Security Advisory

Siemens Product Security Update Advisory

  • Jun 21 2024

Overview

 

An update has been released to address vulnerabilities in Siemens products. Users of affected versions are advised to update to the latest version.

 

Affected Products

 

CVE-2024-35303

  • Tecnomatix Plant Simulation 2302 in versions 2302.0012 or below
  • Tecnomatix Plant Simulation 2404 in versions 2404.0001 or below

 

Cve-2023-48363, cve-2023-48364

  • All versions of OpenPCS 7 9.1
  • All versions of SIMATIC BATCH 9.1
  • All versions of SIMATIC PCS 7 9.1
  • All versions of SIMATIC Route Control 9.1
  • All versions of SIMATIC WinCC Runtime Professional 18
  • All versions of SIMATIC WinCC Runtime Professional 19 Update 2 and ealier
  • All versions of SIMATIC WinCC 7.4
  • SIMATIC WinCC 7.5 SP2 Update 15 and ealier
  • SIMATIC WinCC 8.0 Update 4 and ealier

 

CVE-2023-44374

  • All versions of SCALANCE WAM763-1 (6GK5763-1AL00-7DA0)
  • All versions of SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0)
  • All versions of SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0)
  • All versions of SCALANCE WAM766-1 (EU) (6GK5766-1GE00-7DA0)
  • All versions of SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0)
  • All versions of SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0)
  • All versions of SCALANCE WAM766-1 EEC (EU) (6GK5766-1GE00-7TA0)
  • All versions of SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0)
  • All versions of SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0)
  • All versions of SCALANCE WUM763-1 (6GK5763-1AL00-3AA0)
  • All versions of SCALANCE WUM763-1 (6GK5763-1AL00-3DA0)
  • All versions of SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0)
  • All versions of SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0)
  • All versions of SCALANCE WUM766-1 (EU) (6GK5766-1GE00-3DA0)
  • All versions of SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0)
  • All versions of SCALANCE WUM766-1 (US) (6GK5766-1GE00-3DB0)

 

CVE-2024-33500

  • Mendix Applications using Mendix versions: 9.3.0 (inclusive) ~ 9.24.22 (excluded)
  • Mendix Applications using Mendix 10 version earlier than 10.11.0
  • Mendix Applications using Mendix 10.6 version earlier than 10.6.9

 

CVE-2024-35292

  • All versions of SIMATIC S7-200 SMART CPU CR40 (6ES7288-1CR40-0AA0)
  • All versions of SIMATIC S7-200 SMART CPU CR60 (6ES7288-1CR60-0AA0)
  • All versions of SIMATIC S7-200 SMART CPU SR20 (6ES7288-1SR20-0AA0)
  • All versions of SIMATIC S7-200 SMART CPU SR20 (6ES7288-1SR20-0AA1)
  • All versions of SIMATIC S7-200 SMART CPU SR30 (6ES7288-1SR30-0AA0)
  • All versions of SIMATIC S7-200 SMART CPU SR30 (6ES7288-1SR30-0AA1)
  • All versions of SIMATIC S7-200 SMART CPU SR40 (6ES7288-1SR40-0AA0)
  • All versions of SIMATIC S7-200 SMART CPU SR40 (6ES7288-1SR40-0AA1)
  • All versions of SIMATIC S7-200 SMART CPU SR60 (6ES7288-1SR60-0AA0)
  • All versions of SIMATIC S7-200 SMART CPU SR60 (6ES7288-1SR60-0AA1)
  • All versions of SIMATIC S7-200 SMART CPU ST20 (6ES7288-1ST20-0AA0)
  • All versions of SIMATIC S7-200 SMART CPU ST20 (6ES7288-1ST20-0AA1)
  • All versions of SIMATIC S7-200 SMART CPU ST30 (6ES7288-1ST30-0AA0)
  • All versions of SIMATIC S7-200 SMART CPU ST30 (6ES7288-1ST30-0AA1)
  • All versions of SIMATIC S7-200 SMART CPU ST40 (6ES7288-1ST40-0AA0)
  • All versions of SIMATIC S7-200 SMART CPU ST40 (6ES7288-1ST40-0AA1)
  • All versions of SIMATIC S7-200 SMART CPU ST60 (6ES7288-1ST60-0AA0)
  • All versions of SIMATIC S7-200 SMART CPU ST60 (6ES7288-1ST60-0AA1)

 

