Kwetsbaarheden verholpen in Siemens producten

Deze pagina zet de platte tekst van officiële advisories automatisch om naar HTML. Hierbij kan mogelijk informatie verloren gaan. De Signed PGP-versies zijn leidend.
Publicatie Kans Schade    
  Versie 1.00 12-11-2024 NCSC-2024-0433  
 
medium
high
 Signed-PGP →
CSAF →
PDF →
  
12-11-2024
medium
high
 NCSC-2024-0433 [1.00] Signed-PGP →
Text, CSAF (sig), PDF
Kenmerken

Kenmerken
  • Out-of-bounds Read
  • Misinterpretation of Input
  • Inefficient Regular Expression Complexity
  • CWE-275
  • Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
  • Improper Privilege Management
  • Improperly Controlled Sequential Memory Allocation
  • Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')
  • Insufficient Session Expiration
  • Integer Overflow or Wraparound
  • Missing Release of Memory after Effective Lifetime
  • Truncation of Security-relevant Information
  • Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • Expected Behavior Violation
  • Missing Release of Resource after Effective Lifetime
  • Stack-based Buffer Overflow
  • Improper Validation of Certificate with Host Mismatch
  • Improper Locking
  • Cleartext Transmission of Sensitive Information
  • Incorrect Permission Assignment for Critical Resource
  • Exposure of Sensitive Information to an Unauthorized Actor
  • Privilege Dropping / Lowering Errors
  • Excessive Iteration
  • Improper Access Control
  • NULL Pointer Dereference
  • Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
  • Exposure of Sensitive Information Due to Incompatible Policies
  • Improper Resource Shutdown or Release
  • Use After Free
  • Improper Control of Generation of Code ('Code Injection')
  • Incorrect Provision of Specified Functionality
  • Improper Validation of Specified Quantity in Input
  • Deserialization of Untrusted Data
  • Insufficient Technical Documentation
  • Improper Certificate Validation
  • Missing Encryption of Sensitive Data
  • Use of Hard-coded Cryptographic Key
  • Unchecked Input for Loop Condition
  • Interpretation Conflict
  • Use of a Cryptographic Primitive with a Risky Implementation
  • Incorrect Authorization
  • Observable Timing Discrepancy
  • Incorrect Privilege Assignment
  • CWE-310
  • Improper Check for Unusual or Exceptional Conditions
  • Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
  • Improper Input Validation
  • Allocation of Resources Without Limits or Throttling
  • Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')
  • Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
  • Improper Validation of Integrity Check Value
  • Server-Side Request Forgery (SSRF)
  • Improper Restriction of Operations within the Bounds of a Memory Buffer
  • Use of Weak Hash
  • Memory Allocation with Excessive Size Value
  • Insertion of Sensitive Information Into Sent Data
  • Out-of-bounds Write
  • Permissive Cross-domain Policy with Untrusted Domains
  • Heap-based Buffer Overflow
  • Improper Authentication
  • Missing Cryptographic Step
  • Use of a Broken or Risky Cryptographic Algorithm
  • Uncontrolled Search Path Element
  • Observable Discrepancy
  • Uncontrolled Resource Consumption
  • Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
  • Reachable Assertion
  • Policy Privileges are not Assigned Consistently Between Control and Data Agents
Omschrijving

Omschrijving

Siemens heeft kwetsbaarheden verholpen in diverse producten als Mendix, RUGGEDCOM, SCALANCE, SIMATIC en SINEC. De kwetsbaarheden stellen een kwaadwillende mogelijk in staat aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:

Denial-of-Service (DoS)
Cross-Site-Scripting (XSS)
Manipulatie van gegevens
Omzeilen van een beveiligingsmaatregel
Omzeilen van authenticatie (Remote) code execution (Administrator/Root rechten) (Remote) code execution (Gebruikersrechten)
Toegang tot systeemgegevens
Verhoogde gebruikersrechten

De kwaadwillende heeft hiervoor toegang nodig tot de productieomgeving. Het is goed gebruik een dergelijke omgeving niet publiek toegankelijk te hebben.
Bereik

