Detections
Analytics

Siemens Ruggedcom ROS, SCALANCE Improper Access Control (CVE-2017-12736)

high Tenable OT Security Plugin ID 501024

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A vulnerability has been identified in RUGGEDCOM ROS for RSL910 devices (All versions < ROS V5.0.1), RUGGEDCOM ROS for all other devices (All versions < ROS V4.3.4), SCALANCE XB-200/XC-200/XP-200/XR300-WG (All versions between V3.0 (including) and V3.0.2 (excluding)), SCALANCE XR-500/XM-400 (All versions between V6.1 (including) and V6.1.1 (excluding)). After initial configuration, the Ruggedcom Discovery Protocol (RCDP) is still able to writeto the device under certain conditions, potentially allowing users located in the adjacentnetwork of the targeted device to perform unauthorized administrative actions.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens provides new versions to mitigate this vulnerability and recommends users update to the newest version.

- RUGGEDCOM ROS for RSL910 devices: Install V5.0.1
- RUGGEDCOM ROS for all other devices: Install V4.3.4

The firmware updates for the Ruggedcom ROS-based devices can be obtained by contacting the Ruggedcom support team at:

https://support.industry.siemens.com/my/us/en/requests

- SCALANCE XB-200/XC-200/XP-200/XR300-WG: Install V3.0.2

https://support.industry.siemens.com/cs/de/en/view/109754174

- SCALANCE XR-500/XM-400: Install V6.1

https://support.industry.siemens.com/cs/ww/de/view/109755475

Siemens is preparing updates for the remaining affected products and recommends that users manually deactivate RCDP according to the instructions in the user guide. The user guide can be found on the Siemens web site at the following location:

https://support.industry.siemens.com/cs/ww/en/view/109748693

As a general security measure, Siemens advises configuring the IT environment according to Siemens operational guidelines in order to run the devices in a protected manner.

https://www.siemens.com/cert/operational-guidelines-industrial-security

For more information on these vulnerabilities and more detailed mitigation instructions, please see Siemens Security Advisory SSA-856721 at the following location:

http://www.siemens.com/cert/en/cert-security-advisories.htm

See Also

http://www.securityfocus.com/bid/101041

http://www.securitytracker.com/id/1039463

http://www.securitytracker.com/id/1039464

https://www.cisa.gov/news-events/ics-advisories/icsa-17-271-01b

https://www.nessus.org/u?2b1d4444

Plugin Details

Severity: High

ID: 501024

Version: 1.5

Type: remote

Family: Tenable.ot

Published: 4/11/2023

Updated: 3/4/2024

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 5.8

Temporal Score: 4.3

Vector: CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2017-12736

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:siemens:scalance_xb-200_series_firmware, cpe:/o:siemens:scalance_xc-200_series_firmware, cpe:/o:siemens:scalance_xm-400_series_firmware, cpe:/o:siemens:scalance_xp-200_series_firmware, cpe:/o:siemens:scalance_xr-500_series_firmware, cpe:/o:siemens:scalance_xr300-wg_series_firmware

Required KB Items: Tenable.ot/Siemens

Exploit Ease: No known exploits are available

Patch Publication Date: 12/26/2017

Vulnerability Publication Date: 12/26/2017

Reference Information

CVE: CVE-2017-12736

CWE: 665