Executive Summary

This vulnerability affects Siemens TeleControl Server Basic V3.1 versions from V3.1.2.2 up to but not including V3.1.2.3. It is an information disclosure flaw that allows an unauthenticated remote attacker to obtain password hashes of users. With these hashes, the attacker can log in and perform authenticated operations on the database service without authorization. The issue is due to missing authentication for a critical function. [1]

Useful 0 Not Useful 0

Impact Analysis

Exploiting this vulnerability can allow an attacker to remotely access password hashes and then log in to the affected system without authorization. This can lead to unauthorized access and control over the database service, potentially compromising sensitive data and operations managed by the TeleControl Server Basic. [1]

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by identifying if your system is running Siemens TeleControl Server Basic versions >= V3.1.2.2 and < V3.1.2.3. Additionally, you can check if port 8000 is open and accessible from untrusted networks, as this port is used by the affected service. Network scanning tools like nmap can be used to detect open port 8000. For example, you can run: nmap -p 8000 <target-ip>. Also, monitoring for unauthorized access attempts or unusual authentication activity on the database service may help detect exploitation attempts. [1]

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include restricting access to port 8000 on affected systems to trusted IP addresses only. It is strongly recommended to update TeleControl Server Basic to version V3.1.2.3 or later, which addresses this vulnerability. Additionally, follow Siemens' general security guidelines, protect network access with appropriate mechanisms, and configure the operational environment according to Siemens' Industrial Security operational guidelines. [1]

Useful 0 Not Useful 0