Siemens Family Security Update Advisory

Jul 16 2024

Overview

Simens has released a security update that addresses a vulnerability in its supplied products. Users of affected products are advised to update to the latest version.

Affected Products

CVE-2024-39888

Mendix Encryption module versions: 10.0.0 (inclusive) ~ 10.0.2 (excluded)

CVE-2023-46280

S7-PCT All
Security Configuration Tool (SCT) All
SIMATIC Automation Tool All
SIMATIC BATCH V9.1 All
SIMATIC NET PC Software V16, V17 All
SIMATIC NET PC Software versions: ~ 18 SP1 (excluded)
SIMATIC PCS 7 V9.1 All
SIMATIC PDM V9.2 All
SIMATIC Route Control V9.1 All
SIMATIC STEP 7 V5 All
SIMATIC WinCC OA V3.17 All
SIMATIC WinCC OA version: ~ 3.18 (excluded)
SIMATIC WinCC OA version: ~ 3.19 (excluded)
SIMATIC WinCC Runtime Advanced All
SIMATIC WinCC Runtime Professional version: ~ 16 (excluded)
SIMATIC WinCC Runtime Professional V17 All
SIMATIC WinCC Runtime Professional versions: ~ 18 (excluded)
SIMATIC WinCC Runtime Professional versions: up to 19 (excluded)
SIMATIC WinCC V7.4 All
SIMATIC WinCC version: ~ 7.5 SP2 (excluded)
SIMATIC WinCC version: ~ 8.0 (excluded)
SINAMICS Startdrive versions: ~ 19 SP1 (excluded)
SINUMERIK ONE virtual version: ~ 6.23 (excluded)
SINUMERIK PLC Programming Tool All
IA Portal Cloud Connector version: ~ 2.0 (excluded)
Totally Integrated Automation Portal (TIA Portal) Version: ~ 18 (excluded)
Totally Integrated Automation Portal (TIA Portal) V15.1 All
Totally Integrated Automation Portal (TIA Portal) V16 All
Totally Integrated Automation Portal (TIA Portal) V17 All
Totally Integrated Automation Portal (TIA Portal) Versions: ~ 19 (excluded)

Cve-2024-39570, cve-2024-39571

SINEMA Remote Connect Server Version: ~3.2 HF1 (excluded)

CVE-2024-30321

SIMATIC PCS 7 V9.1 All
SIMATIC WinCC Runtime Professional V18 All
SIMATIC WinCC Runtime Professional Version: ~19 (excluded)
SIMATIC WinCC versions: ~ 7.4 (excluded)
SIMATIC WinCC version: ~ 7.5 (excluded)
SIMATIC WinCC versions: ~ 8.0 (excluded)

Cve-2024-39568, cve-2024-39569, cve-2024-39567

SINEMA Remote Connect Client version: ~ 3.2 HF1 (excluded)

CVE-2022-45147

SIMATIC PCS neo V4.0 All
Totally Integrated Automation Portal (TIA Portal) V16, V17 All
Totally Integrated Automation Portal (TIA Portal) Version: ~ 18 (excluded)

CVE-2024-37997

JT Open Version: ~ 11.5 (excluded)
PLM XML SDK version: ~ 7.1.0.014 (excluded)

CVE-2019-13946

see references[16]

CVE-2023-32735

Totally Integrated Automation Portal V16, V17, V18 All

CVE-2024-38867

see references[20]

CVE-2022-32253

SINEMA Remote Connect Server version: ~ 3.1 (excluded)

CVE-2022-32260

SINEMA Remote Connect Server Version: ~ 3.2 SP1 (excluded)

CVE-2022-32252, CVE-2022-32258, CVE-2022-32254, CVE-2022-32261

SINEMA Remote Connect Server version: ~ 3.1 (excluded)

CVE-2019-10936

see references [28]

Cve-2024-39869, cve-2024-39874, cve-2024-39868, cve-2024-39867, cve-2024-39865, cve-2024-39873, cve-2024-39866, cve-2024-39870, cve-2022-32260, cve-2024-39872

SINEMA Remote Connect Server version: ~ 3.2 SP1 (excluded)

