Vulnerability in Siemens Switches allows hackers to gain admin access

A Security researcher has discovered two potential vulnerabilities in Siemens Ethernet switches allows a remote attacker to perform administrative operations.

The vulnerabilities were discovered by Eireann Leverett, Senior security consultant for IOActive and have been reported to Siemens.

The first vulnerability(CVE-2013-5944) could allow hackers to perform administrative operation over the network without authentication.

The Second vulnerability (CVE-2013-5709) could allow hackers to hijack web sessions over the network without authentication. This is due to insufficient entropy in its random number generator.

Siemens produced a patch within 3 months.  Customers of Siemens are advised to apply the SCALANCE X-200 firmware update.

Eireann is scheduled to demonstrate the vulnerabilities and release proof-of-concept code for organizations to check their own devices, at next week's S4 SCADA security conference in Miami.