NCSC | Beveiligingsadviezen
Bekijk RSS-feed

Beveiligingsadviezen

Download

Beveilingsadvies; NCSC-2025-0187 [1.0.0]

Beveiligingsadvies
NCSC-2025-0187 [1.0.0]
Publicatie
10-06-2025 15:11 (Europe/Amsterdam)
Prioriteit
Normaal
Betreft
Kwetsbaarheden verholpen in Siemens producten

Kenmerken

  • Use of NullPointerException Catch to Detect NULL Pointer Dereference
  • Insufficient Entropy in PRNG
  • Improper Verification of Source of a Communication Channel
  • Return of Pointer Value Outside of Expected Range
  • Detection of Error Condition Without Action
  • Premature Release of Resource During Expected Lifetime
  • Truncation of Security-relevant Information
  • CWE-310
  • Improper Check for Dropped Privileges
  • Signal Handler Race Condition
  • Improper Update of Reference Count
  • Incorrect Calculation of Buffer Size
  • Missing Critical Step in Authentication
  • Incorrect Provision of Specified Functionality
  • Improper Handling of Length Parameter Inconsistency
  • Privilege Chaining
  • Race Condition within a Thread
  • Improper Neutralization of Escape, Meta, or Control Sequences
  • Insertion of Sensitive Information Into Sent Data
  • Inefficient Algorithmic Complexity
  • CWE-371
  • Time-of-check Time-of-use (TOCTOU) Race Condition
  • Improper Locking
  • Missing Encryption of Sensitive Data
  • Improper Check or Handling of Exceptional Conditions
  • Use of Uninitialized Resource
  • Reachable Assertion
  • Improper Validation of Array Index
  • Buffer Underwrite ('Buffer Underflow')
  • Access of Resource Using Incompatible Type ('Type Confusion')
  • Insufficient Verification of Data Authenticity
  • Improper Validation of Integrity Check Value
  • Missing Cryptographic Step
  • Integer Overflow or Wraparound
  • Authentication Bypass by Spoofing
  • Improper Control of Resource Identifiers ('Resource Injection')
  • Improper Initialization
  • Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
  • Out-of-bounds Read
  • Improper Resource Shutdown or Release
  • Improper Access Control
  • Improper Restriction of Operations within the Bounds of a Memory Buffer
  • Use After Free
  • NULL Pointer Dereference
  • Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')
  • Uncontrolled Resource Consumption
  • Allocation of Resources Without Limits or Throttling
  • Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
  • Improper Restriction of XML External Entity Reference
  • Out-of-bounds Write
  • Exposure of Sensitive Information to an Unauthorized Actor
  • Heap-based Buffer Overflow
  • Stack-based Buffer Overflow
  • Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
  • External Control of File Name or Path
  • Improper Input Validation
  • Incorrect Authorization
  • Incorrect Default Permissions

Omschrijving

Siemens heeft kwetsbaarheden verholpen in diverse producten als RUGGEDCOM, SCALANCE, SIMATIC en Tecnomatix

De kwetsbaarheden stellen een kwaadwillende mogelijk in staat aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:

  • Denial-of-Service (DoS)
  • Manipulatie van gegevens
  • Omzeilen van een beveiligingsmaatregel
  • Omzeilen van authenticatie
  • (Remote) code execution (root/admin rechten)
  • (Remote) code execution (Gebruikersrechten)
  • Toegang tot systeemgegevens
  • Toegang tot gevoelige gegevens
  • Spoofing

De kwaadwillende heeft hiervoor toegang nodig tot de productieomgeving. Het is goed gebruik een dergelijke omgeving niet publiek toegankelijk te hebben.

Oplossingen

Siemens heeft beveiligingsupdates uitgebracht om de kwetsbaarheden te verhelpen. Voor de kwetsbaarheden waar nog geen updates voor zijn, heeft Siemens mitigerende maatregelen gepubliceerd om de risico's zoveel als mogelijk te beperken. Zie de bijgevoegde referenties voor meer informatie.

Referenties

CVE's

Producten

Siemens
SIMATIC S7-1500
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP Firmware
Simatic S7-1500 Tm Mfp Firmware
RUGGEDCOM APE1808 Firmware
Ruggedcom Ape1808
Scalance W700 Ieee 802.11Ax Firmware
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)
SIMATIC S7-1500 TM MFP - BIOS
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)
RUGGEDCOM APE1808
ruggedcom_ape1808
Energy Services
Tecnomatix Plant Simulation V2404
SCALANCE XC316-8 (6GK5324-8TS00-2AC2)
SCALANCE XC324-4 (6GK5328-4TS00-2AC2)
SCALANCE XC324-4 EEC (6GK5328-4TS00-2EC2)
SCALANCE XC332 (6GK5332-0GA00-2AC2)
SCALANCE XC416-8 (6GK5424-8TR00-2AC2)
SCALANCE XC424-4 (6GK5428-4TR00-2AC2)
SCALANCE XC432 (6GK5432-0GR00-2AC2)
SCALANCE XCH328 (6GK5328-4TS01-2EC2)
SCALANCE XCM324 (6GK5324-8TS01-2AC2)
SCALANCE XCM328 (6GK5328-4TS01-2AC2)
SCALANCE XCM332 (6GK5332-0GA01-2AC2)
SCALANCE XR302-32 (6GK5334-5TS00-2AR3)
SCALANCE XR302-32 (6GK5334-5TS00-3AR3)
SCALANCE XR302-32 (6GK5334-5TS00-4AR3)
SCALANCE XR322-12 (6GK5334-3TS00-2AR3)
SCALANCE XR322-12 (6GK5334-3TS00-3AR3)
SCALANCE XR322-12 (6GK5334-3TS00-4AR3)
SCALANCE XR326-8 (6GK5334-2TS00-2AR3)
SCALANCE XR326-8 (6GK5334-2TS00-3AR3)
SCALANCE XR326-8 (6GK5334-2TS00-4AR3)
SCALANCE XR326-8 EEC (6GK5334-2TS00-2ER3)
SCALANCE XR502-32 (6GK5534-5TR00-2AR3)
SCALANCE XR502-32 (6GK5534-5TR00-3AR3)
SCALANCE XR502-32 (6GK5534-5TR00-4AR3)
SCALANCE XR522-12 (6GK5534-3TR00-2AR3)
SCALANCE XR522-12 (6GK5534-3TR00-3AR3)
SCALANCE XR522-12 (6GK5534-3TR00-4AR3)
SCALANCE XR526-8 (6GK5534-2TR00-2AR3)
SCALANCE XR526-8 (6GK5534-2TR00-3AR3)
SCALANCE XR526-8 (6GK5534-2TR00-4AR3)
SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3)
SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3)
SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3)
SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3)
SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3)
SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3)
SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3)
SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3)
SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3)
SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)

Disclaimer

The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions: NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein. NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory. This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.