Rewterz Threat Alert – Grandoreiro Banking Trojan Takes Over Device for Fraudulent Transactions
April 14, 2020Rewterz Threat Advisory – ICS: Siemens Climatix Cross-Site Scripting Vulnerability
April 15, 2020Rewterz Threat Alert – Grandoreiro Banking Trojan Takes Over Device for Fraudulent Transactions
April 14, 2020Rewterz Threat Advisory – ICS: Siemens Climatix Cross-Site Scripting Vulnerability
April 15, 2020Severity
Medium
Analysis Summary
A resource exhaustion vulnerability has been identified in scalance and simatic products of Siemens. The vulnerability is remotely exploitable and requires low skill to exploit. The VxWorks-based Profinet TCP stack can be forced to make resource-intense calls for every incoming packet, which can lead to a denial-of-service condition.
CVE-2019-19301 has been assigned to this vulnerability.
Impact
- Resource Exhaustion
- Denial of Service
Affected Vendors
Siemens
Affected Products
- SCALANCE X-200 switch family (incl. SIPLUS NET variants): all versions
- SCALANCE X-200IRT switch family (incl. SIPLUS NET variants): all versions
- SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants): all versions
- SIMATIC CP 443-1 (incl. SIPLUS NET variants): all versions
- SIMATIC CP 443-1 Advanced (incl. SIPLUS NET variants): all versions
- SIMATIC RF180C: all versions
- SIMATIC RF182C: all versions
Remediation
- Updates are not yet available.
- Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.
- Locate control system networks and remote devices behind firewalls, and isolate them from the business network.
- When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), updated to the most current version available.