Bereik
Platforms Producten Versies

cpu_1518f-4_pn\/dp_mfp_firmware
cpu_1518f-4_pn__dp_mfp_firmware
ruggedcom_ape1808
ruggedcom_ape1808_firmware
security_configuration_tool
siemens_simatic_s7-1500_tm_mfp
siemens_simatic_s7_-1500_tm_mfp
siemens_telecontrol_server_basic
simatic_mv500_firmware
simatic_net_pc_software
simatic_pcs_7
simatic_s7-1500_cpu_1518f-4_pn\/dp_mfp_firmware
simatic_s7-1500_cpu_1518f-4_pn__dp_mfp_firmware
simatic_s7-1500_tm_mfp_firmware
simatic_step_7
simatic_wincc
simatic_wincc_oa
simatic_wincc_runtime_advanced
simatic_wincc_runtime_professional

siemens mendix_runtime_v10
siemens mendix_runtime_v10.12
siemens mendix_runtime_v10.6
siemens mendix_runtime_v8
siemens mendix_runtime_v9
siemens ozw672
siemens ozw772
siemens pp_telecontrol_server_basic_1000_to_5000_v3.1
siemens pp_telecontrol_server_basic_256_to_1000_v3.1
siemens pp_telecontrol_server_basic_32_to_64_v3.1
siemens pp_telecontrol_server_basic_64_to_256_v3.1
siemens pp_telecontrol_server_basic_8_to_32_v3.1
siemens ruggedcom_ape1808
siemens ruggedcom_rm1224_lte_4g__eu
siemens ruggedcom_rm1224_lte_4g__nam
siemens s7-pct
siemens s7_port_configuration_tool
siemens scalance_m804pb
siemens scalance_m812-1_adsl-router
siemens scalance_m816-1_adsl-router
siemens scalance_m826-2_shdsl-router
siemens scalance_m874-2
siemens scalance_m874-3
siemens scalance_m874-3_3g-router__cn_
siemens scalance_m876-3
siemens scalance_m876-3__rok_
siemens scalance_m876-4
siemens scalance_m876-4__eu_
siemens scalance_m876-4__nam_
siemens scalance_mum853-1__a1_
siemens scalance_mum853-1__b1_
siemens scalance_mum853-1__eu_
siemens scalance_mum856-1__a1_
siemens scalance_mum856-1__b1_
siemens scalance_mum856-1__cn_
siemens scalance_mum856-1__eu_
siemens scalance_mum856-1__row_
siemens scalance_s615_eec_lan-router
siemens scalance_s615_lan-router
siemens scalance_xch328__6gk5328-4ts01-2ec2_
siemens scalance_xcm324__6gk5324-8ts01-2ac2_
siemens scalance_xcm328__6gk5328-4ts01-2ac2_
siemens scalance_xcm332__6gk5332-0ga01-2ac2_
siemens scalance_xrh334__24_v_dc__8xfo__cc___6gk5334-2ts01-2er3_ siemens scalance_xrm334__230_v_ac__12xfo___6gk5334-3ts01-3ar3_ siemens scalance_xrm334__230_v_ac__8xfo___6gk5334-2ts01-3ar3_ siemens scalance_xrm334__24_v_dc__12xfo___6gk5334-3ts01-2ar3_ siemens scalance_xrm334__24_v_dc__8xfo___6gk5334-2ts01-2ar3_ siemens scalance_xrm334__2x230_v_ac__12xfo___6gk5334-3ts01-4ar3_ siemens scalance_xrm334__2x230_v_ac__8xfo___6gk5334-2ts01-4ar3_ siemens security_configuration_tool siemens security_configuration_tool__sct_ siemens simatic_automation_tool siemens simatic_batch_v9.1 siemens simatic_cp_1543-1_v4.0 siemens simatic_mv500_family siemens simatic_net_pc-software siemens simatic_net_pc_software siemens simatic_net_pc_software_v16 siemens simatic_net_pc_software_v17 siemens simatic_net_pc_software_v18 siemens simatic_net_pc_software_v19 siemens simatic_pcs siemens simatic_pcs_7_v9.1 siemens simatic_pdm_v9.2 siemens simatic_route_control_ siemens simatic_route_control_v9.1 siemens simatic_rtls_locating_manager siemens simatic_rtls_locating_manager__6gt2780-0da00_ siemens simatic_rtls_locating_manager__6gt2780-0da10_ siemens simatic_rtls_locating_manager__6gt2780-0da20_ siemens simatic_rtls_locating_manager__6gt2780-0da30_ siemens simatic_rtls_locating_manager__6gt2780-1ea10_ siemens simatic_rtls_locating_manager__6gt2780-1ea20_ siemens