-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
#####################################################
## N C S C ~ B E V E I L I G I N G S A D V I E S ##
#####################################################
Titel : Kwetsbaarheden verholpen in Siemens producten
Advisory ID : NCSC-2024-0433
Versie : 1.00
Kans : medium
CVE ID : CVE-2021-3506, CVE-2023-2975, CVE-2023-3341,
CVE-2023-3446, CVE-2023-3817, CVE-2023-4236,
CVE-2023-4408, CVE-2023-4807, CVE-2023-5363,
CVE-2023-5517, CVE-2023-5678, CVE-2023-5679,
CVE-2023-5680, CVE-2023-6129, CVE-2023-6237,
CVE-2023-6516, CVE-2023-7104, CVE-2023-28450,
CVE-2023-30584, CVE-2023-32002, CVE-2023-32003,
CVE-2023-32004, CVE-2023-32005, CVE-2023-32006,
CVE-2023-32558, CVE-2023-32559, CVE-2023-32736,
CVE-2023-38552, CVE-2023-38709, CVE-2023-39331,
CVE-2023-39332, CVE-2023-39333, CVE-2023-44487,
CVE-2023-45143, CVE-2023-46218, CVE-2023-46219,
CVE-2023-46280, CVE-2023-46809, CVE-2023-47038,
CVE-2023-47039, CVE-2023-47100, CVE-2023-48795,
CVE-2023-49441, CVE-2023-50387, CVE-2023-50868,
CVE-2023-52389, CVE-2024-0232, CVE-2024-0727,
CVE-2024-2004, CVE-2024-2379, CVE-2024-2398,
CVE-2024-2466, CVE-2024-2511, CVE-2024-4603,
CVE-2024-4741, CVE-2024-5535, CVE-2024-5594,
CVE-2024-21890, CVE-2024-21891, CVE-2024-21892,
CVE-2024-21896, CVE-2024-22017, CVE-2024-22019,
CVE-2024-22025, CVE-2024-24758, CVE-2024-24795,
CVE-2024-24806, CVE-2024-26306, CVE-2024-26925,
CVE-2024-27316, CVE-2024-27980, CVE-2024-27982,
CVE-2024-27983, CVE-2024-28882, CVE-2024-29119,
CVE-2024-36140, CVE-2024-44102, CVE-2024-46888,
CVE-2024-46889, CVE-2024-46890, CVE-2024-46891,
CVE-2024-46892, CVE-2024-46894, CVE-2024-47783,
CVE-2024-47808, CVE-2024-47940, CVE-2024-47941,
CVE-2024-47942, CVE-2024-50310, CVE-2024-50313,
CVE-2024-50557, CVE-2024-50558, CVE-2024-50559,
CVE-2024-50560, CVE-2024-50561, CVE-2024-50572
(Details over de kwetsbaarheden kunt u vinden op
de Mitre website: https://cve.mitre.org/cve/)
Schade : high
Out-of-bounds Read
Misinterpretation of Input
Inefficient Regular Expression Complexity
CWE-275
Improper Neutralization of Special Elements used in an
OS Command ('OS Command Injection')
Improper Privilege Management
Improperly Controlled Sequential Memory Allocation
Improper Neutralization of CRLF Sequences in HTTP
Headers ('HTTP Request/Response Splitting')
Insufficient Session Expiration
Integer Overflow or Wraparound
Missing Release of Memory after Effective Lifetime
Truncation of Security-relevant Information
Improper Neutralization of Input During Web Page
Generation ('Cross-site Scripting')
Expected Behavior Violation
Missing Release of Resource after Effective Lifetime
Stack-based Buffer Overflow
Improper Validation of Certificate with Host Mismatch
Improper Locking
Cleartext Transmission of Sensitive Information
Incorrect Permission Assignment for Critical Resource
Exposure of Sensitive Information to an Unauthorized
Actor
Privilege Dropping / Lowering Errors
Excessive Iteration
Improper Access Control
NULL Pointer Dereference
Inconsistent Interpretation of HTTP Requests ('HTTP
Request/Response Smuggling')
Exposure of Sensitive Information Due to Incompatible
Policies
