Skip to content

How to find Siemens devices on your network

Latest Siemens vulnerabilities: SCALANCE and RUGGEDCOM products

Siemens has disclosed multiple vulnerabilities for a variety of products and devices, including the SCALANCE and RUGGEDCOM product lines.

  • CVE-2024-41976 is rated high, with a CVSS score of 7.2, and allows an attacker to issue invalid VPN configuration data causing an authenticated attacker to execute arbitrary code.
  • CVE-2024-41977 is rated high, with a CVSS score of 7.1, and allows an attacker to escalate their privileges due to devices not properly enforcing user session isolation.
  • CVE-2024-41978 is rated high, with a CVSS score of 6.5, and allows an authenticated attacker to forge 2FA tokens of other users due to devices storing sensitive 2FA information in log files on disk.
  • CVE-2024-44321 is rated medium, with a CVSS score of 2.7, and allows an attacker to issue large input data causing an unauthenticated denial-of-service.

What is the impact?

Successful exploitation of this vulnerability would allow an authenticated attacker to remotely execute code, escalate their privileges, or forge other users credentials. The first three do require attacks be authenticated initially to exploit these vulnerabilities.

The last vulnerability is on the lower score, but would still require the device be restarted if the denial-of-service condition was triggered.

Are updates or workarounds available?

Siemens recommends upgrading all affected devices to firmware V8.1 or later. Additionally, users should ensure these devices are isolated in their own networks to prevent unwanted network traffic to the device.

How to find potentially vulnerable systems with runZero

From the Asset Inventory, use the following query to locate systems running potentially vulnerable software:

hw:"RUGGEDCOM" OR hw:"SCALANCE" OR hw:"LOGO"

CVE-2024-35292 – SIMATIC S7-200 SMART Devices (July 2024)

In July 2024, Siemens disclosed a vulnerability in their SIMATIC S7-200 SMART Devices.

CVE-2024-35292 is rated high, with a CVSS score of 8.2, and allowed attackers to predict IP ID sequence numbers as their base method of attack and eventually could allow an attacker to create a denial-of-service condition.

What was the impact?

Successful exploitation of this vulnerability would allow an attacker to issue a denial-of-service condition.

Are updates or workarounds available?

The only workaround was to restrict access to the network where the affected products were located by introducing strict access control mechanisms.

How runZero users found potentially vulnerable systems

From the Asset Inventory, runZero users applied the following query to locate systems running potentially vulnerable software:

hw:SIMATIC

SENTRON, SCALANCE, and RUGGEDCOM vulnerabilities (March 2024)

In March, 2024, Siemens released security advisories for a variety of products and devices, including the SENTRON, SCALANCE, and RUGGEDCOM product lines.

Several of the vulnerabilities had CVSS scores in the 7.0 to 8.9 range (high) and several more in the 9.0 to 10.0 range (critical).

For the full list of vulnerabilities, you can consult Siemens ProductCERT.

What was the impact?

Several of these vulnerabilities allowed for unauthenticated remote code execution, allowing for compromise of the vulnerable systems. Other vulnerabilities could lead to privilege escalation, information disclosure, or denial of service. Users were urged to upgrade as quickly as possible. Siemens released updates via a variety of channels. See Siemens ProductCERT for details.

How runZero users found potentially vulnerable systems

From the Asset Inventory, runZero users applied the following query to locate Siemens assets that were potentially vulnerable:

hardware:Siemens OR hardware:RuggedCom

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About runZero
runZero, a network discovery and asset inventory solution, was founded in 2018 by HD Moore, the creator of Metasploit. HD envisioned a modern active discovery solution that could find and identify everything on a network–without credentials. As a security researcher and penetration tester, he often employed benign ways to get information leaks and piece them together to build device profiles. Eventually, this work led him to leverage applied research and the discovery techniques developed for security and penetration testing to create runZero.

Third-party reviews: Tailscale alternatives and competitors

With the rise in cyber-attacks, choosing the right tool to protect your organization is crucial. The best tool for you depends on the features you need, your IT team’s capabilities, budget, and other factors. Tailscale is one option offering Zero Trust Network Access (ZTNA) features. This article reviews Tailscale’s competitors and alternatives, comparing secure network access solutions and VPNs with other popular options.

Overview of Tailscale

Tailscale focuses on securely connecting users, services, and devices for remote access. It uses WireGuard, an open-source protocol, to create secure VPN connections. Due to its high-speed cryptography and integration within the Linux kernel, WireGuard is faster than older protocols like IPsec and OpenVPN.

While some users see Tailscale’s B2C offering as just a more user-friendly version of WireGuard, its offering for organizations includes additional features. Tailscale’s Zero Trust features and VPN support remote work and protect segmented networks.

