The BEAST attack on some TLS implementations made major news when it was disclosed, showing that attackers could intercept and decrypt SSL-protected sessions in real time, breaking a significant portion of the confidentiality model of the protocol. Vendors rushed to patch and implement mitigations. That was in 2011. Nearly three years later, Siemens is pushing out a patch for a BEAST vulnerability in its Ruggedcom WIN WiMax platform.

The Ruggedcom WIN line comprises wireless base stations and subscriber stations and are designed to be secure and work in either fixed or mobile environments. On Tuesday, ICS-CERT posted an advisory, warning that several of the WIN products were vulnerable to a BEAST attack.

The flaw lies in the Web interface of the affected products, and Siemens has pushed out a firmware update that addresses the vulnerability.

“The SSL/TLS secured web interface of the affected products is vulnerable to the BEAST attack. As it uses SSL libraries, which are not compatible with 1/n-1 record splitting, some newer browser versions are not able to connect to the web interface,” the advisory says.

“An attacker who successfully exploits a system using this vulnerability may be able to access the session ID of the user’s current web session. If combined with a social engineering attack, the attacker may be able to read traffic exchanged between the user and the device.”

The affected products include WIN7000: all versions prior to v4.4, WIN7200: all versions prior to v4.4, WIN5100: all versions prior to v4.4, and WIN5200: all versions prior to v4.4, the advisory says.

The BEAST vulnerability in these products is remotely exploitable and ICS-CERT said that an attacker with middling skills would be able to exploit it. The update that Siemens released does not technically fix the vulnerability; instead, it enables the Web interface on the affected products to work with modern browsers that contain the BEAST mitigations.


Categories: Critical Infrastructure, Mobile Security, Vulnerabilities