Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2012.0142 SSA-938777: Possible Remote Code Execution in SiPass Server 16 October 2012 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Siemens SiPass Server Operating System: Windows Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade Member content until: Thursday, November 15 2012 OVERVIEW A denial of service vulnerability, leading to possible remote code execution, has been fixed in Siemens SiPass Server. IMPACT The vendor has provided the following information: "For communication with controllers, SiPass server accepts TCP connections on port 4343. Due to incorrect message handling, specially crafted messages to this port allow a Denial-of-Service attack on the server with possible remote code execution." [1] MITIGATION Customers using SiPass MP2.4, MP2.5, and MP2.6 should contact Siemens for a hotfix. Customers using earlier versions should upgrade to one of these versions. Perimeter firewalls can also be configured to block TCP port 4343 connections to SiPass server. [1] REFERENCES [1] SSA-938777: Possible Remote Code Execution in SiPass Server http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-938777.pdf AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBUHzPke4yVqjM2NGpAQKIFxAApHydGZ6f9duaIdh4ujn20O8GpdUCibh4 G6JoXkZR1DyzYLmeeWfD+lcuAkHvTKMh13BMw3jYdAKbOJGqmJR0xoNI/Rht1NBi rSYSZbx4yXm7LHLuXVGp/BSq31wpGeI/aLPA1kt12CbgML9veXYY61wWHqmvnJVl 6LAgY5+w+QENMXPQ4GJWUpH+YvCRI1okSeddwfc1H81sj1KuqTrRrOgReGhnEZo7 SxCRdRAUwvyzsm3NUjY09FPQgbK6LS/O9dlTWZjlmmsE2sAHRDsHgcA7f4MKS/aa VV3OEAvv3R29KtnTK4tdQM/3YCgFniTrVkGVeMfFUc/ETV2/854cb5xPK7MDJNSz KoeQK1mQmW7lBvB0rrYerGjGHCS7MfHYo+ulkGBiVP3vrdQtOn8TqsBWMc1LCXsH q+kzdEHoML/Bq2AGGnMIkA5odB6TAUga7h7t6s3/hSv0dW88vs4Nk2EUgDT0c/cU EeZ6vrDtPlpOKClxIZ8FNWrV23D0BqncxeK+qEdPpiiP7iIXTFrtfdngiswfd+Sp Db3hG6VgK0xUYNOoFDNEyzxSJeWAHFN9FcI5wYTtIOwoq7TSlPMHJ/uv+ZlGSTAg eHiCXYWnhUJadIBuMoNqBX5hO4rptdnutrowoBtWpasSenHkcW0svQ8Ki4NaOvU2 vtqUPq+jiSc= =y56J -----END PGP SIGNATURE-----