A firmware update released by Siemens this month for some of its industrial network security products fixes a vulnerability that could expose potentially sensitive information.
The affected products are SCALANCE M-800 industrial routers, which are used to secure remote access to plants via mobile networks, and SCALANCE S615 firewalls, which ensure the protection of trusted industrial networks from untrusted networks.
SCALANCE M-800 and S615 modules running firmware versions prior to 4.02 are plagued by a vulnerability that could allow a man-in-the-middle (MitM) attacker to obtain web session cookies.
Siemens and ICS-CERT explained in their advisories that the flaw exists because the integrated web server delivers session cookies without the secure flag. Web browsers are designed to prevent the transmission of a cookie over an unencrypted channel if the secure flag is set.
The vulnerability, identified as CVE-2016-7090, is considered a medium severity issue. The security hole can be exploited remotely, but ICS-CERT believes it’s not easy to create a working exploit for it.
Siemens has advised customers to update the firmware on SCALANCE M-800 and S615 products to version 4.02. The company has credited Alexander Van Maele and Tijl Deneut from HOWEST for finding the weakness.
In the past years, ICS-CERT published nearly a dozen advisories describing SCALANCE vulnerabilities. A total of five issues were resolved by the vendor since January 2015, the most serious of them being a couple of DoS flaws and an improper authentication bug disclosed in early 2015.
The number and severity of vulnerabilities found recently in SCALANCE routers is much lower compared to a few years ago. In 2013, Siemens and external researchers identified nearly a dozen high impact issues in this product line.