Rewterz threat Advisory – CVE-2019-10940 – ICS: Siemens SINEMA Server Incorrect privilege assessment
January 15, 2020Rewterz Threat Advisory – CVE-2020-0601 – Microsoft Windows CryptoAPI fails to properly validate ECC certificate chains
January 15, 2020Rewterz threat Advisory – CVE-2019-10940 – ICS: Siemens SINEMA Server Incorrect privilege assessment
January 15, 2020Rewterz Threat Advisory – CVE-2020-0601 – Microsoft Windows CryptoAPI fails to properly validate ECC certificate chains
January 15, 2020Severity
High
Analysis Summary
This vulnerability could be exploited by an attacker with network access to the affected systems. An attacker could obtain sensitive information or change the device configuration.
Impact
- Exposure of sensitive information
- Lack of authentication for critical functionality
Affected Vendors
Siemens
Affected Products
- All versions of the SCALANCE X-200RNA switch family
- All versions prior to Version 4.1.3 of the SCALANCE X-300 switch family (including SIPLUS NET variants)
- All versions prior to Versions 4.1.3 of the SCALANCE X-408
Remediation
For the SCALANCE X-200RNA switch family Siemens recommends:
- Configure ACLs to only allow Web-based management from trusted IP addresses.
- Disable web-based management (WBM) and use SSH to configure the device.
- For the SCALANCE X-300 switch family (including SIPLUS NET variants), Siemens recommends that users upgrade to Version 4.1.3
- For the SCALANCE X-408, Siemens recommends that users upgrade to Version 4.1.3