Most mentioned product strengths

Tailscale has several notable features that make it popular for remote access and network security:

  1. WireGuard protocol which ensures fast and secure connections

  2. Multi-factor authentication makes systems more secure

  3. End-to-end encryption protects network traffic

  4. Device sharing feature helps in troubleshooting

Most mentioned overall product benefits of Tailscale

Here’s what users enjoy about the software:

  1. Easy to set up

  2. User-friendly

  3. Fast because it uses WireGuard

  4. Offers a free trial

Tailscale’s limitations

Tailscale’s limitations, according to the review platforms, are:

  1. Limited security and compliance features for enterprise needs

  2. Payment by invoice is only available for the Enterprise plan

  3. Requires opening ports on corporate firewalls

Let’s look now at Tailscale alternatives.

Disclaimer: This product review is based on information provided on VPN review sites and forum social networks such as G2 and Reddit and assessed customer feedback shared on these platforms, accessed on August 5, 2024.

NordLayer

Overview of NordLayer

NordLayer is a network protection solution that provides secure access to company resources from anywhere. It boosts network security, supports remote work, and helps achieve compliance. NordLayer is a multi-layered network protection tool from Nord Security, the creators of NordVPN, a widely used VPN service.

NordLayer helps organizations adopt Firewall as a Service (FWaaS), Zero Trust Network Access (ZTNA), and Secure Web Gateway (SWG) principles, focusing on the Secure Service Edge (SSE). It provides SaaS security features for internet, resource, and network access control.

NordLayer is flexible and scalable, making it a good fit for businesses of all sizes.

Product strengths

The solution enhances network security with several capabilities:

  1. ZTNA features, such as Cloud Firewall, Device Posture Security, Virtual Private Gateways, etc., allow only authorized users and devices to access the network

  2. Encryption and a set of SWG features for safe browsing, like DNS filtering and ThreatBlock, make internet access more secure

  3. Establishes a reliable remote connection to hybrid networks and remote devices, enabling secure remote work

  4. Offers strong identity and access management solutions that include Multi-Factor Authentication (MFA), Single Sign-On (SSO), and user provisioning

Product benefits of NordLayer

Product benefits of NordLayer

The solution’s strengths include:

  1. Easy integration with the existing infrastructure

  2. Fast setup (only 10 minutes)

  3. User-friendly Control Panel

  4. Requires no hardware and is easy to maintain

  5. Offers 14-day money-back guarantee

Unique offering of NordLayer

NordLayer provides unique advantages that differentiate it from its competitors.

  1. High-performance 24/7 support available with all plans

  2. Proactive help during onboarding, troubleshooting, and scaling

  3. Browser Extension for better performance and extended secure device perimeter

  4. ThreatBlock, protecting against malicious sites

  5. Quarterly follow-ups for better product usage and adoption

  6. Customer-centric product development with client feedback shaping the roadmap

  7. NordLynx protocol, built around the WireGuard® protocol. It uses a double Network Address Translation system, allowing secure connections to VPN servers without storing any identifiable data

NordLayer’s limitations

NordLayer has some limitations:

  1. It can be expensive for smaller businesses

  2. Requires a minimum of 5 seats

  3. Specialized providers may be more affordable for customers needing only one function

NordLayer reviews

For an objective product evaluation, we will consult major VPN review sites such as Gartner, Capterra, and Cybernews and analyze client feedback from these sources.

NordLayer reviews

Here’s what users appreciate about NordLayer:

NordLayer reviews

For details on NordLayer’s secure network access features and plans, check our pricing.

GoodAccess

Overview of GoodAccess

GoodAccess positions itself as ‘Zero Trust Architecture as a Service’ for small and medium enterprises. The tool offers a software-defined perimeter, business VPN, secure web gateway, Zero Trust Network Access, remote access VPN, and security compliance.

Most mentioned product strengths

Here’s what users mentioned most in their positive reviews:

  1. VPN

  2. Static IP addresses

  3. Cloud-based platform

  4. Secure access from any physical location

Most mentioned overall product benefits of GoodAccess

GoodAccess provides several benefits:

  1. Ease of use

  2. Simple implementation

  3. Strong customer support

  4. Reliable

GoodAccess’s limitations

Users also weren’t happy about these things:

  1. High price

  2. Only one mobile device and one tablet/PC can use the connection at a time

  3. Limited features

  4. Lacking reporting capabilities

  5. High scaling costs when adding extra gateways

  6. Viewing credentials in the account management portal resets the user’s password

Disclaimer: This product review is based on information provided on VPN review sites such as Gartner, Capterra and G2 and assessed customer feedback shared on these platforms, accessed on August 5, 2024.