CVE-2017-12741

SIMOCODE pro V EIP (including SIPLUS variant) Version: ~ 1.0.2 (excluded)

see references[5]

SINAMICS SM150i-2 w. SIMOTION D4xx for PROFINET (including SIPLUS variants) Version: ~ 4.4 HF26 (excluded)
SINAMICS GH150 V4.7 w. PROFINET version: ~ 4.7 SP5 HF7 (excluded)
SINAMICS GL150 V4.7 w. PROFINET version: ~ 4.8 SP2 (excluded)
SINAMICS GM150 V4.7 w. PROFINET version: ~ 4.7 HF31 (excluded)
SINAMICS SL150 V4.7.0 w. PROFINET version: ~ 4.7 HF30 (excluded)
SINAMICS SL150 V4.7.4 w. PROFINET version: ~ 4.8 SP2 (excluded)
SINAMICS GH150 V4.7.5 w. PROFINET version: ~ 4.8 SP2 (excluded)
SINAMICS SM120 V4.7 w. PROFINET version: ~ 4.8 SP2 (excluded)

CVE-2022-40225

SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) Version: ~ 2.4.8 (excluded)
TIM 1531 IRC (6GK7543-1MX00-0XE0) Version: ~ 2.4.8 (excluded)

CVE-2023-32737

Totally integrated Automation Portal All

Cve-2023-52237, cve-2024-38278, cve-2024-39675

see references[12]

Cve-2024-32056, cve-2024-33653, cve-2024-33654

Simcenter Femap version: ~ 2406 (excluded)

Resolved Vulnerabilities

Vulnerability that could allow an attacker to decrypt all encrypted project data via the use of unspecified individual EncryptionKeys in projects (CVE-2024-39888)
An out-of-bounds read vulnerability could be exploited to cause a blue screen of death (BSOD) crash of the underlying Windows kernel, resulting in a denial of service condition (CVE-2023-46280)
Vulnerabilities that could allow authenticated attackers to execute arbitrary code with root privileges by exploiting a command injection vulnerability due to missing server-side input sanitization when loading VxLAN configurations (CVE-2024-39570, CVE-2024-39571)
Vulnerability in the failure to properly handle certain requests to a web application, which could allow privileged information to be leaked (CVE-2024-30321)
A missing server-side input sanitization when a system service loads proxy configurations, which could allow commands to be injected (CVE-2024-39568, CVE-2024-39569, CVE-2024-39567)
Failure to properly restrict .NET BinaryFormatter when deserializing user-controlled input, which could allow an attacker to cause type confusion and execute arbitrary code within the affected application (CVE-2022-45147)
A stack-based overflow vulnerability that could occur while parsing crafted XML files (CVE-2024-37997)
denial of service vulnerability when multiple legitimate diagnostic package requests are sent to the DCE-RPC interface (CVE-2019-13946)
Vulnerability in .NET BinaryFormatter not properly constrained when deserializing hardware configuration profiles, which could allow an attacker to cause type confusion and execute arbitrary code within an affected application (CVE-2023-32735)
Support for weak passwords on multiple ports (443/tcp for web, 4443/tcp for DIGSI 5, and a configurable port for syslog over TLS), which could allow an unauthorized attacker in a man-in-the-middle position to read and modify all data sent to those ports (CVE-2024-38867)
A vulnerability that could allow passwords in OpenSSL certificates to be printed to an attacker-accessible file due to improper input validation (CVE-2022-32253)
A vulnerability in the creation of temporary user credentials for User Management Component (UMC) users that could allow an attacker to use these temporary credentials to bypass authentication in certain scenarios (CVE-2022-32260)
Vulnerability in which integrity checks for update packages are not performed, and without validation, administrators could be tricked into installing a malicious package and granting root privileges to an attacker (CVE-2022-32252)
A vulnerability that included the ability to get device configuration via certain endpoints or below, which could be used by an attacker to disclose this information (CVE-2022-32258)
Custom HTTP POST requests could force an application to write the status of a given user to a log file, which could expose sensitive user information that could provide valuable instructions to an attacker (CVE-2022-32254)
An APT update contained malformed configuration, which could allow an attacker to add insecure packages to the application (CVE-2022-32261)
Vulnerability that could allow an unauthenticated remote attacker to trigger a denial of service condition by improperly handling a large number of specially crafted UDP packets (CVE-2019-10936)

