0day.today - Biggest Exploit Database in the World.
Things you should know about 0day.today:
Administration of this site uses the official contacts. Beware of impostors!
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Siemens SIMATIC CP 343-1 Advanced IKEv1 Cipher Suite Configuration Vulnerability
The following issue has been reported to Siemens ProductCERT in relation to Siemens Security Advisory SSA-603476, published on 2016-11-21. The issue has been treated with lower priority and treated outside the scope of SSA-603476 due to its lower security impact. As the finding is now addressed [1] the following details are published. ------------------------------------------------------------------------------ Summary: Inconsistency of IKEv1 cipher suite configuration Tested product: Siemens SIMATIC CP 343-1 Advanced (tested with fw V3.0.44) [note: other SIMATIC family products may be affected] Description: In the establishment of IPSec tunnels, the Internet Key Exchange (IKE) protocol allows to setup the Security Association (SA) necessary to exchange encryption cipher information and the session shared secret, with mutual authentication of the two parties. The SIMATIC CP 343-1 Advanced product allows configuration of the IKEv1 cipher suite configuration, which specifies the IKE and Encapsulating Security Payload (ESP) supported algorithms, with one cipher for each setting. It is evaluated that the configuration is not consistent with the supported ciphers that are eventually applied on the IPSec responder of the SIMATIC CP 343-1 Advanced. In fact, regardless of the selected choice for the ESP cipher, it is always possible for the IPSec client to propose, and successfully use, DES, 3DES, AES128 and AES256. This invalidates the potential desire to enforce a stronger cipher, as the client can always decide to use weaker ones. It should be noted that the NULL ESP cipher is also accepted when establishing the SA, however its usage leads to no response packets from the tunnel. It is speculated that the NULL cipher is forcibly disabled with a different code flow than normal unsupported cipher handling. Similarly the IKE cipher suite only supports 3DES (with SHA1 HMAC), regardless of its configuration on the SIMATIC CP 343-1 Advanced. Despite the possibility of IPSec tunnel establishment with cipher suites not compliant with the SIMATIC CP 343-1 Advanced intended configuration, the selection of weaker ciphers can only be driven by a mutually authenticated client, limiting the impact of the issue. It is nonetheless recommended to ensure a strong and correct IPSec client configuration, when leveraging the SIMATIC CP 343-1 Advanced VPN features. CVE: N/A Mitigation: Siemens ProductCERT reported on 2016-01-02 that the issue has been addressed with release of SCT V4.3 HF [1] Credit: Inverse Path auditors in collaboration with AIRBUS ICT Industrial Security team [1] https://support.industry.siemens.com/cs/ww/en/view/109744041 # 0day.today [2024-12-24] #