Twingate

Overview of Twingate

Twingate uses Zero Trust to improve remote access security, offering a safer alternative to traditional VPNs. It is easy to set up and manage. Twingate supports remote teams and offers responsive customer support to meet secure access needs.

Most mentioned product strengths

Twingate offers several capabilities to enhance network security:

  1. Provides Zero Trust Network Access (ZTNA) features and Secure Web Gateway (SWG)

  2. Granular control of access and visibility into who accesses the network

  3. Detailed Access Control Lists control permissions

Most mentioned overall product benefits of Twingate

Twingate offers several benefits:

  1. Easy to implement, use, and manage; no networking knowledge required

  2. Transparent routing and access for end users

Twingate’s limitations

Twingate has some weaknesses:

  1. Sometimes causes disruptions for users; stability needs improvement

  2. No Linux VPN client, only supports MacOS

  3. Admin interface needs better UX design

Disclaimer: This product review is based on information provided on VPN review sites such as Gartner, Reddit and G2 and assessed customer feedback shared on these platforms, accessed on August 5, 2024.

OpenVPN

Overview of OpenVPN

OpenVPN is a popular open-source VPN solution known for its flexibility and security. Widely used by businesses, it helps to secure remote access by encrypting network traffic and protecting privacy. It allows employees to access main office systems remotely.

Most mentioned product strengths

OpenVPN offers several capabilities:

  1. Secure remote access

  2. Strong encryption

  3. Additional features, like connection stats and connecting via URL

Most mentioned overall product benefits of OpenVPN

OpenVPN provides several benefits.

  1. Trusted by many businesses

  2. Well-written documentation

OpenVPN’s limitations

OpenVPN has some weaknesses.

  1. Slower than the WireGuard protocol

  2. Confusing admin GUI

  3. High cost for advanced features

  4. Difficult to reset multi-factor authentication for users who lose their phone

  5. Lacks additional ZTNA features, making it less comprehensive for businesses needing advanced solutions

Disclaimer: This product review is based on information provided on VPN review sites such as G2 and Capterra and assessed customer feedback shared on these platforms, accessed on August 5, 2024.

Different circumstances — different scenarios

Choosing the right solution for securing local networks and protecting your team can be challenging. Decision-makers often struggle with where to begin.

NordLayer offers a Decision Maker’s Kit, a free resource designed to help you build a strategy for selecting the most suitable solution for your organization. This kit provides step-by-step guidance from start to finish, ensuring you make an informed decision.

Disclaimer: The information in this article is provided for informational purposes only, is based on publicly available third-party reviews, user feedback, and online sources accessed on August 5, 2024, and should not be considered definitive or permanent. While we strive for accuracy and completeness, Nord Security Inc. and its affiliates make no guarantees regarding the information’s accuracy, completeness, or suitability. We do not undertake, warrant or represent that any product, or its feature, is or will remain publicly regarded as better or worse than other options, serve any purpose, has mentioned features, benefits, strengths, and limitations for any period of time. Product features, pricing, and other details may change, and we advise readers to verify these directly with vendors. We disclaim liability for any errors, omissions, or actions taken based on this information. The inclusion of competitor products does not imply affiliation, or endorsement, and all trademarks mentioned are the property of their respective owners. Readers should conduct their own research and seek independent advice before making purchasing decisions.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About NordLayer
NordLayer is an adaptive network access security solution for modern businesses – from the world’s most trusted cybersecurity brand, Nord Security.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

About NordLayer
NordLayer is an adaptive network access security solution for modern businesses – from the world’s most trusted cybersecurity brand, Nord Security.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

Protecting SMBs: The Vital Role of MSPs in Combating Browser Hijacking Malware

Key Takeaways

  • Proactive Monitoring and Patching: Understand the critical importance of regular system updates and patch management to close vulnerabilities and prevent malware infections.
  • Advanced Security Solutions: Learn why traditional antivirus software is no longer sufficient and how advanced security measures like MDR can better protect SMBs from sophisticated threats.
  • Incident Response and Education: Discover the value of having a well-defined incident response plan and how ongoing employee education can reduce the risk of successful cyber-attacks.

Recently, a significant vulnerability was uncovered where a widespread malware campaign managed to force-install malicious Chrome and Edge browser extensions on over 300,000 devices. This campaign not only hijacked browsers but also disabled security updates and patched critical DLL files, leaving systems vulnerable to further exploitation. As small and medium-sized businesses (SMBs) continue to be prime targets for such sophisticated attacks, the role of Managed Service Providers (MSPs) has never been more crucial. MSPs are on the frontline, ensuring that SMBs maintain secure, up-to-date systems that can withstand emerging cyber threats.