Improper Resource Shutdown or Release
Use After Free
Improper Control of Generation of Code ('Code
Injection')
Incorrect Provision of Specified Functionality
Improper Validation of Specified Quantity in Input
Deserialization of Untrusted Data
Insufficient Technical Documentation
Improper Certificate Validation
Missing Encryption of Sensitive Data
Use of Hard-coded Cryptographic Key
Unchecked Input for Loop Condition
Interpretation Conflict
Use of a Cryptographic Primitive with a Risky
Implementation
Incorrect Authorization
Observable Timing Discrepancy
Incorrect Privilege Assignment
CWE-310
Improper Check for Unusual or Exceptional Conditions
Concurrent Execution using Shared Resource with
Improper Synchronization ('Race Condition')
Improper Input Validation
Allocation of Resources Without Limits or Throttling
Selection of Less-Secure Algorithm During Negotiation
('Algorithm Downgrade')
Improper Limitation of a Pathname to a Restricted
Directory ('Path Traversal')
Improper Validation of Integrity Check Value
Server-Side Request Forgery (SSRF)
Improper Restriction of Operations within the Bounds
of a Memory Buffer
Use of Weak Hash
Memory Allocation with Excessive Size Value
Insertion of Sensitive Information Into Sent Data
Out-of-bounds Write
Permissive Cross-domain Policy with Untrusted Domains
Heap-based Buffer Overflow
Improper Authentication
Missing Cryptographic Step
Use of a Broken or Risky Cryptographic Algorithm
Uncontrolled Search Path Element
Observable Discrepancy
Uncontrolled Resource Consumption
Improper Neutralization of Special Elements in Output
Used by a Downstream Component ('Injection')
Reachable Assertion
Policy Privileges are not Assigned Consistently
Between Control and Data Agents
Uitgiftedatum : 20241112
Toepassing : siemens mendix_runtime_v10
siemens mendix_runtime_v10.12
siemens mendix_runtime_v10.6
siemens mendix_runtime_v8
siemens mendix_runtime_v9
siemens ozw672
siemens ozw772
siemens pp_telecontrol_server_basic_1000_to_5000_v3.1
siemens pp_telecontrol_server_basic_256_to_1000_v3.1
siemens pp_telecontrol_server_basic_32_to_64_v3.1
siemens pp_telecontrol_server_basic_64_to_256_v3.1
siemens pp_telecontrol_server_basic_8_to_32_v3.1
siemens ruggedcom_ape1808
siemens ruggedcom_rm1224_lte_4g__eu
siemens ruggedcom_rm1224_lte_4g__nam
siemens s7-pct
siemens s7_port_configuration_tool
siemens scalance_m804pb
siemens scalance_m812-1_adsl-router
siemens scalance_m816-1_adsl-router
siemens scalance_m826-2_shdsl-router
siemens scalance_m874-2
siemens scalance_m874-3
siemens scalance_m874-3_3g-router__cn_
siemens scalance_m876-3
siemens scalance_m876-3__rok_
siemens scalance_m876-4
siemens scalance_m876-4__eu_
siemens scalance_m876-4__nam_
siemens scalance_mum853-1__a1_
siemens scalance_mum853-1__b1_
siemens scalance_mum853-1__eu_
siemens scalance_mum856-1__a1_
siemens scalance_mum856-1__b1_
siemens scalance_mum856-1__cn_
siemens scalance_mum856-1__eu_
siemens scalance_mum856-1__row_
siemens scalance_s615_eec_lan-router
siemens scalance_s615_lan-router
siemens scalance_xch328__6gk5328-4ts01-2ec2_
siemens scalance_xcm324__6gk5324-8ts01-2ac2_
siemens scalance_xcm328__6gk5328-4ts01-2ac2_
