{"id":12199,"date":"2014-01-13T09:20:40","date_gmt":"2014-01-13T15:20:40","guid":{"rendered":"http:\/\/bucktownbell.com\/?p=12199"},"modified":"2014-01-13T09:20:40","modified_gmt":"2014-01-13T15:20:40","slug":"zero-day-flaws-found-patched-in-siemens-switches","status":"publish","type":"post","link":"http:\/\/bucktownbell.com\/?p=12199","title":{"rendered":"Zero-Day Flaws Found, Patched In Siemens Switches"},"content":{"rendered":"<blockquote><p>The Siemens switch zero-day vulnerabilities are in the Web server interface to the devices. The researcher says the first of the two zero-day flaws he found in the Siemens SCALANCE X-200 switch was basic: a poorly constructed session ID setup, which would allow an attacker to hijack an administrative session on the switch without credentials. The session ID basically exposes the client&#8217;s IP address so an attacker could then hijack the admin&#8217;s Web-based session while managing the switch. &#8220;But you don&#8217;t log onto these switches very often &#8212; maybe once a year&#8211; so, in that sense, it&#8217;s a weak vulnerability,&#8221; he says.<\/p>\n<p>The more critical zero-day Leverett found in the switch was the second one, which would let an attacker take over the admin operations of the switch &#8212; no authentication required. The attacker could then download any network configuration information, or upload a malware-ridden firmware update, for example, Leverett says. &#8220;The device assumes if you know the URL, you must have authentication. But it never asks you to authenticate [for it],&#8221; he says.<\/p><\/blockquote>\n<p>via <a href=\"http:\/\/www.darkreading.com\/vulnerability\/zero-day-flaws-found-patched-in-siemens\/240165252\">Zero-Day Flaws Found, Patched In Siemens Switches &#8212; Dark Reading<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The Siemens switch zero-day vulnerabilities are in the Web server interface to the devices. The researcher says the first of the two zero-day flaws he found in the Siemens SCALANCE X-200 switch was basic: a poorly constructed session ID setup, &hellip; <a href=\"http:\/\/bucktownbell.com\/?p=12199\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[110],"tags":[923,1125,698,390],"class_list":["post-12199","post","type-post","status-publish","format-standard","hentry","category-networking","tag-0day","tag-exploit-vector","tag-security-research","tag-switch"],"_links":{"self":[{"href":"http:\/\/bucktownbell.com\/index.php?rest_route=\/wp\/v2\/posts\/12199","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/bucktownbell.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/bucktownbell.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/bucktownbell.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"http:\/\/bucktownbell.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=12199"}],"version-history":[{"count":1,"href":"http:\/\/bucktownbell.com\/index.php?rest_route=\/wp\/v2\/posts\/12199\/revisions"}],"predecessor-version":[{"id":12200,"href":"http:\/\/bucktownbell.com\/index.php?rest_route=\/wp\/v2\/posts\/12199\/revisions\/12200"}],"wp:attachment":[{"href":"http:\/\/bucktownbell.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=12199"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/bucktownbell.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=12199"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/bucktownbell.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=12199"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}