Vulnerability that could allow an authenticated attacker to upload a crafted certificate leading to a persistent denial of service condition (CVE-2024-39869
A vulnerability in a client communication component that did not properly implement brute force attacks on user credentials, which could allow an attacker to determine user credentials that are vulnerable to brute force attacks (CVE-2024-39874)
Vulnerability in the web interface that does not properly validate authentication when performing certain actions, allowing an unauthenticated attacker to access and edit VxLAN configuration information on an unauthorized network (CVE-2024-39868, CVE-2024-39867)
Vulnerability allowing users to upload encrypted backup files, which could allow an attacker to upload malicious files, leading to remote code execution (CVE-2024-39865)
API did not properly implement brute force attacks on user credentials, which could allow an attacker to determine user credentials vulnerable to brute force attacks (CVE-2024-39873)
Vulnerability that allows users to upload encrypted backup files, which could allow an attacker to create a user with administrator privileges (CVE-2024-39866)
a vulnerability that could be configured to allow users to manage their own users, allowing them to modify users outside their scope and expand their privileges (CVE-2024-39870)
Vulnerability in the creation of temporary user credentials for User Management Component (UMC) users, which could allow attackers to bypass authentication (CVE-2022-32260)
Failure to properly assign permissions to temporary files created during the update process, which could allow an authenticated attacker with the ‘Manage Firmware Update’ role to escalate privileges at the base OS level (CVE-2024-39872)
Vulnerability that could cause a denial of service condition when specially crafted packets are sent to port 161/udp (CVE-2017-12741)
casting an internal value could cause a floating-point exception under certain circumstances (CVE-2022-40225)
Vulnerability in .NET BinaryFormatter not properly constraining deserializing user-controlled input, which could allow an attacker to cause type confusion and execute arbitrary code (CVE-2023-32737)
A vulnerability that allows low-privileged users to access the hashes and password salts of all system users, including administrative users (CVE-2023-52237)
Vulnerability in some configurations that could allow affected products to incorrectly enable Modbus services on unmanaged VLANs (CVE-2024-39675)
Vulnerability in parsing a specially crafted IGS part file that contained an out-of-bounds write beyond the end of the allocated buffer, which could allow an attacker to execute code in the context of the current process (CVE-2024-32056)
Vulnerability in parsing a specially crafted BMP file contains an out-of-bounds read beyond the end of the allocated structure, which could allow an attacker to execute code in the context of the current process (CVE-2024-33653, CVE-2024-33654)

Vulnerability Patches

Patches for the vulnerabilities have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2024-39888

Mendix Encryption module version: 10.0.2 and later

CVE-2023-46280

S7-PCT
Currently no fix is available

Security Configuration Tool (SCT)
Currently no fix is available

SIMATIC Automation Tool
Currently no fix is available

Simatic batch v9.1
Currently no fix is available

SIMATIC NET PC Software V16, V17
Currently no fix is available

SIMATIC NET PC Software version: 18 SP1 and later

Simatic pcs 7 v9.1
Currently no fix is available

Simatic pdm v9.2
Currently no fix is available

SIMATIC Route Control V9.1
Currently no fix is available

Simatic step 7 v5
Currently no fix is available

SIMATIC WinCC OA V3.17
Currently no fix is available

SIMATIC WinCC OA version: 3.18 P025 and later

SIMATIC WinCC OA version: 3.19 P010 and later

SIMATIC WinCC Runtime Advanced
Currently no fix is available

SIMATIC WinCC Runtime Professional Version: 16 and later

SIMATIC WinCC Runtime Professional V17
Currently no fix is available

SIMATIC WinCC Runtime Professional versions: 18 and later

SIMATIC WinCC Runtime Professional versions: 19 and later

SIMATIC WinCC V7.4
Currently no fix is available

SIMATIC WinCC Version: 7.5 SP2 and later

SIMATIC WinCC version: 8.0 and later

SINAMICS Startdrive version: 19 SP1 and later

SINUMERIK ONE virtual version: 6.23 and later

SINUMERIK PLC Programming Tool
Currently no fix is available

IA Portal Cloud Connector version: 2.0 and later

Totally Integrated Automation Portal (TIA Portal) version: 18 and later

Totally Integrated Automation Portal (TIA Portal) V15.1, V16, V17
Currently no fix is available