Understanding the Threat

The malware, as identified by ReasonLabs, is a highly invasive threat that begins with victims unknowingly downloading malicious software from fake websites. These downloads are promoted via malvertising and are cleverly disguised as legitimate tools like video downloaders or password managers. Once installed, the malware runs scripts that install malicious browser extensions, hijack search queries, steal browsing history, and disable browser security updates. By doing so, the malware not only disrupts the user experience but also opens the door to more severe breaches, such as data theft and unauthorized command execution on infected devices.

The most alarming aspect of this malware is its ability to modify core browser files and disable automatic updates. This means that once infected, the browser can no longer receive critical security patches, leaving it exposed to further vulnerabilities. This attack highlights the importance of proactive cybersecurity measures, particularly for SMBs that may lack the in-house expertise to manage such threats.

The Role of MSPs in Protecting SMBs

MSPs are uniquely positioned to provide the expertise and resources needed to protect SMBs from such sophisticated threats. Here’s how MSPs can ensure their clients remain safe and secure:

  1. Regular System Monitoring and Patching
    MSPs should implement continuous monitoring systems that can detect unusual activities, such as unauthorized software installations or browser modifications. Regular patch management is also critical. By ensuring that all systems and software are up-to-date with the latest security patches, MSPs can close potential vulnerabilities before they are exploited by malicious actors.
  2. Educating and Training End Users
    Human error remains one of the most significant risks to cybersecurity. MSPs should provide ongoing training and education for SMB employees, teaching them how to recognize phishing attempts, avoid suspicious downloads, and follow best practices for online security. Awareness of the latest threats and common attack vectors can significantly reduce the likelihood of successful malware infiltration.
  3. Implementing Advanced Security Measures

Traditional antivirus software is often insufficient against sophisticated malware campaigns that utilize obfuscation techniques to evade detection. MSPs should deploy advanced security solutions, such as endpoint detection and response (EDR) systems, which offer real-time monitoring and automatic remediation of threats. Additionally, incorporating Managed Detection and Response (MDR) services can provide continuous threat monitoring and rapid incident response. MDR services allow MSPs to leverage expert analysis and advanced tools to identify and mitigate threats before they can cause significant damage. Ensuring that web filtering and email security solutions are in place further enhances protection by preventing users from accessing malicious sites or downloading harmful attachments.

  1. Performing Regular Security Audits
    Regular security audits can help identify potential weaknesses in a client’s infrastructure. MSPs should conduct these audits to ensure that all security measures are functioning correctly and that there are no gaps that could be exploited by malware. This includes checking for outdated software, reviewing access controls, and ensuring that backups are properly configured and stored securely.
  2. Establishing Incident Response Protocols
    In the event of a security breach, having a well-defined incident response plan is essential. MSPs should work with their clients to develop and regularly update these protocols, ensuring that everyone knows their role in the event of an attack. Quick identification, containment, and remediation of the threat can significantly reduce the damage caused by a malware infection.

Practical Tips for SMBs

While MSPs provide invaluable support, SMBs can also take proactive steps to protect themselves:

  • Regularly Update Browsers and Software: Ensure that all browsers and software are kept up-to-date with the latest security patches. Even if an MSP manages your systems, encourage employees to report any update prompts they encounter.
  • Limit User Permissions: Restrict user permissions to prevent unauthorized software installations. Only allow administrators to install or modify software on company devices.
  • Use Multi-Factor Authentication (MFA): Implement MFA across all critical systems to add an extra layer of security. This makes it more difficult for attackers to gain access, even if they manage to steal login credentials.
  • Backup Data Regularly: Ensure that all critical data is regularly backed up and stored in a secure location. In the event of a ransomware attack or data breach, having access to backups can help recover information without paying a ransom.
  • Be Cautious with Downloads: Encourage employees to download software only from trusted sources and verify the legitimacy of any site before downloading.

Combat Browser Hijacking Malware

Having the right tools in place is crucial when it comes to combatting this threat. Guardz is a one-stop shop/ unified cybersecurity platform built especially for MSPs to protect their SMB clients. The Guardz browser extension ensures that clients and their employees are not exposed to malicious sites, web redirects, unsafe extensions, and more during their day-to-day internet activity.

Secure your client’s web browsers & schedule a demo with Guardz today! 

Start Free Trial

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Guardz
Guardz is on a mission to create a safer digital world by empowering Managed Service Providers (MSPs). Their goal is to proactively secure and insure Small and Medium Enterprises (SMEs) against ever-evolving threats while simultaneously creating new revenue streams, all on one unified platform.

Start Free Trial
×

Hello!

Click one of our contacts below to chat on WhatsApp

Social Chat is free, download and try it now here!

×