Rewterz Threat Advisory – ICS: Multiple Siemens Products Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2024-22043 CVSS:3.3

Siemens Parasolid is vulnerable to a denial of service, caused by a NULL pointer dereference vulnerability. By parsing specially crafted XT files, a local attacker could exploit this vulnerability to cause a denial of service.

CVE-2024-22042 CVSS:7.8

Siemens Unicam FX could allow a local authenticated attacker to gain elevated privileges on the system, caused by incorrect use of privileged APIs. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.

CVE-2023-49125 CVSS:7.8

Siemens Parasolid could allow a local attacker to execute arbitrary code on the system, caused by an out-of-bounds read flaw. By parsing a specially crafted files containing XT format, an attacker could exploit this vulnerability to execute code in the context of the current process.

CVE-2023-51440 CVSS:7.5

Siemens CP343-1 Devices are vulnerable to a denial of service, caused by improper validation of TCP sequence numbers. By injecting spoofed TCP RST packets, a remote attacker could exploit this vulnerability to cause a denial of service condition.

CVE-2023-48364 CVSS:6.5

Siemens SIMATIC WinCC and OpenPCS are vulnerable to a denial of service, caused by a NULL pointer dereference flaw in the implementation of the RPC. By sending specially crafted RPC messages, a remote attacker could exploit this vulnerability to cause a denial of service condition in the RPC server.

CVE-2023-48363 CVSS:6.5

Siemens SIMATIC WinCC and OpenPCS are vulnerable to a denial of service, caused by a NULL pointer dereference flaw in the implementation of the RPC. By sending specially crafted RPC messages, a remote attacker could exploit this vulnerability to cause a denial of service condition in the RPC server.

CVE-2023-50236 CVSS:7.8

Siemens Polarion ALM could allow a local authenticated attacker to gain elevated privileges on the system, caused by a weak file and folder permissions in the installation path. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges to NT AUTHORITY\SYSTEM.

Impact

• Denial of Service
• Code Execution
• Privilege Escalation

Indicators Of Compromise

CVE

• CVE-2024-22043
• CVE-2024-22042
• CVE-2023-49125
• CVE-2023-51440
• CVE-2023-48364
• CVE-2023-48363
• CVE-2023-50236

Affected Vendors

Siemens

Affected Products

• Siemens Parasolid 35.0
• Siemens Parasolid 35.1
• Siemens Parasolid 36.0
• Siemens Polarion ALM
• Siemens Unicam FX
• Siemens SIMATIC CP 343-1
• Siemens SIMATIC CP 343-1 Lean
• Siemens SIPLUS NET CP 343-1
• Siemens SIPLUS NET CP 343-1 Lean
• Siemens SIMATIC WinCC 7.4
• Siemens SIMATIC WinCC 7.5
• Siemens SIMATIC PCS 7 9.1
• Siemens OpenPCS 7 9.1
• Siemens SIMATIC BATCH 9.1
• Siemens SIMATIC Route Control 9.1
• Siemens SIMATIC WinCC Runtime Professional 18
• Siemens SIMATIC WinCC Runtime Professional 19
• Siemens SIMATIC WinCC 8.0

Remediation

Refer to Siemens Security Advisory for patch, upgrade, or suggested workaround information.

CVE-2024-22043

CVE-2024-22042

CVE-2023-49125

CVE-2023-51440

CVE-2023-48364

CVE-2023-48363

CVE-2023-50236