Cve-2023-38524, cve-2023-38530, cve-2023-38526

  • Parasolid 34.1 version ealier than 34.1.258
  • Parasolid 35.0 version ealier than 35.0.254
  • Parasolid 35.1 version ealier than 35.1.171
  • Teamcenter Visualization 14.1 version ealier than 14.1.0.11
  • Teamcenter Visualization 14.2 version ealier than 14.2.0.6
  • Teamcenter Visualization 14.3 version ealier than 14.3.0.3

 

CVE-2023-38531

  • Parasolid 34.1 out of 34.1.258 or below
  • Parasolid 35.0 of Parasolid 35.0 or below 35.0.254
  • Parasolid 35.1 on or below 35.1.184
  • All versions of Teamcenter Visualization 14.1
  • Any version of Teamcenter Visualization 14.3 on or below 14.3.0.9
  • Any version of Teamcenter Visualization 2312 on or below 2312.0004

 

CVE-2023-38529

  • Any version of Parasolid 34.1 on or below 34.1.258
  • Parasolid 35.0 of 35.0 or below 35.0.254
  • Parasolid 35.1 on or below 35.1.184
  • All versions of Teamcenter Visualization 14.1
  • All versions of Teamcenter Visualization 14.2
  • Any version of Teamcenter Visualization 14.3 or below 14.3.0.9
  • Any version of Teamcenter Visualization 2312 on or below 2312.0004

 

CVE-2023-38527

  • Any version of Parasolid 34.1 on or below 34.1.258
  • Parasolid 35.0 of 35.0 or below 35.0.254
  • All versions of Teamcenter Visualization 14.1
  • All versions of Teamcenter Visualization 14.2
  • Any version of Teamcenter Visualization 14.3 or below 14.3.0.9
  • Any version of Teamcenter Visualization 2312 out of 2312.0004 or below

 

Cve-2024-35206, cve-2024-35207, cve-2024-35212, cve-2024-35209, cve-2024-35211

  • SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) 1.2 or below

 

CVE-2024-33495

  • SIMATIC RTLS Locating Manager (6GT2780-0DA00) 3.0.1.1 or below
  • SIMATIC RTLS Locating Manager (6GT2780-0DA10) 3.0.1.1 or below
  • SIMATIC RTLS Locating Manager (6GT2780-0DA20) 3.0.1.1 or below
  • SIMATIC RTLS Locating Manager (6GT2780-0DA30) 3.0.1.1 or below
  • SIMATIC RTLS Locating Manager (6GT2780-1EA10) 3.0.1.1 or below
  • SIMATIC RTLS Locating Manager (6GT2780-1EA20) 3.0.1.1 or below
  • SIMATIC RTLS Locating Manager (6GT2780-1EA30) 3.0.1.1 or below

 

CVE-2024-36266

  • PowerSys 3.11 or below

 

Resolved Vulnerabilities

 

Arbitrary code execution vulnerability due to type confusion while parsing a specially crafted MODEL file (CVE-2024-35303)

Denial of service vulnerability due to failure of the RPC communication protocol to properly handle certain unconfigured RPC messages (CVE-2023-48363, CVE-2023-48364)

Code injection and system root shell creation vulnerability due to failure to properly sanitize input fields (CVE-2023-44374)

Privilege escalation vulnerability via an application due to improper privilege management (CVE-2024-33500)

Denial of service vulnerability due to the use of predictable IP ID sequence numbers (CVE-2024-35292)

Arbitrary code execution vulnerability due to null pointer dereference while parsing a specially crafted X_T file (CVE-2023-38524)

Out-of-bounds read vulnerability while parsing a specially crafted X_T file (CVE-2023-38530, CVE-2023-38526, CVE-2023-38531, CVE-2023-38529, CVE-2023-38527)

Unauthorized access vulnerability due to failure to expire a session (CVE-2024-35206)

CSRF attack vulnerability in the web interface of affected devices (CVE-2024-35207)

Database entry access vulnerability due to lack of input validation (CVE-2024-35212)

Vulnerability that could allow unauthorized file modification due to allowing HTTP methods such as PUT and delete on the affected web server (CVE-2024-35209)

Vulnerability in the affected web server to set session cookies in the browser after a successful login without applying security attributes (“Secure”, “HttpOnly”, “SameSite”, etc.) (CVE-2024-35211)

Denial of service vulnerability due to not properly limiting the size of certain logs (CVE-2024-33495)

Privilege escalation vulnerability due to the affected application not sufficiently securing responses to authentication requests (CVE-2024-36266)

 

Vulnerability Patches

 

Vulnerability patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

CVE-2024-35303

  • Tecnomatix Plant Simulation 2302.0012 or later
  • Tecnomatix Plant Simulation 2404.0001 or later

 

