14 DAY TRIAL // Two high-severity vulnerabilities have been discovered in Ruggedcom WIN products from Siemens, which could be exploited by an attacker to execute arbitrary code remotely or to carry out restricted operations without needing to authenticate.
Ruggedcom WIN solutions act as base stations in large private wireless networks. They are employed in industrial environments such as chemical, communications and critical manufacturing, as well as other fields of activity like defense industrial base, food and agriculture, dams, government facilities, transportation, and water and wastewater systems.
Flaws receive maximum severity score of 10
If exploited successfully, one of the glitches permits an attacker to operate over the network with administrative privileges and without going through an authentication process. The flaw is now identified as CVE- 2015-1448 and resides in the integrated management service.
The other vulnerability, tracked as CVE- 2015-1449, is a buffer overflow affecting the web server and could be exploited on TCP port 443 to run arbitrary code remotely.
Both weaknesses have received the maximum severity score of 10 because they can be exploited remotely by an attacker with minimum skills. In a security advisory Siemens says that the attacker must have network access to the affected devices.
Security researchers point to another, less severe glitch
Siemens also reported that the recently released update for Ruggedcom WIN products fixes another flaw (CVE-2015-1357), of lower severity, marked with a 2.8 score as per the Common Vulnerability Scoring System (CVSS).
It is an information leak vulnerability that may disclose password hashes to an attacker with access to the security logs. The risk consists in the fact that the hashes are stored insecurely and could be used to learn the passwords.
The list of affected products includes WIN51xx and WIN51xx, in both cases versions prior to SS4.4.4624.35, and WIN70xx and WIN72xx (all versions prior to BS4.4.4621.32). All three glitches have been reported by researchers at security firm IOActive.
The recommendation from Siemens is to apply the provided patch, as well as to protect network access to all products save perimeter devices that benefit from adequate security mechanisms.
At the moment, there is no evidence of public exploits available for the aforementioned vulnerabilities.
