Rewterz Threat Advisory – Siemens SCALANCE W700 and W1700 Information Exposure Vulnerability

Severity

Medium

Analysis Summary

An improper enforcement of message integrity during transmission in a communication channel vulnerability is found in the Siemens SCALANCE W700 and W1700 wireless communication devices.

Under certain conditions, the integrity of EAPOL-key messages might not be checked, leading to a decryption oracle. This could be exploited by an attacker within range of the access point, which could allow the abuse of the vulnerability to access confidential data. CVE-2018-14526 has been assigned to this vulnerability.

Impact

Exposure of sensitive information

Affected Vendors

Siemens

Affected Products

• SCALANCE W700 Versions 6.3 and prior
• SCALANCE W1700 Versions 1.0 and prior

Remediation

Apply the following updates:

• SCALANCE W700: Update to v6.4 or later
• SCALANCE W1700: Update to v1.1 or later
  
  Additionally:
• Whenever possible, use AES-CCMP instead of TKIP in the WPA/WPA2 networks. This can be configured for both the SCALANCE W-700 and W-1700 families over the Web Based Management (web server). 
• Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.
• Locate control system networks and remote devices behind firewalls, and isolate them from the business network.
• When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available.