Share: Email | Twitter

ID

VDE-2024-013

Published

2024-02-13 08:00 (CET)

Last update

2024-02-12 09:27 (CET)

Vendor(s)

HIMA Paul Hildebrandt GmbH

Product(s)

Article No┬░ Product Name Affected Version(s)
F30 03X YY (COM) all variants <= 24.14
F30 03X YY (CPU) all variants <= 18.6
F35 03X YY (COM) all variants <= 24.14
F35 03X YY (CPU) all variants <= 18.6
F60 CPU 03X YY (COM) all variants <= 24.14
F60 CPU 03X YY (CPU) all variants <= 18.6
984867200 F-COM 01 <= 14.12
984867202 F-COM 01 coated <= 14.12
984866100 F-CPU 01 <= 14.6
984866102 F-CPU 01 coated <= 14.6
X-COM 01 E YY all variants <= 15.14
X-COM 01 YY all variants <= 14.12
985210211 X-CPU 01 <= 14.6
985210246 X-CPU 31 <= 14.6
985210207 X-SB 01 <= 7.54

Summary

CVE-2024-24781: If the above mentioned products are loaded with Wire speed (1Gbit/s or 100Mbit/s) the resources of the Ethernet-Controller are exhausted and it must be reset by the system automatically after load disappears. This leads to an interruption (DoS) of all other communications of the affected Ethernet-Controller.

CVE-2024-24782: Most of the above mentioned products offer a VLAN feature. This helps to segregate ports of the switch included in each of the products. VLAN are meant to segregate networks. Furthermore a MAC-learning mode called “conservative” is provided. In this mode the ARP table is updated earliest within 1..2 times ARP aging time.

X-SB 01 (985210207) is not affected by this CVE.



Vulnerabilities



Last Update
Feb. 8, 2024, 1:49 p.m.
Weakness
Uncontrolled Resource Consumption (CWE-400)
Summary

An unauthenticated remote attacker can use an uncontrolled resource consumption vulnerability to DoS the affected devices through excessive traffic on a single ethernet port. 

Last Update
Feb. 8, 2024, 1:49 p.m.
Weakness
Origin Validation Error (CWE-346)
Summary

An unauthenticated attacker can send a ping request from one network to another through an error in the origin verification even though the ports are separated by VLAN.

Impact

Please consult the above CVEs.

Solution

Mitigation

CVE-2024-24781: All load limiting measures are helpful (e.g. in external devices or also in the switch of the above mentioned products). Please check whether the reduced speed is still sufficient for the desired application. Protect the network with segregation measures and restrict the access of unauthorized network participants (e.g. close unused ports)

CVE-2024-24782: Switching the MAC-learning from “conservative” to “tolerant” mitigates the above described vulnerability but leads to potential IP-Spoofing and ARP-Poisoning and should therefore be avoided. HIMax and HIQuad X systems can be setup in the way that real physical segregation (between different modules) is used. E.g. it is impossible to ping from one X-COM to another X-COM in the same Rack. HIMatrix should be used in that way that CPU and COM are NOT connected via VLAN e.g. CPU connected to Port 1 and 2, COM Connected to Port 3 and 4.

Reported by

CERT@VDE coordinated with HIMA.

Many thanks to Dr. Martin Floeck and Michael Klassen from BASF who reported these vulnerabilities.