-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2012.0142
        SSA-938777: Possible Remote Code Execution in SiPass Server
                              16 October 2012

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Siemens SiPass Server
Operating System:     Windows
Impact/Access:        Execute Arbitrary Code/Commands -- Remote/Unauthenticated
                      Denial of Service               -- Remote/Unauthenticated
Resolution:           Patch/Upgrade
Member content until: Thursday, November 15 2012

OVERVIEW

        A denial of service vulnerability, leading to possible remote code
        execution, has been fixed in Siemens SiPass Server.


IMPACT

        The vendor has provided the following information:
        
        "For communication with controllers, SiPass server accepts TCP
        connections on port 4343. Due to incorrect message handling, specially
        crafted messages to this port allow a Denial-of-Service attack on the
        server with possible remote code execution." [1]


MITIGATION

        Customers using SiPass MP2.4, MP2.5, and MP2.6 should contact Siemens
        for a hotfix. Customers using earlier versions should upgrade to one of
        these versions. Perimeter firewalls can also be configured to block
        TCP port 4343 connections to SiPass server. [1]


REFERENCES

        [1] SSA-938777: Possible Remote Code Execution in SiPass Server
            http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-938777.pdf

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBUHzPke4yVqjM2NGpAQKIFxAApHydGZ6f9duaIdh4ujn20O8GpdUCibh4
G6JoXkZR1DyzYLmeeWfD+lcuAkHvTKMh13BMw3jYdAKbOJGqmJR0xoNI/Rht1NBi
rSYSZbx4yXm7LHLuXVGp/BSq31wpGeI/aLPA1kt12CbgML9veXYY61wWHqmvnJVl
6LAgY5+w+QENMXPQ4GJWUpH+YvCRI1okSeddwfc1H81sj1KuqTrRrOgReGhnEZo7
SxCRdRAUwvyzsm3NUjY09FPQgbK6LS/O9dlTWZjlmmsE2sAHRDsHgcA7f4MKS/aa
VV3OEAvv3R29KtnTK4tdQM/3YCgFniTrVkGVeMfFUc/ETV2/854cb5xPK7MDJNSz
KoeQK1mQmW7lBvB0rrYerGjGHCS7MfHYo+ulkGBiVP3vrdQtOn8TqsBWMc1LCXsH
q+kzdEHoML/Bq2AGGnMIkA5odB6TAUga7h7t6s3/hSv0dW88vs4Nk2EUgDT0c/cU
EeZ6vrDtPlpOKClxIZ8FNWrV23D0BqncxeK+qEdPpiiP7iIXTFrtfdngiswfd+Sp
Db3hG6VgK0xUYNOoFDNEyzxSJeWAHFN9FcI5wYTtIOwoq7TSlPMHJ/uv+ZlGSTAg
eHiCXYWnhUJadIBuMoNqBX5hO4rptdnutrowoBtWpasSenHkcW0svQ8Ki4NaOvU2
vtqUPq+jiSc=
=y56J
-----END PGP SIGNATURE-----