simatic_rtls_locating_manager__6gt2780-1ea30_ siemens simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ab0_ siemens simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ac0_ siemens simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ab0_ siemens simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ac0_ siemens simatic_s7-1500_tm_mfp_-_gnu_linux_subsystem siemens simatic_s7-plcsim_v16 siemens simatic_s7-plcsim_v17 siemens simatic_step_7_safety_v16 siemens simatic_step_7_safety_v17 siemens simatic_step_7_safety_v18 siemens simatic_step_7_v16 siemens simatic_step_7_v17 siemens simatic_step_7_v18 siemens simatic_step_7_v5 siemens simatic_wincc siemens simatic_wincc_oa_v3.17 siemens simatic_wincc_oa_v3.18 siemens simatic_wincc_oa_v3.19 siemens simatic_wincc_runtime_advanced siemens simatic_wincc_runtime_professional siemens simatic_wincc_runtime_professional_v16 siemens simatic_wincc_runtime_professional_v17 siemens simatic_wincc_runtime_professional_v18 siemens simatic_wincc_runtime_professional_v19 siemens simatic_wincc_unified_pc_runtime siemens simatic_wincc_unified_pc_runtime_v18 siemens simatic_wincc_unified_v16 siemens simatic_wincc_unified_v17 siemens simatic_wincc_unified_v18 siemens simatic_wincc_v16 siemens simatic_wincc_v17 siemens simatic_wincc_v18 siemens simatic_wincc_v7.4 siemens simatic_wincc_v7.5 siemens simatic_wincc_v8.0 siemens simocode_es_v16 siemens simocode_es_v17 siemens simocode_es_v18 siemens simotion_scout_tia_v5.4_sp1 siemens simotion_scout_tia_v5.4_sp3 siemens simotion_scout_tia_v5.5_sp1 siemens sinamics_startdrive siemens sinamics_startdrive_v16 siemens sinamics_startdrive_v17 siemens sinamics_startdrive_v18 siemens sinec_ins siemens sinec_network_management_system siemens sinec_nms siemens sinema_remote_connect_client siemens sinumerik_one_virtual siemens sinumerik_plc_programming_tool siemens siplus_s7-1500_cpu_1518-4_pn_dp_mfp__6ag1518-4ax00-4ac0_ siemens siport siemens sirius_safety_es_v17 siemens sirius_safety_es_v18 siemens sirius_soft_starter_es_v17 siemens sirius_soft_starter_es_v18 siemens solid_edge_se2024 siemens spectrum_power_7 siemens st7_scadaconnect siemens st7_scadaconnect__6nh7997-5da10-0aa0_ siemens telecontrol_server_basic siemens telecontrol_server_basic_1000_v3.1 siemens telecontrol_server_basic_256_v3.1 siemens telecontrol_server_basic_32_v3.1 siemens telecontrol_server_basic_5000_v3.1 siemens telecontrol_server_basic_64_v3.1 siemens telecontrol_server_basic_8_v3.1 siemens telecontrol_server_basic_serv_upgr siemens telecontrol_server_basic_upgr_v3.1 siemens telecontrol_server_basic_v3 siemens tia_portal_cloud_connector siemens tia_portal_cloud_v16 siemens tia_portal_cloud_v17 siemens tia_portal_cloud_v18 siemens totally_integrated_automation_portal siemens totally_integrated_automation_portal__tia_portal__v15.1 siemens totally_integrated_automation_portal__tia_portal__v16 siemens totally_integrated_automation_portal__tia_portal__v17 siemens totally_integrated_automation_portal__tia_portal__v18 siemens totally_integrated_automation_portal__tia_portal__v19 siemens wincc siemens wincc_tia_portal
  1. - 0 - 0 - all_versions - 0 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - 3.0.1.1 - 0 - 8.0 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - 2.0 - 0 - 2.0 - 3.0 - 0 - 0 - 1.1 - 3.1.2 - 0 - 15.1 - 16 - 17 - 18 - 19 - 0 - 0 - 0 - 0 - 0 - 11.0
Oplossingen

