Rewterz Threat Alert – STOP aka DJVU Ransomware – Active IOCs
December 15, 2023Rewterz Threat Alert – Russia-Linked APT29 Threat Group Targeting TeamCity Servers Since September – Active IOCs
December 15, 2023Rewterz Threat Alert – STOP aka DJVU Ransomware – Active IOCs
December 15, 2023Rewterz Threat Alert – Russia-Linked APT29 Threat Group Targeting TeamCity Servers Since September – Active IOCs
December 15, 2023Severity
Medium
Analysis Summary
CVE-2023-46283 CVSS: 7.5
Siemens User Management Component is vulnerable to a denial of service, caused by an out of bounds write. By sending a specially crafted request over port 4002/tcp, a remote attacker could exploit this vulnerability to cause a denial of service.
CVE-2023-48428 CVSS: 7.2
Siemens SINEC INS could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by a command injection vulnerability in the RADIUS configuration mechanism. An attacker could exploit this vulnerability to execute arbitrary commands on the system or cause a denial of service.
CVE-2023-46285 CVSS: 7.5
Siemens User Management Component is vulnerable to a denial of service, caused by improper input validation. By sending a specially crafted request over port 4004/tcp, a remote attacker could exploit this vulnerability to cause a denial of service.
CVE-2023-48429 CVSS: 2.7
Siemens SINEC INS is vulnerable to a denial of service, caused by unexpected status code or return values in the Web UI. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to cause the server to crash or restart.
CVE-2023-46284 CVSS: 7.5
Siemens User Management Component is vulnerable to a denial of service, caused by an out of bounds write. By sending a specially crafted request over port 4002/tcp and 4004/tcp, a remote attacker could exploit this vulnerability to cause a denial of service.
CVE-2022-47374 CVSS: 7.5
Siemens products are vulnerable to a denial of service, caused by uncontrolled recursion when handling HTTP(S) requests to the web server. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.
CVE-2022-47375 CVSS: 7.5
Siemens products are vulnerable to a denial of service, caused by a buffer overflow when handling long file names. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.
CVE-2023-48427 CVSS: 8.1
Siemens SINEC INS could allow a remote attacker to gain elevated privileges on the system, caused by improper certificate validation in the configured UMC server. By intercepting credentials that were sent to the UMC server and manipulating responses, an attacker could exploit this vulnerability to gain elevated privileges on the system.
CVE-2023-48431 CVSS: 6.8
Siemens SINEC INS is vulnerable to a denial of service, caused by improper checking for unusual or exceptional conditions when receiving responses from a UMC server. By using a specially crafted UMC server or manipulating traffic from a UMC server, a remote attacker could exploit this vulnerability to cause a denial of service.
CVE-2023-46281 CVSS: 7.1
Siemens User Management Component could allow a remote attacker to bypass security restrictions, caused by the use of an overly permissive CORS policy in the UMC Web-UI. By persuading a victim to open a specially crafted link, an attacker could exploit this vulnerability to trigger unwanted behavior.
CVE-2022-46141 CVSS: 4.2
Siemens SIMATIC STEP 7 (TIA Portal) could allow a remote authenticated attacker to obtain sensitive information, caused by cleartext storage of sensitive information in memory. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to obtain the access level password and use this information to launch further attacks against the affected system.
CVE-2022-42784 CVSS: 7.6
Siemens products could allow a physical attacker to bypass security restrictions, caused by improper protection against electromagnetic fault injection. An attacker could exploit this vulnerability to manipulate memory and inject public keys of custom-created key pairs.
CVE-2023-48430 CVSS: 2.7
Siemens SINEC INS is vulnerable to a denial of service, caused by missing error condition reports in the REST API. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service.
CVE-2023-46282 CVSS: 7.1
Siemens User Management Component is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
Impact
- Denial of Service
- Gain Access
- Privileges Escalation
- Security Bypass
- Information Disclosure
- Cross-Site Scripting
Indicators Of Compromise
CVE
- CVE-2023-46283
- CVE-2023-48428
- CVE-2023-46285
- CVE-2023-48429
- CVE-2023-46284
- CVE-2022-47374
- CVE-2022-47375
- CVE-2023-48427
- CVE-2023-48431
- CVE-2023-46281
- CVE-2022-46141
- CVE-2022-42784
- CVE-2023-48430
- CVE-2023-46282
Affected Vendors
Siemens
Affected Products
- Siemens TIA Portal 17
- Siemens SINEC INS 1.0
- Siemens SINEC INS 1.0 SP2
- Siemens TIA Portal 16
- Siemens TIA Portal 18
- Siemens SIMATIC PCS neo 4.0
- Siemens TIA Portal 14
- Siemens Opcenter Quality
- Siemens SINUMERIK Integrate Operate Client
- Siemens TIA Portal 15.1
- Siemens SINAMICS S120
- Siemens SIMATIC S7-400 CPU 412-2 PN V7 (6ES7412- 2EK07-0AB0)
- Siemens SIMATIC S7-400 CPU 414-3 PN/DP V7 (6ES7414-3EM07-0AB0)
- Siemens SIMATIC STEP 7 (TIA Portal) V10
- Siemens SIMATIC STEP 7 (TIA Portal) V15
- Siemens LOGO! 12/24RCE (6ED1052-1MD08-0BA1) 8.3
- Siemens SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA1) 8.3
Remediation
Refer to Siemens Security Advisory for patch, upgrade or suggested workaround information.