Siemens has informed customers that a component of its TeleControl Basic product is affected by several vulnerabilities that can be exploited by an attacker to escalate privileges, bypass authentication, and launch denial-of-service (DoS) attacks.
Siemens’ TeleControl Basic system allows organizations to monitor and control plant processes. The solution can also be used to optimize the operation of municipal facilities, including water treatment, traffic monitoring, and energy distribution. TeleControl Server Basic is the software used for the TeleControl Basic control center.
According to advisories published by Siemens and ICS-CERT, the TeleControl Server Basic system is affected by a total of three vulnerabilities. The most serious of them, tracked as CVE-2018-4836 and rated high severity, allows an attacker with a low privileged account and access to TCP port 8000 to escalate privileges and perform administrative tasks.
Another flaw, CVE-2018-4835, allows an attacker with network access to port 8000 to bypass the system’s authentication mechanism and obtain limited information.
The last security hole, CVE-2018-4837, can be exploited by an attacker with access to the TeleControl web server on TCP ports 80 or 443 to cause the web server to enter a DoS condition. However, Siemens pointed out that the DoS condition does not affect other functionality.
CVE-2018-4835 and CVE-2018-4837 have been classified as medium severity with a CVSS score of 5.3.
Related: Learn More at SecurityWeek’s 2018 ICS Cyber Security Conference
Siemens has patched the vulnerabilities with the release of TeleControl Server Basic 3.1. In addition, the company has identified some workarounds and mitigations that can be used to reduce the risk of attacks.
These include blocking TCP port 8000 using the Windows firewall to mitigate CVE-2018-4835 and CVE-2018-4836, and blocking ports 80 and 443 to prevent attacks involving CVE-2018-4837.
While this is the first advisory released by Siemens and ICS-CERT for a vulnerability specific to TeleControl products, a privilege escalation flaw disclosed in November 2016 had been found to impact TeleControl Server Basic – among many other industrial solutions from Siemens. That security hole was addressed in TeleControl Server Basic with the release of version 3.0.
Related: Flaw in Siemens RTU Allows Remote Code Execution
Related: Serious Flaw Found in Many Siemens Industrial Products
Related: Siemens Patches Several Flaws in Teleprotection Devices
Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- China’s Offensive Cyber Operations in Africa Support Soft Power Efforts
- SANS Survey Shows Drop in 2023 ICS/OT Security Budgets
- Apple Patches 3 Zero-Days Likely Exploited by Spyware Vendor to Hack iPhones
- Cisco to Acquire Splunk for $28 Billion
- Car Cybersecurity Study Shows Drop in Critical Vulnerabilities Over Past Decade
- Omron Patches PLC, Engineering Software Flaws Discovered During ICS Malware Analysis
- Intel Launches New Attestation Service as Part of Trust Authority Portfolio
- Atos Unify Vulnerabilities Could Allow Hackers to Backdoor Systems
Latest News
- Researchers Discover Attempt to Infect Leading Egyptian Opposition Politician With Predator Spyware
- In Other News: New Analysis of Snowden Files, Yubico Goes Public, Election Hacking
- China’s Offensive Cyber Operations in Africa Support Soft Power Efforts
- Air Canada Says Employee Information Accessed in Cyberattack
- BIND Updates Patch Two High-Severity DoS Vulnerabilities
- Faster Patching Pace Validates CISA’s KEV Catalog Initiative
- SANS Survey Shows Drop in 2023 ICS/OT Security Budgets
- Apple Patches 3 Zero-Days Likely Exploited by Spyware Vendor to Hack iPhones
