Network switchers for critical infrastructure facilities vulnerable to hackers

April 27, 2018
Positive Technologies tech experts find vulnerabilities in Hirschmann switches that endanger industrial companies

April 27, 2018 -- German vendor Hirschmann, a Belden company, has published information about fixes for five vulnerabilities in network switches used in energy, chemical manufacturing, transportation, and other industries. The vulnerabilities were discovered by Positive Technologies experts Ilya Karpov, Evgeny Druzhinin, Mikhail Tsvetkov, and Damir Zaynullin.

The described issues affect Hirschmann (Belden) RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic switches. A session fixation vulnerability in the switch web interface enables an attacker to hijack a web session (CVE-2018-5465, CVSS v. 3.0 score 8.8). The second vulnerability (CVE-2018-5467, score 6.5) allows an attacker to impersonate a legitimate user by taking advantage of disclosure of sensitive information via special GET requests in the web interface and exploitation of a hard-coded username.

The third vulnerability (CVE-2018-5471, score 5.9) involves insecure transfer of sensitive information in the web interface. As a result, an attacker could obtain this data in a man-in-the-middle attack.

In the fourth vulnerability, use of weak encryption enables a man-in-the-middle attacker to obtain sensitive information (CVE-2018-5461, score 6.5). And in the vulnerability with the highest risk score (CVE-2018-5469, score 9.8), switches fail to properly restrict the number of login attempts in the web interface, due to which an attacker could brute-force passwords.

Positive Technologies experts have noted a sizable increase in the number of vulnerabilities in industrial network equipment, including switches, interface converters, and gateways. In addition, such equipment is increasingly accessible from the Internet, judging by the large number of IP addresses found using public search engines. These protection gaps create opportunities for attackers and can lead to serious consequences.

For early detection of cyber incidents and awareness of ICS vulnerabilities, Positive Technologies offers PT ISIM and MaxPatrol for the specific needs of industrial protocols and networks.

About Positive Technologies

Positive Technologies is a leading global provider of enterprise security solutions for vulnerability and compliance management, incident and threat analysis, and application protection. Commitment to clients and research has earned Positive Technologies a reputation as one of the foremost authorities on Industrial Control System, Banking, Telecom, Web Application, and ERP security, supported by recognition from the analyst community. Learn more about Positive Technologies at ptsecurity.com.