siemens scalance_xcm332__6gk5332-0ga01-2ac2_
siemens scalance_xrh334__24_v_dc__8xfo__cc___6gk5334-
2ts01-2er3_
siemens
scalance_xrm334__230_v_ac__12xfo___6gk5334-3ts01-3ar3_
siemens
scalance_xrm334__230_v_ac__8xfo___6gk5334-2ts01-3ar3_
siemens
scalance_xrm334__24_v_dc__12xfo___6gk5334-3ts01-2ar3_
siemens
scalance_xrm334__24_v_dc__8xfo___6gk5334-2ts01-2ar3_
siemens scalance_xrm334__2x230_v_ac__12xfo___6gk5334-
3ts01-4ar3_
siemens scalance_xrm334__2x230_v_ac__8xfo___6gk5334-
2ts01-4ar3_
siemens security_configuration_tool
siemens security_configuration_tool__sct_
siemens simatic_automation_tool
siemens simatic_batch_v9.1
siemens simatic_cp_1543-1_v4.0
siemens simatic_mv500_family
siemens simatic_net_pc-software
siemens simatic_net_pc_software
siemens simatic_net_pc_software_v16
siemens simatic_net_pc_software_v17
siemens simatic_net_pc_software_v18
siemens simatic_net_pc_software_v19
siemens simatic_pcs
siemens simatic_pcs_7_v9.1
siemens simatic_pdm_v9.2
siemens simatic_route_control_
siemens simatic_route_control_v9.1
siemens simatic_rtls_locating_manager
siemens simatic_rtls_locating_manager__6gt2780-0da00_
siemens simatic_rtls_locating_manager__6gt2780-0da10_
siemens simatic_rtls_locating_manager__6gt2780-0da20_
siemens simatic_rtls_locating_manager__6gt2780-0da30_
siemens simatic_rtls_locating_manager__6gt2780-1ea10_
siemens simatic_rtls_locating_manager__6gt2780-1ea20_
siemens simatic_rtls_locating_manager__6gt2780-1ea30_
siemens simatic_s7
siemens simatic_s7-1500
siemens simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-
4ax00-1ab0_
siemens simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-
4ax00-1ac0_
siemens simatic_s7-1500_cpu_1518f-
4_pn_dp_mfp__6es7518-4fx00-1ab0_
siemens simatic_s7-1500_cpu_1518f-
4_pn_dp_mfp__6es7518-4fx00-1ac0_
siemens simatic_s7-1500_tm_mfp_-_gnu_linux_subsystem
siemens simatic_s7-plcsim_v16
siemens simatic_s7-plcsim_v17
siemens simatic_step_7_safety_v16
siemens simatic_step_7_safety_v17
siemens simatic_step_7_safety_v18
siemens simatic_step_7_v16
siemens simatic_step_7_v17
siemens simatic_step_7_v18
siemens simatic_step_7_v5
siemens simatic_wincc
siemens simatic_wincc_oa_v3.17
siemens simatic_wincc_oa_v3.18
siemens simatic_wincc_oa_v3.19
siemens simatic_wincc_runtime_advanced
siemens simatic_wincc_runtime_professional
siemens simatic_wincc_runtime_professional_v16
siemens simatic_wincc_runtime_professional_v17
siemens simatic_wincc_runtime_professional_v18
siemens simatic_wincc_runtime_professional_v19
siemens simatic_wincc_unified_pc_runtime
siemens simatic_wincc_unified_pc_runtime_v18
siemens simatic_wincc_unified_v16
siemens simatic_wincc_unified_v17
siemens simatic_wincc_unified_v18
siemens simatic_wincc_v16
siemens simatic_wincc_v17
siemens simatic_wincc_v18
siemens simatic_wincc_v7.4
siemens simatic_wincc_v7.5
siemens simatic_wincc_v8.0
siemens simocode_es_v16
siemens simocode_es_v17
siemens simocode_es_v18
siemens simotion_scout_tia_v5.4_sp1
siemens simotion_scout_tia_v5.4_sp3
siemens simotion_scout_tia_v5.5_sp1
siemens sinamics_startdrive
siemens sinamics_startdrive_v16
siemens sinamics_startdrive_v17
siemens sinamics_startdrive_v18
siemens sinec_ins
