Siemens fixed three flaws in plant management product Siemens TeleControl Basic system

Siemens has patched three security vulnerabilities in its Plant Management Product, the Siemens TeleControl Basic system.

The system is used in water treatment facilities, traffic monitoring systems, and energy distribution plants. The TeleControl Basic control center runs the TeleControl Server Basic software. The Siemens TeleControl Basic system allows organizations to monitor and control processes in industrial environment and operation of municipal facilities.

The TeleControl Server Basic system is affected by three vulnerabilities that could be exploited by an attacker to conduct different types of attacks, including privilege escalation, bypass authentication, and denial-of-service (DoS) attacks.

“The latest update for TeleControl Server Basic resolves three vulnerabilities. One of these vulnerabilities could allow an authenticated attacker with network access to escalate his privileges and perform administrative actions.” reads the security advisory published by Siemens.

“Siemens recommends updating to the new version.”

This is the first time that Siemens publishes a security advisory released by Siemens and ICS-CERT for a vulnerability that affects TeleControl products

The flaws affect TeleControl Server Basic versions prior to V3.1, the most severe one is tracked as CVE-2018-4836 and rated high severity.

Below the list of the vulnerabilities and related descriptions:

• Vulnerability (CVE-2018-4835) [CVSS v3.0 Base Score 5.3] – It could be exploited by an attacker with network access to the TeleControl Server Basic’s port 8000/tcp to bypass the authentication mechanism and access limited information.
• Vulnerability (CVE-2018-4836) [CVSS v3.0 Base Score 8.8] –  It could be exploited by an authenticated attacker with a low-privileged account to the TeleControl Server Basic’s port 8000/tcp to escalate privileges and perform administrative operations.
• Vulnerability (CVE-2018-4837) [CVSS v3.0 Base Score 5.3] – It could be exploited by an attacker with access to the TeleControl Server Basic’s webserver (port 80/tcp or 443/tcp) to cause a DoS condition on the web server.

Siemens also provided some workarounds to mitigate the risk of attacks, including the blocking of TCP port 8000 through the Windows firewall for both CVE-2018-4835, CVE-2018-4836 and the blocking of the ports 80 and 443 for the CVE-2018-4837.

The US ICS-CERT also published a detailed advisory for the vulnerabilities in the Siemens TeleControl Basic.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – Siemens TeleControl Basic, ICS)

[adrotate banner=”5″]

[adrotate banner=”13″]