Rewterz Threat Advisory – CVE-2021-26354 – Multiple AMD Chipsets Vulnerability
May 11, 2023Rewterz Threat Advisory – CVE-2023-29338 – Microsoft Visual Studio Code Vulnerability
May 11, 2023Rewterz Threat Advisory – CVE-2021-26354 – Multiple AMD Chipsets Vulnerability
May 11, 2023Rewterz Threat Advisory – CVE-2023-29338 – Microsoft Visual Studio Code Vulnerability
May 11, 2023Severity
Medium
Analysis Summary
CVE-2023-27410 CVSS:4.1
Siemens SCALANCE LPE9403 is vulnerable to a denial of service, caused by a heap-based buffer overflow in the edgebox_web_app binary. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2023-27409 CVSS:2.5
Siemens SCALANCE LPE9403 could allow a local authenticated attacker to traverse directories on the system, caused by improper validation of the deviceinfo binary. An attacker could use a specially crafted file request containing “dot dot” sequences (/../) in the mac parameter to read arbitrary files on the system.
CVE-2023-27408 CVSS:3.8
Siemens SCALANCE LPE9403 could allow a local authenticated attacker to bypass security restrictions, caused by the creation of temporary file with insecure permissions. By sending a specially crafted request, an attacker could exploit this vulnerability to interfere with the integrity of the mutex and the data it protects.
CVE-2023-27407 CVSS:9.9
Siemens SCALANCE LPE9403 could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by a flaw in the web based management interface. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands in the underlying operating system as the root user.
CVE-2023-29128 CVSS:3.8
Siemens SIMATIC Cloud Connect could allow a remote authenticated attacker to traverse directories on the system, caused by improper validation of filename in the upload feature. An attacker could send a specially crafted URL request containing “dot dot” sequences (/../) to write arbitrary files on the system.
CVE-2023-29107 CVSS:5.3
Siemens SIMATIC Cloud Connect could allow a remote attacker to obtain sensitive information, caused by improper access control. By sending a specially crafted request, an attacker could exploit this vulnerability to download arbitrary files, and use this information to launch further attacks against the affected system.
CVE-2023-29106 CVSS:5.3
Siemens SIMATIC Cloud Connect could allow a remote attacker to obtain sensitive information, caused by improper authentication validation by the REST API. By sending a specially crafted request, an attacker could exploit this vulnerability to download arbitrary files, and use this information to launch further attacks against the affected system.
CVE-2023-29105 CVSS:5.9
Siemens SIMATIC Cloud Connect is vulnerable to a denial of service, caused by improper validating the random (non-JSON) MQTT payload. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2023-29104 CVSS:6
Siemens SIMATIC Cloud Connect could allow a remote authenticated attacker to traverse directories on the system, caused by improper validation of filename in the upload feature. An attacker could send a specially crafted URL request containing “dot dot” sequences (/../) to overwrite and download arbitrary files on the system.
CVE-2023-29103 CVSS:4.3
Siemens SIMATIC Cloud Connect could allow a remote authenticated attacker to obtain sensitive information, caused by the use of a hard-coded password to protect the diagnostic files. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain protected data information, and use this information to launch further attacks against the affected system.
CVE-2023-28832 CVSS:7.2
Siemens SIMATIC Cloud Connect could allow a remote authenticated attacker to execute arbitrary code on the system, caused by command injection flaw in the web based management interface. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Impact
- Code Execution
- Denial of Service
- Information Disclosure
- Command Execution
- Security Bypass
Indicators Of Compromise
CVE
- CVE-2023-27410
- CVE-2023-27409
- CVE-2023-27408
- CVE-2023-27407
- CVE-2023-29128
- CVE-2023-29107
- CVE-2023-29106
- CVE-2023-29105
- CVE-2023-29104
- CVE-2023-29103
- CVE-2023-28832
Affected Vendors
Siemens
Affected Products
- Siemens SCALANCE LPE9403 2.0
- Siemens SIMATIC Cloud Connect 7 CC712 2.0
- Siemens SIMATIC Cloud Connect 7 CC716 2.0
Remediation
Refer to Siemens Security Advisory for patch, upgrade or suggested workaround information.