siemens sinec_network_management_system
siemens sinec_nms
siemens sinema_remote_connect_client
siemens sinumerik_one_virtual
siemens sinumerik_plc_programming_tool
siemens siplus_s7-1500_cpu_1518-4_pn_dp_mfp__6ag1518-
4ax00-4ac0_
siemens siport
siemens sirius_safety_es_v17
siemens sirius_safety_es_v18
siemens sirius_soft_starter_es_v17
siemens sirius_soft_starter_es_v18
siemens solid_edge_se2024
siemens spectrum_power_7
siemens st7_scadaconnect
siemens st7_scadaconnect__6nh7997-5da10-0aa0_
siemens telecontrol_server_basic
siemens telecontrol_server_basic_1000_v3.1
siemens telecontrol_server_basic_256_v3.1
siemens telecontrol_server_basic_32_v3.1
siemens telecontrol_server_basic_5000_v3.1
siemens telecontrol_server_basic_64_v3.1
siemens telecontrol_server_basic_8_v3.1
siemens telecontrol_server_basic_serv_upgr
siemens telecontrol_server_basic_upgr_v3.1
siemens telecontrol_server_basic_v3
siemens tia_portal_cloud_connector
siemens tia_portal_cloud_v16
siemens tia_portal_cloud_v17
siemens tia_portal_cloud_v18
siemens totally_integrated_automation_portal
siemens totally_integrated_automation_portal__tia_port
al__v15.1
siemens
totally_integrated_automation_portal__tia_portal__v16
siemens
totally_integrated_automation_portal__tia_portal__v17
siemens
totally_integrated_automation_portal__tia_portal__v18
siemens
totally_integrated_automation_portal__tia_portal__v19
siemens wincc
siemens wincc_tia_portal
Versie(s) :
Platform(s) : siemens cpu_1518f-4_pn\/dp_mfp_firmware
siemens cpu_1518f-4_pn__dp_mfp_firmware
siemens ruggedcom_ape1808
siemens ruggedcom_ape1808_firmware
siemens security_configuration_tool
siemens siemens_simatic_s7-1500_tm_mfp
siemens siemens_simatic_s7_-1500_tm_mfp
siemens siemens_telecontrol_server_basic
siemens simatic_mv500_firmware
siemens simatic_net_pc_software
siemens simatic_pcs_7
siemens
simatic_s7-1500_cpu_1518f-4_pn\/dp_mfp_firmware
siemens
simatic_s7-1500_cpu_1518f-4_pn__dp_mfp_firmware
siemens simatic_s7-1500_tm_mfp_firmware
siemens simatic_step_7
siemens simatic_wincc
siemens simatic_wincc_oa
siemens simatic_wincc_runtime_advanced
siemens simatic_wincc_runtime_professional
Beschrijving
Siemens heeft kwetsbaarheden verholpen in diverse producten als
Mendix, RUGGEDCOM, SCALANCE, SIMATIC en SINEC.
De kwetsbaarheden stellen een kwaadwillende mogelijk in staat
aanvallen uit te voeren die kunnen leiden tot de volgende categorieën
schade:
- Denial-of-Service (DoS)
- Cross-Site-Scripting (XSS)
- Manipulatie van gegevens
- Omzeilen van een beveiligingsmaatregel
- Omzeilen van authenticatie
- (Remote) code execution (Administrator/Root rechten)
- (Remote) code execution (Gebruikersrechten)
- Toegang tot systeemgegevens
- Verhoogde gebruikersrechten
De kwaadwillende heeft hiervoor toegang nodig tot de
productieomgeving. Het is goed gebruik een dergelijke omgeving niet
publiek toegankelijk te hebben.
Mogelijke oplossingen
Siemens heeft beveiligingsupdates uitgebracht om de kwetsbaarheden te
verhelpen. Voor de kwetsbaarheden waar nog geen updates voor zijn,
heeft Siemens mitigerende maatregelen gepubliceerd om de risico's
zoveel als mogelijk te beperken. Zie de bijgevoegde referenties voor
meer informatie.
