Vulnerabilities Identified in Siemens Scalence Access Points

Siemens has identified one critical vulnerability and a number of high-severity vulnerabilities in the direct access point of Scalance W1750D. Attackers with a low level of skill could exploit the vulnerabilities remotely.

An attacker exploiting the vulnerability could access the W1750D device to execute arbitrary code in its base operating system, access sensitive data, do administrative task on the gadget, and disclose session cookies for an administrative session.

The following vulnerabilities were identified in all versions earlier than 8.4.0.1

  • CVE-2018-7084 – This is a critical command injection vulnerability found in the web interface which can permit the performance of arbitrary system commands within the base operating system. Exploiting this vulnerability will allow the attacker to copy files, read the configuration, reboot the device, and write or delete files. The assigned a CVSSv3 base score for this vulnerability is 9.8 out of 10.
  • CVE-2019-7083 – This is a high-severity data exposure vulnerability which could enable an attacker to obtain core dumps of preceding crashed processes through the device’s web interface. The assigned a CVSSv3 base score for this vulnerability is 7.5 out of 10.
  • CVE-2019-16417 – This is a high-severity data exposure vulnerability which could enable an attacker to send a specifically made URL to the web interface and get recently cached configuration commands. The assigned a CVSSv3 base score for this vulnerability is 7.5 out of 10.
  • CVE-2019-7082 – This is a high-severity command injection vulnerability which could enable a user with an authenticated administrative function to execute arbitrary commands on the base operating system. The assigned a CVSSv3 base score for this vulnerability is 7.2 out of 10.
  • CVE-2019-7064 – This is a medium-severity cross-site scripting vulnerability which could enable an attacker to do administrative steps on a vulnerable unit or uncover admin session cookies by deceiving an administrator to click on a malicious link. The assigned a CVSSv3 base score for this vulnerability is 6.4 out of 10.

Siemens has repaired all vulnerabilities in version 8.4.0.1 and instructs users to update the operating system immediately to resolve the vulnerabilities.

If the upgrade is not possible, do the following workarounds to lessen the risk of exploitation of the vulnerabilities:

  • Avoid browsing other websites and don’t click on outside links when getting authentication to the administrative web interface.
  • Limit access to the management interface on the web to the internal or VPN network.
  • Use correct techniques for mitigation.