Cve-2023-48363, cve-2023-48364

  • SIMATIC WinCC Runtime Professional 19 Update 2 or later
  • SIMATIC WinCC 7.5 SP2 Update 15 or later
  • SIMATIC WinCC 8.0 Update 4 or later

 

CVE-2023-44374

  • Updated based on the “WORKAROUNDS AND MITIGATIONS” section of the Referenced Sites [3]

 

CVE-2024-33500

  • Mendix Applications using Mendix 9.24.22 or later
  • Mendix Applications using Mendix 10.11.0 or later
  • Mendix Applications using Mendix 10.6.9 or later

 

CVE-2024-35292

  • Updated based on the “WORKAROUNDS AND MITIGATIONS” section of the Referenced Sites [5]

 

CVE-2023-38524, CVE-2023-38530, CVE-2023-38526

  • Parasolid 34.1.258 or later
  • Parasolid 35.0.254 or later
  • Parasolid 35.1.171 or later
  • Teamcenter Visualization 14.1.0.11 or later
  • Teamcenter Visualization 14.2.0.6 or later
  • Teamcenter Visualization 14.3.0.3 or later

 

CVE-2023-38531

  • Parasolid 34.1.258 or later
  • Parasolid 35.0.254 or later
  • Parasolid 35.1.184 or laters
  • Teamcenter Visualization 14.3.0.9 or later
  • Teamcenter Visualization 2312.0004 or later

 

CVE-2023-38529

  • Parasolid 34.1.258 or later
  • Parasolid 35.0.254 or later
  • Parasolid 35.1.184 or later
  • Teamcenter Visualization 14.3.0.9 or later
  • Teamcenter Visualization 2312.0004 or later

 

CVE-2023-38527

  • Parasolid 34.1.258 or later
  • Parasolid 35.0.254 or later
  • Teamcenter Visualization 14.3.0.9 or later
  • Teamcenter Visualization 2312.0004 or later

 

Cve-2024-35206, cve-2024-35207, cve-2024-35212, cve-2024-35209, cve-2024-35211

  • SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) 1.2 or later

 

CVE-2024-33495

  • SIMATIC RTLS Locating Manager (6GT2780-0DA00) 3.0.1.1 or later
  • SIMATIC RTLS Locating Manager (6GT2780-0DA10) 3.0.1.1 or later
  • SIMATIC RTLS Locating Manager (6GT2780-0DA20) 3.0.1.1 or later
  • SIMATIC RTLS Locating Manager (6GT2780-0DA30) 3.0.1.1 or later
  • SIMATIC RTLS Locating Manager (6GT2780-1EA10) 3.0.1.1 or later
  • SIMATIC RTLS Locating Manager (6GT2780-1EA20) 3.0.1.1 or later
  • SIMATIC RTLS Locating Manager (6GT2780-1EA30) 3.0.1.1 or later

 

CVE-2024-36266

  • PowerSys 3.11 or later version

 

Referenced Sites

 

[1] SSA-900277: MODEL File Parsing Vulnerability in Tecnomatix Plant Simulation before V2302.0012 and V2024.0001

https://cert-portal.siemens.com/productcert/html/ssa-900277.html

[2] SSA-753746: Denial of Service Vulnerabilities in SIMATIC WinCC Affecting Other SIMATIC Software Products

https://cert-portal.siemens.com/productcert/html/ssa-753746.html#cves-section

[3] SSA-690517: Multiple Vulnerabilities in SCALANCE W700 802.11 AX Family

https://cert-portal.siemens.com/productcert/html/ssa-690517.html

[4] SSA-540640: Improper Privilege Management Vulnerability in Mendix Runtime

https://cert-portal.siemens.com/productcert/html/ssa-540640.html

[5] SSA-481506: Information Disclosure Vulnerability in SIMATIC S7-200 SMART Devices

https://cert-portal.siemens.com/productcert/html/ssa-481506.html

[6] SSA-407785: Multiple X_T File Parsing Vulnerabilities in Parasolid and Teamcenter Visualization

https://cert-portal.siemens.com/productcert/html/ssa-407785.html

[7] SSA-196737: Multiple Vulnerabilities in SINEC Traffic Analyzer before V1.2

https://cert-portal.siemens.com/productcert/html/ssa-196737.html

[8] SSA-093430: Multiple Vulnerabilities in SIMATIC RTLS Locating Manager before V3.0

https://cert-portal.siemens.com/productcert/html/ssa-093430.html

[9] SSA-024584: Authentication Bypass Vulnerability in PowerSys before V3.11

https://cert-portal.siemens.com/productcert/html/ssa-024584.html

Tags:

Previous Post

Next Post