Totally Integrated Automation Portal (TIA Portal) Versions: 19 and later

Cve-2024-39570, cve-2024-39571

SINEMA Remote Connect Server version: 3.2 HF1 and later

CVE-2024-30321

SIMATIC PCS 7 versions: WinCC 7.5 SP2 and later versions

SIMATIC WinCC Runtime Professional V18
Currently no fix is available

SIMATIC WinCC Runtime Professional version: 19 and later

SIMATIC WinCC version: 7.4 SP1 and later
SIMATIC WinCC version: 7.5 SP2 and later
SIMATIC WinCC version: 8.0 and later

Cve-2024-39568, cve-2024-39569, cve-2024-39567

SINEMA Remote Connect Client versions: 3.2 HF1 and later

CVE-2022-45147

SIMATIC PCS neo V4.0
Currently no fix is planned

Totally Integrated Automation Portal (TIA Portal) V16, V17
Currently no fix is planned

Totally Integrated Automation Portal (TIA Portal) versions: 18 and later

CVE-2024-37997

JT Open version: 11.5 and later
PLM XML SDK version: 7.1.0.014 and later

CVE-2019-13946

updated based on reference [16]

CVE-2023-32735

Totally Integrated Automation Portal V16, V17, V18

do not open untrusted files from unknown sources in the affected products.

CVE-2024-38867

updated based on reference [20]

CVE-2022-32253

SINEMA Remote Connect Server versions: 3.1 and later

CVE-2022-32260

SINEMA Remote Connect Server version: 3.2 SP1 and later

Cve-2022-32252, cve-2022-32258, cve-2022-32254, cve-2022-32261

SINEMA Remote Connect Server versions: 3.1 and later

CVE-2019-10936

updated based on reference [28]

Cve-2024-39869, cve-2024-39874, cve-2024-39868, cve-2024-39867, cve-2024-39865, cve-2024-39873, cve-2024-39866, cve-2024-39870, cve-2022-32260, cve-2024-39872

SINEMA Remote Connect Server versions: 3.2 SP1 and later

CVE-2017-12741

SIMOCODE pro V EIP (including SIPLUS variant) Version: 1.0.2
see references[5] for updates

SINAMICS SM150i-2 w. SIMOTION D4xx for PROFINET (including SIPLUS variant) version: 4.4 HF26
SINAMICS GH150 V4.7 w. PROFINET version: 4.7 SP5 HF7 or 4.8 SP2
SINAMICS GL150 V4.7 w. PROFINET version: 4.8 SP2
SINAMICS GM150 V4.7 w. PROFINET version: 4.7 HF31 or 4.8 SP2
SINAMICS SL150 V4.7.0 w. PROFINET version: 4.7 HF30 or 4.8 SP2
SINAMICS SL150 V4.7.4 w. PROFINET version: 4.8 SP2
SINAMICS GH150 V4.7.5 w. PROFINET version: 4.8 SP2
SINAMICS SM120 V4.7 w. PROFINET version: 4.8 SP2

CVE-2022-40225

SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) versions: 2.4.8 and later
TIM 1531 IRC (6GK7543-1MX00-0XE0) versions: 2.4.8 and later

