Detections
Analytics
Siemens BACnet Field Panels Authentication Bypass Using an Alternate Path or Channel (CVE-2017-9946)
high Tenable OT Security Plugin ID 500107
Synopsis
The remote OT asset is affected by a vulnerability.Description
A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions <V3.5. An attacker with network access to the integrated web server (80/tcp and 443/tcp) could bypass the authentication and download sensitive information from the device.- A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions <V3.5. An attacker with network access to the integrated web server (80/tcp and 443/tcp) could bypass the authentication and download sensitive information from the device. (CVE-2017-9946)
Solution
The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.Siemens has released updates for several affected products and recommends updating to the latest versions. Siemens recommends countermeasures for products where updates are not, or not yet available.
- APOGEE PXC Compact (BACnet): Update to v3.5 or later version
- APOGEE PXC Compact (P2 Ethernet): Disable the integrated webserver
- APOGEE PXC Modular (BACnet): Update to v3.5 or later version
- APOGEE PXC Modular (P2 Ethernet): Disable the integrated webserver
- TALON TC Compact (BACnet): Update to v3.5 or later version
- TALON TC Modular (BACnet): Update to v3.5 or later version
Siemens has identified the following specific workarounds and mitigations users can apply to reduce the risk:
- Siemens recommends disabling the integrated webserver when not in use
- Please contact a Siemens office for additional support
As a general security measure Siemens strongly recommends protecting network access to affected products with appropriate mechanisms. It is advised to follow recommended security practices in order to run the devices in a protected IT environment.
For more information on this vulnerability and more detailed mitigation instructions, please see Siemens Security Advisory SSA-148078
See Also
http://www.nessus.org/u?39061797
http://www.nessus.org/u?8c345dfe
https://www.cisa.gov/news-events/ics-advisories/icsa-17-285-05
Plugin Details
Severity: High
ID: 500107
Version: 1.9
Type: remote
Family: Tenable.ot
Published: 2/7/2022
Updated: 3/4/2024
Supported Sensors: Tenable OT Security
Risk Information
VPR
Risk Factor: Medium
Score: 4.4
CVSS v2
Risk Factor: Medium
Base Score: 5
Temporal Score: 3.9
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS Score Source: CVE-2017-9946
CVSS v3
Risk Factor: High
Base Score: 7.5
Temporal Score: 6.7
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
Vulnerability Information
CPE: cpe:/o:siemens:apogee_pxc_bacnet_automation_controller_firmware
Required KB Items: Tenable.ot/Siemens
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 10/23/2017
Vulnerability Publication Date: 10/23/2017
Reference Information
CVE: CVE-2017-9946
CWE: 287