Security Advisory

Siemens Product Security Update Advisory

  • Nov 14 2024

Overview

 

An update has been released to address vulnerabilities in Siemens Products. Users of the affected versions are advised to update to the latest version.

 

Affected Products

 

CVE-2024-46888, CVE-2024-46890

  • SINEC INS versions: ~ 1.0 SP2 Update 3 (excluded)

 

CVE-2023-32736

  • See Referenced Sites [2]

 

CVE-2024-50310

  • SIMATIC CP 1543-1 V4.0 versions: 4.0.44 (inclusive) ~ 4.0.50 (excluded)

 

CVE-2024-29119

  • Spectrum Power 7 versions: ~ 24Q3 (excluded)

 

CVE-2024-44102

  • See Referenced Sites [5]

 

Cve-2024-50557, cve-2024-50572

  • See Referenced Sites [6]

 

CVE-2024-47940, CVE-2024-47941, CVE-2024-47942

  • Solid Edge SE2024 versions: ~ 224.0 Update 9 (excluded)

 

CVE-2024-47808

  • SINEC NMS versions: ~ 3.0 SP1 (excluded)

 

CVE-2024-36140

  • OZW672 versions: ~ 5.2 (excluded)
  • OZW772 versions: ~ 5.2 (excluded)

 

CVE-2024-47783

  • SIPORT versions: ~ 3.4.0 (excluded)

 

 

Resolved Vulnerabilities

 

User-supplied paths for SFTP-based file uploads and downloads were not properly sanitized, which could allow authenticated remote attackers to manipulate arbitrary files on the file system and execute arbitrary code on the device (CVE-2024-46888)

Vulnerability in the web API that does not properly validate input sent to certain endpoints, which could allow an authenticated remote attacker with elevated privileges to the application to execute arbitrary code on the underlying OS (CVE-2024-46890)

Vulnerability in parsing user-controlled input when parsing user settings, which could allow an attacker to cause type confusion and execute arbitrary code within the affected application (CVE-2023-32736)

A vulnerability that does not properly handle permissions, allowing an unauthenticated remote attacker to access the file system (CVE-2024-50310)

Vulnerability containing multiple root-owned SUID binaries that could allow an authenticated local attacker to escalate privileges (CVE-2024-29119)

Insecure deserialization of user-supplied content, which could allow an unauthenticated attacker to send a maliciously crafted serialized object to execute arbitrary code on the device with SYSTEM privileges (CVE-2024-44102)

Vulnerability in the configuration field of the iperf function does not properly validate input, which could allow an unauthenticated, remote attacker to execute arbitrary code on the device (CVE-2024-50557)

Input fields were not properly sanitized, which could allow authenticated remote attackers with administrator privileges to inject code or create a system root shell (CVE-2024-50572)

A vulnerability in parsing a specially crafted PSM file contained an out-of-bounds read beyond the end of the allocated structure, which could allow an attacker to execute code in the context of the current process (CVE-2024-47940)

An out-of-bounds read beyond the end of an allocated structure was included while parsing a specially crafted PAR file, which could allow an attacker to execute code in the context of the current process (CVE-2024-47941)

Suffered from a DLL hijacking vulnerability, which could allow an attacker to execute arbitrary code by placing a crafted DLL file on the system (CVE-2024-47942)

Contained database functionality that did not properly restrict a user’s write permissions to the host system’s file system, which could allow an authenticated, medium-privilege attacker to write arbitrary content to all locations on the host system’s file system (CVE-2024-47808)

XSS vulnerability in the User Accounts tab on OZW672 and OZW772 devices that allows an authenticated remote attacker to inject malicious JavaScript code to execute as another authenticated user (CVE-2024-36140)

Improperly assigned file permissions in the installation folder, which could allow local attackers with unprivileged accounts to gain elevated privileges after overriding or modifying the service executable (CVE-2024-47783)

 

Vulnerability Patches

 

Vulnerability patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

CVE-2024-46888, CVE-2024-46890

  • SINEC INS Version: 1.0 SP2 Update 3 or later version

 

CVE-2023-32736

  • See References Sites [2] for updates

 

CVE-2024-50310

  • SIMATIC CP 1543-1 V4.0 version: 4.0.50 or later version

 

CVE-2024-29119

  • Spectrum Power 7 version: 24Q3 or later version

 

CVE-2024-44102

  • See References Sites [5] for updates

 

CVE-2024-50557, CVE-2024-50572

  • See References Sites [6] for updates

 

CVE-2024-47940, CVE-2024-47941, CVE-2024-47942

  • Solid Edge SE2024 version: 224.0 Update 9 or later version

 

CVE-2024-47808

  • SINEC NMS version: 3.0 SP1 or later version

 

CVE-2024-36140

  • OZW672 version: 5.2 or later version
  • OZW772 version: 5.2 or later version

 

CVE-2024-47783

  • SIPORT version: 3.4.0 or later version

 

 

Referenced Sites

 

[1] SSA-915275: Multiple Vulnerabilities in SINEC INS Before V1.0 SP2 Update 3

https://cert-portal.siemens.com/productcert/html/ssa-915275.html#cves-section

[2] SSA-871035: Session-Memory Deserialization Vulnerability in Siemens Engineering Platforms Before V19

https://cert-portal.siemens.com/productcert/html/ssa-871035.html

[3] SSA-654798: Incorrect Authorization Vulnerability in SIMATIC CP 1543-1 Devices

https://cert-portal.siemens.com/productcert/html/ssa-654798.html

[4] SSA-616032: Local Privilege Escalation Vulnerability in Spectrum Power 7 Before V24Q3

https://cert-portal.siemens.com/productcert/html/ssa-616032.html

[5] SSA-454789: Deserialization Vulnerability in TeleControl Server Basic V3.1

https://cert-portal.siemens.com/productcert/html/ssa-454789.html

[6] SSA-354112: Multiple Vulnerabilities in SCALANCE M-800 Family Before V8.2

https://cert-portal.siemens.com/productcert/html/ssa-354112.html#cves-section

[7] SSA-351178: Multiple Vulnerabilities in Solid Edge Before SE2024 Update 9

https://cert-portal.siemens.com/productcert/html/ssa-351178.html#cves-section

[8] SSA-331112: Multiple Vulnerabilities in SINEC NMS Before V3.0 SP1

https://cert-portal.siemens.com/productcert/html/ssa-331112.html

[9] SSA-230445: Stored XSS Vulnerability in OZW Web Servers Before V5.2

https://cert-portal.siemens.com/productcert/html/ssa-230445.html

[10] SSA-064257: Privilege Escalation Vulnerability in SIPORT Before V3.4.0

https://cert-portal.siemens.com/productcert/html/ssa-064257.html

Tags:

Previous Post

Next Post