OTPulse
FeedAboutContact

ICSA-19-253-04 Siemens IE-WSN-PA Link WirelessHART Gateway

Monitor7.5ICS-CERT ICSA-19-253-04Sep 10, 2019
Attack VectorNetwork
Auth RequiredNone
ComplexityHigh
User InteractionRequired
Summary

IE/WSN-PA Link WirelessHART Gateway contains a cross-site scripting (XSS) vulnerability that allows an attacker to execute arbitrary code in the context of a user's authenticated session through a malicious link. An authenticated user clicking a crafted link while logged into the gateway web interface could allow the attacker to run commands on the gateway, potentially compromising the wireless network communications and process data.

What this means
What could happen
An attacker could execute arbitrary code on the IE/WSN-PA Link WirelessHART Gateway through a social engineering attack (malicious link), potentially allowing them to read sensitive process data, modify gateway configuration, or disrupt wireless communications to field devices in your plant.
Who's at risk
Water utilities and electric utilities using Siemens IE/WSN-PA Link WirelessHART gateways for monitoring or controlling wireless field devices (pressure sensors, RTUs, valve controllers) in their process networks should be aware of this risk, particularly anyone with administrative access to the gateway web interface.
How it could be exploited
An attacker sends a malicious link to a user who administers the gateway. When the user clicks the link in their browser while logged into the gateway web interface, the attacker's code runs in the context of that session, allowing them to execute actions as the authenticated user.
Prerequisites
  • Network access to the gateway's web interface (typically restricted to engineering networks)
  • A legitimate user must click a malicious link while authenticated to the gateway
  • The user must be using a browser configured to access the gateway
No patch available (end-of-life product)Requires social engineering (user must click malicious link)High skill required to exploitNo known active exploitation
Exploitability
Low exploit probability (EPSS 0.4%)
Affected products (1)
ProductAffected VersionsFix Status
IE/WSN-PA Link WirelessHART GatewayAll versionsNo fix (EOL)
Remediation & Mitigation
0/3
Do now
0/2
WORKAROUNDTrain staff to avoid clicking links from untrusted sources, especially in email. Only follow links that come through official channels.
HARDENINGRestrict network access to the IE/WSN-PA Link gateway web interface to trusted engineering workstations only using firewall rules or VLANs.
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HARDENINGApply Siemens operational guidelines for industrial security to your gateway deployment and document your configuration baseline.
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/e2d00bb2-dc87-448b-a28f-f656f3329223
ICSA-19-253-04 Siemens IE-WSN-PA Link WirelessHART Gateway | CVSS 7.5 - OTPulse