Oplossingen

Siemens heeft beveiligingsupdates uitgebracht om de kwetsbaarheden te verhelpen. Voor de kwetsbaarheden waar nog geen updates voor zijn, heeft Siemens mitigerende maatregelen gepubliceerd om de risico's zoveel als mogelijk te beperken. Zie de bijgevoegde referenties voor meer informatie. [Link] [Link] [Link] [Link] [Link] [Link] [Link] [Link] [Link] [Link] [Link] [Link]
CVE’s

CVE’s

CVE-2021-3506, CVE-2023-2975, CVE-2023-3341, CVE-2023-3446, CVE-2023-3817, CVE-2023-4236, CVE-2023-4408, CVE-2023-4807, CVE-2023-5363, CVE-2023-5517, CVE-2023-5678, CVE-2023-5679, CVE-2023-5680, CVE-2023-6129, CVE-2023-6237, CVE-2023-6516, CVE-2023-7104, CVE-2023-28450, CVE-2023-30584, CVE-2023-32002, CVE-2023-32003, CVE-2023-32004, CVE-2023-32005, CVE-2023-32006, CVE-2023-32558, CVE-2023-32559, CVE-2023-32736, CVE-2023-38552, CVE-2023-38709, CVE-2023-39331, CVE-2023-39332, CVE-2023-39333, CVE-2023-44487, CVE-2023-45143, CVE-2023-46218, CVE-2023-46219, CVE-2023-46280, CVE-2023-46809, CVE-2023-47038, CVE-2023-47039, CVE-2023-47100, CVE-2023-48795, CVE-2023-49441, CVE-2023-50387, CVE-2023-50868, CVE-2023-52389, CVE-2024-0232, CVE-2024-0727, CVE-2024-2004, CVE-2024-2379, CVE-2024-2398, CVE-2024-2466, CVE-2024-2511, CVE-2024-4603, CVE-2024-4741, CVE-2024-5535, CVE-2024-5594, CVE-2024-21890, CVE-2024-21891, CVE-2024-21892, CVE-2024-21896, CVE-2024-22017, CVE-2024-22019, CVE-2024-22025, CVE-2024-24758, CVE-2024-24795, CVE-2024-24806, CVE-2024-26306, CVE-2024-26925, CVE-2024-27316, CVE-2024-27980, CVE-2024-27982, CVE-2024-27983, CVE-2024-28882, CVE-2024-29119, CVE-2024-36140, CVE-2024-44102, CVE-2024-46888, CVE-2024-46889, CVE-2024-46890, CVE-2024-46891, CVE-2024-46892, CVE-2024-46894, CVE-2024-47783, CVE-2024-47808, CVE-2024-47940, CVE-2024-47941, CVE-2024-47942, CVE-2024-50310, CVE-2024-50313, CVE-2024-50557, CVE-2024-50558, CVE-2024-50559, CVE-2024-50560, CVE-2024-50561, CVE-2024-50572
  Versie 1.00 12-11-2024 NCSC-2024-0433  
 
medium
high
 Signed-PGP →
CSAF →
PDF →
  
12-11-2024
medium
high
 NCSC-2024-0433 [1.00] Signed-PGP →
Text, CSAF (sig), PDF

Vrijwaringsverklaring

Door gebruik van deze security advisory gaat u akkoord met de navolgende voorwaarden. Ondanks dat het NCSC de grootst mogelijke zorg heeft betracht bij de samenstelling van dit beveiligingsadvies, kan het NCSC niet instaan voor de volledigheid, juistheid of (voortdurende) actualiteit van dit beveiligingsadvies. De informatie in dit beveiligingsadvies is uitsluitend bedoeld als algemene informatie voor professionele partijen. Aan de informatie in dit beveiligingsadvies kunnen geen rechten worden ontleend.
Het NCSC en de Staat zijn niet aansprakelijk voor enige schade ten gevolge van het gebruik of de onmogelijkheid van het gebruik van dit beveiligingsadvies, waaronder begrepen schade ten gevolge van de onjuistheid of onvolledigheid van de informatie in dit beveiligingsadvies.
Op dit beveiligingsadvies is Nederlands recht van toepassing. Alle geschillen in verband met en/of voortvloeiend uit dit beveiligingsadvies zullen worden voorgelegd aan de exclusief bevoegde rechter te Den Haag. Deze rechtskeuze geldt tevens voor de voorzieningenrechter in kort geding.