#1267162: ICSA-19-192-04 : Siemens SIMATIC RF6XXR

Description: CVSS v3 5.9
ATTENTION: Exploitable remotely/public exploits are available
Vendor: Siemens
Equipment: SIMATIC RF6XXR
Vulnerabilities: Improper Input Validation, Cryptographic Issues

2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow access to sensitive information.

3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
Siemens reports that the vulnerabilities affect all versions prior to 3.2.1 of the following SIMATIC RF6XXR UHF RFID products:

RF615R
RF68XR
3.2 VULNERABILITY OVERVIEW

3.2.1 IMPROPER INPUT VALIDATION CWE-20
The SSL protocol encrypts data by using CBC mode with chained initialization vectors, which may allow a man-in-the-middle attack to obtain plaintext HTTP headers.
CVE-2011-3389 has been assigned to this vulnerability. A CVSS v3 base score of 5.9 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).

3.2.2 CRYPTOGRAPIC ISSUES CWE-310
Long-duration TLS sessions used with a 64-bit block cipher may allow remote attackers to obtain cleartext data.
CVE-2016-6329 has been assigned to this vulnerability. A CVSS v3 base score of 5.9 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).

3.2.3 CRYPTOGRAPIC ISSUES CWE-310
Outdated versions of TLS and DTLS allow statistical analysis of timing data for crafted packets, which may allow remote attackers to conduct distinguishing and plaintext-recovery attacks.

CVE-2013-0169 has been assigned to this vulnerability. A CVSS v3 base score of 5.9 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).

3.3 BACKGROUND
CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing, Food and Agriculture, Transportation Systems
COUNTRIES/AREAS DEPLOYED: Worldwide
COMPANY HEADQUARTERS LOCATION: Germany

3.4 RESEARCHER
Wendy Parrington from United Utilities reported these vulnerabilities to Siemens.
More info: https://www.us-cert.gov/ics/advisories/icsa-19-192-04

Date added July 12, 2019, 4:07 a.m.
Source US-CERT
Subjects
  • Industry Control Systems / PLC Suppliers - New Reports In
  • SCADA - New Reports In
  • Siemens - Infrastructure Control Systems / Scada / PLC
CVE CVE-2011-3389, CVE-2016-6329, CVE-2013-0169
CVSS 5.9