK TC.
• Apply the cell protection concept, and apply defense-in-depth: https://www.siemens.com/cert/
operational-guidelines-industrial-security
reduce the risk:
• Provide redundant time sources and implement plausibility checks for the time information in critical
plant controllers.
• Protect network access to the affected devices with appropriate measures, e.g. protect SICLOCK
TC devices with firewalls to reduce the risk.
It is recommended to filter traffic to all ports excluding those needed for time synchronization. If
time synchronization is performed using NTP, then port 123/udp must be opened on the firewall. If
time synchronization is performed using SIMATIC time synchronization, then port 22223/udp and
port 22224/udp must be opened on the firewall.
For configuring parameters, it is recommended to use a direct connection to the SICLOCK TC.
• Apply the cell protection concept, and apply defense-in-depth: https://www.siemens.com/cert/
operational-guidelines-industrial-security