Multiple Vulnerabilities in Climatix POL909 (AWM and AWB)

Monitor6.5SSA-252466Mar 8, 2022

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Multiple vulnerabilities in Climatix POL909 (AWM and AWB modules) allow an unauthenticated attacker to redirect users to malicious webpages via URL manipulation (CWE-79: Cross-site Scripting/Open Redirect), and allow authenticated attackers to access sensitive files due to improper access controls (CWE-284). The vulnerabilities affect AWB versions prior to 11.44 and AWM versions prior to 11.36.

What this means

What could happen

An unauthenticated attacker can redirect users to a malicious webpage via URL manipulation, and authenticated users could be tricked into accessing sensitive files. This could lead to credential theft or exposure of sensitive building automation configuration data.

Who's at risk

Building automation engineers and operators using Climatix POL909 climate control systems in office buildings, data centers, and industrial facilities. The AWM (Analog Weather Module) and AWB (Analog Wallbox) modules are used for external weather monitoring and indoor temperature control respectively.

How it could be exploited

An attacker on the network sends a crafted URL to a user accessing the Climatix POL909 web interface, which contains an unvalidated redirect or injection point. The user clicks the malicious link and is redirected to an attacker-controlled website, or sensitive configuration files become accessible through improper access controls. No special privileges are required for the redirect attack.

Prerequisites

Network access to the Climatix POL909 web interface (port 80/443 typically)
For file access vulnerability: valid engineering or operator credentials

Remotely exploitableNo authentication required for URL redirection attackLow complexity attackDefault or weak access controls

Exploitability

Low exploit probability (EPSS 0.3%)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

Climatix POL909 (AWB module)< V11.4411.44

Climatix POL909 (AWM module)< V11.3611.36

Remediation & Mitigation

0/3

Do now

0/1

HARDENINGRestrict network access to the Climatix POL909 web interface to authorized engineering workstations and management networks using firewall rules or network segmentation

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

Climatix POL909 (AWB module)

HOTFIXUpdate Climatix POL909 AWB module to firmware version 11.44 or later

Climatix POL909 (AWM module)

HOTFIXUpdate Climatix POL909 AWM module to firmware version 11.36 or later

CVEs (3)

CVE-2021-41541 CVE-2021-41542 CVE-2021-41543

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/b92baa41-4534-4083-b0b2-66062fe9d4fe