Referenties:
Reference - ncscclear
https://cert-portal.siemens.com/productcert/pdf/ssa-000297.pdf
Reference - ncscclear
https://cert-portal.siemens.com/productcert/pdf/ssa-064257.pdf
Reference - ncscclear
https://cert-portal.siemens.com/productcert/pdf/ssa-230445.pdf
Reference - ncscclear
https://cert-portal.siemens.com/productcert/pdf/ssa-331112.pdf
Reference - ncscclear
https://cert-portal.siemens.com/productcert/pdf/ssa-351178.pdf
Reference - ncscclear
https://cert-portal.siemens.com/productcert/pdf/ssa-354112.pdf
Reference - ncscclear
https://cert-portal.siemens.com/productcert/pdf/ssa-454789.pdf
Reference - ncscclear
https://cert-portal.siemens.com/productcert/pdf/ssa-616032.pdf
Reference - ncscclear
https://cert-portal.siemens.com/productcert/pdf/ssa-654798.pdf
Reference - ncscclear
https://cert-portal.siemens.com/productcert/pdf/ssa-871035.pdf
Reference - ncscclear
https://cert-portal.siemens.com/productcert/pdf/ssa-914892.pdf
Reference - ncscclear
https://cert-portal.siemens.com/productcert/pdf/ssa-915275.pdf
Vrijwaringsverklaring
Door gebruik van deze security advisory gaat u akkoord met de
navolgende voorwaarden. Ondanks dat het NCSC de grootst mogelijke
zorg heeft betracht bij de samenstelling van dit beveiligingsadvies,
kan het NCSC niet instaan voor de volledigheid, juistheid of
(voortdurende) actualiteit van dit beveiligingsadvies. De informatie
in dit beveiligingsadvies is uitsluitend bedoeld als algemene
informatie voor professionele partijen. Aan de informatie in dit
beveiligingsadvies kunnen geen rechten worden ontleend. Het NCSC
en de Staat zijn niet aansprakelijk voor enige schade ten gevolge
van het gebruik of de onmogelijkheid van het gebruik van dit
beveiligingsadvies, waaronder begrepen schade ten gevolge van de
onjuistheid of onvolledigheid van de informatie in dit
beveiligingsadvies. Op dit beveiligingsadvies is Nederlands recht
van toepassing. Alle geschillen in verband met en/of voortvloeiend
uit dit beveiligingsadvies zullen worden voorgelegd aan de exclusief
bevoegde rechter te Den Haag. Deze rechtskeuze geldt tevens voor de
voorzieningenrechter in kort geding.
-----BEGIN PGP SIGNATURE-----
wsDzBAEBCgAdBQJnM2PwFiEEbfBszMuom42mJgp8sECQZ3v2JPIACgkQsECQZ3v2
JPJfpwv+Iho2GocYhmxlMuWjKW2VdNU+t5qmFM9qRuT6udV8Ctog29YIVSlK8ZT4
BJyrNt4H6pw2nz0mbeM3UZ5rvSs4t7kZUB1QCXAweMOM/A/6feJXRvcx4tiPdLOV
2q6IJdMm5X1BcpCdG/X+wXezalAjWv+9Q1hF04lCk0nRocdIVeUtoSaI1nLHMCrU
ht7zlaHVEhtLzsCxbpGaRPEvnqcE0o/C+Nc/V7urKdR04rCNTAK8+7+HcaQBOuC8
YpJ30I7fCFED3uruAQq4JVG3n/CX3fjZIllS8RkqzQYDk3gX82BMnDOlZoiBaUF2
j76MXWfUjRVb5UbF5u0DMlGvyAmTJisOr2/s4bniyMOYZGOkGSmNzY4J+oVpw9bl
bTvDW3UMSD8uNbCCpBeTlnW1PC/cWubG+JT5yBMIWsG42Rg0QFFaP34Iw8zZi1DC
wXzbFXIVswBgMyQltG7DhBSNhCtGoxCM3op863txMhfrJw22gqFer5HrgYnrFSsh
pusHRgOu
=UQlA
-----END PGP SIGNATURE-----
