Full Report
This advisory documents the impact of CVE-2024-3596 (also dubbed “Blastradius”), a vulnerability in the RADIUS protocol, to SIPROTEC, SICAM and related products. The vulnerability could allow on-path attackers, located between a Network Access Server (the RADIUS client, e.g., a SICAM device) and a RADIUS server, to forge Access-Request packets in a way that enables them to modify the corresponding server response packet at will, e.g., turning an “Access-Reject” message into an “Access-Accept”. This would cause the Network Access Server to grant the attackers access to the network with the attackers desired authorization (and without the need of knowing or guessing legitimate access credentials). Further details incl. external references can be found in the chapter “Additional Information”. Siemens has released new versions for several affected products and recommends to update to the latest versions, and to configure the updated systems as recommended in the chapter “Additional Information”. Siemens is preparing further fix versions and recommends specific countermeasures for products where fixes are not, or not yet available. See chapter “Additional Information” for details.
Analysis Summary
# Vulnerability: Blast-RADIUS Protocol Forgery in Siemens SIPROTEC and SICAM
## CVE Details
- **CVE ID:** CVE-2024-3596
- **CVSS Score:** 8.1 (High)
- **CWE:** CWE-924: Deblocking Strategy Code Execution (Related to MD5 Collision)
## Affected Systems
- **Products:**
- SIPROTEC 5 Devices (including Compact and Communication Modules)
- SICAM A8000 Series (CP-8000, CP-8021, CP-8022, CP-8031, CP-8050)
- SICAM Q100 and Q200
- SICAM P850 and P855
- RUGGEDCOM Devices (using RADIUS for authentication)
- **Versions:** Multiple versions prior to the latest security updates. (Consult specific Siemens SIOS entries for granular versioning).
- **Configurations:** Systems configured to use the RADIUS protocol (UDP) for authentication and authorization without Message-Authenticator attributes or TLS/IPsec encapsulation.
## Vulnerability Description
The "Blast-RADIUS" vulnerability stems from a fundamental design flaw in the RADIUS protocol (RFC 2865). The protocol relies on the MD5 hash algorithm to authenticate server responses. Due to the susceptibility of MD5 to chosen-prefix collision attacks, an "on-path" attacker can perform a Man-in-the-Middle (MitM) attack between the Network Access Server (NAS) and the RADIUS server.
By manipulating the `Request Predictor` field in an `Access-Request` and conducting a high-speed collision computation, the attacker can forge a valid `Access-Accept` response from an original `Access-Reject`. This allows the attacker to gain unauthorized access to the device management interface with administrative privileges without possessing valid credentials.
## Exploitation
- **Status:** Proof of Concept (PoC) available; research publicly disclosed.
- **Complexity:** High (Requires on-path positioning and significant computational resources for real-time MD5 collisions).
- **Attack Vector:** Network (Adjacent or On-path).
## Impact
- **Confidentiality:** High (Full access to device configuration and data).
- **Integrity:** High (Ability to modify protection settings and device logic).
- **Availability:** High (Potential to disrupt critical infrastructure operations).
## Remediation
### Patches
Siemens has released updates for several product lines. Recommended versions include:
- **SICAM A8000 CP-8031/CP-8050:** Update to v21.20 or later.
- **SIPROTEC 5:** Update to v9.90 or later (where applicable).
- **Other Products:** Siemens is actively preparing further fix versions. Users should monitor the Siemens ProductCERT portal for specific firmware releases.
### Workarounds
- **Mandatory Message-Authenticator:** Configure RADIUS servers and clients to require the `Message-Authenticator` attribute in all packets.
- **Protocol Encapsulation:** Wrap RADIUS traffic in encrypted tunnels such as **RadSec** (RADIUS over TLS), **IPsec**, or **MACsec** to prevent packet manipulation.
- **Isolated Management Networks:** Ensure RADIUS traffic occurs over a dedicated, isolated management VLAN with restricted access to prevent MitM positioning.
## Detection
- **Indicators of Compromise:** Discrepancies between RADIUS server logs (showing Rejects) and device logs (showing successful logins).
- **Detection Methods:**
- Use Network Intrusion Detection Systems (NIDS) to identify RADIUS packets lacking the `Message-Authenticator` attribute.
- Monitor for unusually short time intervals between `Access-Request` and `Access-Accept` packets that might indicate automated forgery attempts.
## References
- **Siemens Advisory:** hxxps://cert-portal[.]siemens[.]com/productcert/pdf/ssa-794185[.]pdf
- **Blast-RADIUS Research:** hxxps://www[.]blastradius[.]info/
- **CERT/CC Vulnerability Note:** hxxps://www[.]kb[.]cert[.]org/vuls/id/454392