Full Report
This advisory documents the impact of CVE-2024-3596 (also dubbed “Blastradius”), a vulnerability in the RADIUS protocol, to SCALANCE, RUGGEDCOM and related products. The vulnerability could allow on-path attackers, located between a Network Access Server (the RADIUS client, e.g., SCALANCE or RUGGEDCOM devices) and a RADIUS server (e.g., SINEC INS), to forge Access-Request packets in a way that enables them to modify the corresponding server response packet at will, e.g., turning an “Access-Reject” message into an “Access-Accept”. This would cause the Network Access Server to grant the attackers access to the network with the attackers desired authorization (and without the need of knowing or guessing legitimate access credentials). Further details incl. external references can be found in the chapter “Additional Information”. Siemens has released new versions for several affected products and recommends to update to the latest versions, and to configure the updated systems as recommended in the chapter “Additional Information”. Siemens is preparing further fix versions and recommends specific countermeasures for products where fixes are not, or not yet available. See chapter “Additional Information” for details.
Analysis Summary
# Vulnerability: RADIUS Protocol Forgery (Blast-RADIUS) in SCALANCE and RUGGEDCOM
## CVE Details
- **CVE ID:** CVE-2024-3596
- **CVSS Score:** 8.1 (High)
- **CWE:** CWE-294: Authentication Bypass by Capture-replay
## Affected Systems
- **Products:**
- SCALANCE Switches and Access Points (W-700, W-1700, X-200, X-300, XM-400, XR-500 series)
- RUGGEDCOM Devices (RS, RM, RX series running ROS or ROX)
- SINEC INS (Infrastructure Network Services)
- SIMATIC NET CP (Communication Processors)
- **Versions:** Multiple versions across the industrial networking portfolio. Specifically, versions prior to those listed in the Siemens "Remediation" section.
- **Configurations:** Systems utilizing RADIUS over UDP for authentication (PAP, CHAP, or MS-CHAPv2) without mandatory Message-Authenticator attributes or TLS/IPsec encapsulation.
## Vulnerability Description
The vulnerability, known as **"Blast-RADIUS,"** stems from a design flaw in the RADIUS protocol (RFC 2865). It exploits a MD5 collision attack against the Response Authenticator. An on-path attacker can intercept an `Access-Request` and perform a chosen-prefix collision to forge an `Access-Accept` response. This allows the attacker to bypass authentication entirely by turning a legitimate "Access-Reject" from the server into an "Access-Accept" at the client (the SCALANCE/RUGGEDCOM device), granting unauthorized network access.
## Exploitation
- **Status:** PoC available (Publicly documented research).
- **Complexity:** High (Requires on-path positioning and high-performance computing to generate collisions in real-time).
- **Attack Vector:** Network (On-path / Man-in-the-Middle between the NAS and the RADIUS server).
## Impact
- **Confidentiality:** High (Unauthorized access to network resources).
- **Integrity:** High (Attacker can escalate privileges and modify network configurations).
- **Availability:** Low.
## Remediation
### Patches
Siemens is progressively releasing firmware updates for affected product lines. Key updates include:
- **SCALANCE W-700 / W-1700:** Update to v2.0 or later (where available).
- **SCALANCE X-200 / X-300:** Check Siemens portal for specific hardware sub-model updates.
- **SINEC INS:** Update to v1.0.3 or later.
- **RUGGEDCOM ROS:** Update to v5.8.0 or later.
- **RUGGEDCOM ROX:** Update to v2.17.0 or later.
### Workarounds
1. **Enforce Message-Authenticator:** Configure RADIUS servers and clients to require the `Message-Authenticator` attribute in all packets.
2. **Use RADIUS over TLS (RadSec):** Encapsulate RADIUS traffic in TLS to prevent interception and manipulation.
3. **IPsec Tunneling:** Use IPsec to secure the communication channel between the Network Access Server (NAS) and the RADIUS server.
4. **Network Segmentation:** Isolate management traffic to a dedicated VLAN with restricted access.
## Detection
- **Indicators of Compromise:** Unusual successful logins following a failed login attempt from the same source; unexpected administrative changes.
- **Detection Methods:** Monitor network traffic for high volumes of RADIUS traffic indicating collision attempts; use IDS/IPS signatures designed to detect the Blast-RADIUS collision patterns.
## References
- **Siemens Advisory:** hxxps://cert-portal[.]siemens[.]com/productcert/pdf/ssa-723487[.]pdf
- **Blast-RADIUS Research:** hxxps://www[.]blastradius[.]info/
- **CERT/CC:** hxxps://www[.]kb[.]cert[.]org/vuls/id/454313