-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

# SSA-671286: Multiple Vulnerabilities in SCALANCE Products

Publication Date:        2019-08-13
Last Update:             2020-07-14
Current Version:         1.1
CVSS v3.1 Base Score:    6.6

SUMMARY
=======

The latest updates for the below mentioned products contain fixes for
multiple vulnerabilities. The most severe could allow authenticated
local users with physical access to the device to execute arbitrary
commands on the device under certain conditions.

Siemens has released updates for the affected products and recommends
that customers update to the latest versions.


AFFECTED PRODUCTS AND SOLUTION
==============================


* SCALANCE SC-600 
  - Affected versions:
       V2.0
  - Remediation:
       Update to V2.0.1
  - Download:
       https://support.industry.siemens.com/cs/ww/en/view/109769665

* SCALANCE XB-200 
  - Affected versions:
       V4.1
  - Affected by vulnerabilities:
    - CVE-2019-10927
  - Remediation:
       Update to V4.2
  - Download:
       https://support.industry.siemens.com/cs/ww/en/view/109779919/

* SCALANCE XC-200 
  - Affected versions:
       V4.1
  - Affected by vulnerabilities:
    - CVE-2019-10927
  - Remediation:
       Update to V4.2
  - Download:
       https://support.industry.siemens.com/cs/ww/en/view/109779919/

* SCALANCE XF-200BA 
  - Affected versions:
       V4.1
  - Affected by vulnerabilities:
    - CVE-2019-10927
  - Remediation:
       Update to V4.2
  - Download:
       https://support.industry.siemens.com/cs/ww/en/view/109779919/

* SCALANCE XP-200 
  - Affected versions:
       V4.1
  - Affected by vulnerabilities:
    - CVE-2019-10927
  - Remediation:
       Update to V4.2
  - Download:
       https://support.industry.siemens.com/cs/ww/en/view/109779919/

* SCALANCE XR-300WG 
  - Affected versions:
       V4.1
  - Affected by vulnerabilities:
    - CVE-2019-10927
  - Remediation:
       Update to V4.2
  - Download:
       https://support.industry.siemens.com/cs/ww/en/view/109779919/


WORKAROUNDS AND MITIGATIONS
===========================

Siemens has identified the following specific workarounds and mitigations that
customers can apply to reduce the risk:

* Protect access to port 22/tcp (using the build-in firewall for SCALANCE
SC-600)
  
* Protect physical access to the device
  


GENERAL SECURITY RECOMMENDATIONS
================================

As a general security measure, Siemens strongly recommends to protect
network access to devices with appropriate mechanisms. In order to
operate the devices in a protected IT environment, Siemens recommends to
configure the environment according to Siemens' operational guidelines
for Industrial Security (Download:
https://www.siemens.com/cert/operational-guidelines-industrial-security),
and to follow the recommendations in the product manuals.

Additional information on Industrial Security by Siemens can be found
at: https://www.siemens.com/industrialsecurity

PRODUCT DESCRIPTION
===================

The SCALANCE SC firewall is used to protect trusted industrial networks
from untrusted networks. It allows filtering incoming and outgoing
network connections in different ways.

SCALANCE X switches are used to connect industrial components like
Programmable Logic Controllers (PLCs) or Human Machine Interfaces
(HMIs).

VULNERABILITY CLASSIFICATION
============================

The vulnerability classification has been performed by using the CVSS scoring
system in version 3.1 (CVSS v3.1) (https://www.first.org/cvss/). The CVSS 
environmental score is specific to the customer's environment and will impact
the overall CVSS score. The environmental score should therefore be 
individually defined by the customer to accomplish final scoring.

An additional classification has been performed using the CWE classification, a
community-developed list of common software security weaknesses. This serves as
a common language and as a baseline for weakness identification, mitigation,
and prevention efforts. A detailed list of CWE classes can be found at:
https://cwe.mitre.org/.



* Vulnerability CVE-2019-10927

  An authenticated attacker with network access to to port 22/tcp of an
  affected device may cause a Denial-of-Service condition.
  
  The security vulnerability could be exploited by an authenticated
  attacker with network access to the affected device. No user interaction
  is required to exploit this vulnerability. The vulnerability impacts the
  availability of the affected device.

  CVSS v3.1 Base Score: 6.5
  CVSS Vector:          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
  CWE:                  CWE-703: Improper Check or Handling of Exceptional Conditions

* Vulnerability CVE-2019-10928

  An authenticated attacker with access to port 22/tcp as well as physical
  access to an affected device may trigger the device to allow execution
  of arbitrary commands.
  
  The security vulnerability could be exploited by an authenticated
  attacker with physical access to the affected device. No user
  interaction is required to exploit this vulnerability. The vulnerability
  impacts the confidentiality, integrity and availability of the affected
  device.

  CVSS v3.1 Base Score: 6.6
  CVSS Vector:          CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
  CWE:                  CWE-703: Improper Check or Handling of Exceptional Conditions




ADDITIONAL INFORMATION
======================

For further inquiries on security vulnerabilities in Siemens products and 
solutions, please contact the Siemens ProductCERT:

https://www.siemens.com/cert/advisories


HISTORY DATA
============

V1.0 (2019-08-13): Publication Date
V1.1 (2020-07-14): Added solution for SCALANCE XB-200, XC-200, XP-200,XF-200BA and XR-300WG

TERMS OF USE
============

Siemens Security Advisories are subject to the terms and conditions contained
in Siemens' underlying license terms or other applicable agreements previously
agreed to with Siemens (hereinafter "License Terms"). To the extent applicable
to information, software or documentation made available in or through a
Siemens Security Advisory, the Terms of Use of Siemens' Global Website
(https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in
particular Sections 8-10 of the Terms of Use, shall apply additionally. In case
of conflicts, the License Terms shall prevail over the Terms of Use.
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEElTRCLAVwzKf/b8X80/SB6hFKr+QFAl8M9YAACgkQ0/SB6hFK
r+Stsg/5AVpeoM/UF8fuwZ1VodvtaCyrTtU1pF7Ljm+k1XJE2csA2ZsNi/HQHTIn
Nushd2qvWanPjULAYtS/KdUiwWWp2P2JlfydBvIJNPSnCrhwylk9ICWb4ZFP+Doo
MZ8vhb2Dw3P9QD6qF/qnUxwmavYcna6BMkkopbvWfxkSt8gf0hNqW9/yQg6SGARB
B+OdD21PKacAlAbXvZJNFGMCozhBQTgcOsNcU29fvy0BwwEpds+k2QHGLL8xtMqu
7i72n6SVJBq5QmJWB60aXpglk1pkBSUXrLjRf9TsXH2Yn2W8VQRj6o1f+8MQ5NI3
nFbBoCeHxT6mAH5DnkrKx/F7nEdLM/bPah29szc4XU+0yKySnPyR5jD9fr0PicuJ
Du2VG9FShyyfowPtInhFAMAZURkK/q0Xx8l90zrZtzA3oSV3CIm/BENYB/pUU50a
+D/OprAJvxyFRLv6Jb0ENtvJuZu9dbkdqzhcfHVY6Qy+pVaxsZ20/C7swu0FhCKO
bg8BEXuicmKi1m18F3U9bHBsU9SmBCGCIILTx6zDO0qg/HKHEeEXIGouyITgoj0E
V36kpLh/xSFkXkS+8HXKJ+7lECcE8hJJN/xFHI4vtX3xOZHvgVOw9iritCOYP1be
rtmS9KX18m4e2TiBs9q5kYUhhoaTrJn2w5UQGF0dFmTcTpSG1vE=
=6L7C
-----END PGP SIGNATURE-----