CVE-2023-32737

Totally Integrated Automation Portal Version: 18 and later

Cve-2023-52237, cve-2024-38278, cve-2024-39675

see references[12] for updates

Cve-2024-32056, cve-2024-33653, cve-2024-33654

Simcenter Femap versions: 2406 and later

references

[1] CVE-2024-39888 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-39888

[2] SSA-998949

https://cert-portal.siemens.com/productcert/html/ssa-998949.html

[3] CVE-2023-46280 Detail

https://nvd.nist.gov/vuln/detail/CVE-2023-46280

[4] SSA-962515

https://cert-portal.siemens.com/productcert/html/ssa-962515.html

[5] CVE-2024-39570, CVE-2024-39571 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-39570

https://nvd.nist.gov/vuln/detail/CVE-2024-39571

[6] SSA-928781

https://cert-portal.siemens.com/productcert/html/ssa-928781.html

[7] CVE-2024-30321 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-30321

[8] SSA-883918

https://cert-portal.siemens.com/productcert/html/ssa-883918.html

[9] CVE-2024-39568, CVE-2024-39569, CVE-2024-39567 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-39568

https://nvd.nist.gov/vuln/detail/CVE-2024-39569

https://nvd.nist.gov/vuln/detail/CVE-2024-39567

[10] SSA-868282

https://cert-portal.siemens.com/productcert/html/ssa-868282.html

[11] CVE-2022-45147 Detail

https://nvd.nist.gov/vuln/detail/CVE-2022-45147

[12] SSA-825651

https://cert-portal.siemens.com/productcert/html/ssa-825651.html

[13] CVE-2024-37997 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-37997

[14] SSA-824889

https://cert-portal.siemens.com/productcert/html/ssa-824889.html

[15] CVE-2019-13946 Detail

https://nvd.nist.gov/vuln/detail/CVE-2019-13946

[16] SSA-780073

https://cert-portal.siemens.com/productcert/html/ssa-780073.html

[17] CVE-2023-32735 Detail

https://nvd.nist.gov/vuln/detail/CVE-2023-32735

[18] SSA-779936

https://cert-portal.siemens.com/productcert/html/ssa-779936.html

[19] CVE-2024-38867 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-38867

[20] SSA-750499

https://cert-portal.siemens.com/productcert/html/ssa-750499.html

[21] CVE-2022-32253 Detail

https://nvd.nist.gov/vuln/detail/CVE-2022-32253

[22] SSA-484086

https://cert-portal.siemens.com/productcert/html/ssa-484086.html

[23] CVE-2022-32260 Detail

https://nvd.nist.gov/vuln/detail/CVE-2022-32260

[24] SSA-381581

https://cert-portal.siemens.com/productcert/html/ssa-381581.html

[25] CVE-2022-32252, CVE-2022-32258, CVE-2022-32254, CVE-2022-32261 Detail

https://nvd.nist.gov/vuln/detail/CVE-2022-32252

https://nvd.nist.gov/vuln/detail/CVE-2022-32258

https://nvd.nist.gov/vuln/detail/CVE-2022-32254

https://nvd.nist.gov/vuln/detail/CVE-2022-32261

[26] SSA-484086

https://cert-portal.siemens.com/productcert/html/ssa-484086.html

[27] CVE-2019-10936 Detail

https://nvd.nist.gov/vuln/detail/CVE-2019-10936

[28] SSA-473245

detail https://cert-portal.siemens.com/productcert/html/ssa-473245.html

[29] CVE-2024-39869, CVE-2024-39874, CVE-2024-39868, CVE-2024-3986, CVE-2024-3986, CVE-2024-39865, CVE-2024-39873, CVE-2024-39866, CVE-2024-39870, CVE-2022-32260, CVE-2024-39872 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-39869

https://nvd.nist.gov/vuln/detail/CVE-2024-39874

https://nvd.nist.gov/vuln/detail/CVE-2024-39868

https://nvd.nist.gov/vuln/detail/CVE-2024-39867

https://nvd.nist.gov/vuln/detail/CVE-2024-39865

https://nvd.nist.gov/vuln/detail/CVE-2024-39873

https://nvd.nist.gov/vuln/detail/CVE-2024-39866

https://nvd.nist.gov/vuln/detail/CVE-2024-39870

https://nvd.nist.gov/vuln/detail/CVE-2022-32260

https://nvd.nist.gov/vuln/detail/CVE-2024-39872

[30] SSA-381581

https://cert-portal.siemens.com/productcert/html/ssa-381581.html