May 2, 2024
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Alert – AveMaria RAT aka WarzoneRAT – Active IOCs
February 19, 2024
Rewterz Threat Advisory – Multiple F5 Products Vulnerabilities
February 19, 2024
Rewterz Threat Alert – AveMaria RAT aka WarzoneRAT – Active IOCs
February 19, 2024
Rewterz Threat Advisory – Multiple F5 Products Vulnerabilities
February 19, 2024
Severity
Medium
Analysis Summary
CVE-2024-22043 CVSS:3.3
Siemens Parasolid is vulnerable to a denial of service, caused by a NULL pointer dereference vulnerability. By parsing specially crafted XT files, a local attacker could exploit this vulnerability to cause a denial of service.
CVE-2024-22042 CVSS:7.8
Siemens Unicam FX could allow a local authenticated attacker to gain elevated privileges on the system, caused by incorrect use of privileged APIs. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVE-2023-49125 CVSS:7.8
Siemens Parasolid could allow a local attacker to execute arbitrary code on the system, caused by an out-of-bounds read flaw. By parsing a specially crafted files containing XT format, an attacker could exploit this vulnerability to execute code in the context of the current process.
CVE-2023-51440 CVSS:7.5
Siemens CP343-1 Devices are vulnerable to a denial of service, caused by improper validation of TCP sequence numbers. By injecting spoofed TCP RST packets, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2023-48364 CVSS:6.5
Siemens SIMATIC WinCC and OpenPCS are vulnerable to a denial of service, caused by a NULL pointer dereference flaw in the implementation of the RPC. By sending specially crafted RPC messages, a remote attacker could exploit this vulnerability to cause a denial of service condition in the RPC server.
CVE-2023-48363 CVSS:6.5
Siemens SIMATIC WinCC and OpenPCS are vulnerable to a denial of service, caused by a NULL pointer dereference flaw in the implementation of the RPC. By sending specially crafted RPC messages, a remote attacker could exploit this vulnerability to cause a denial of service condition in the RPC server.
CVE-2023-50236 CVSS:7.8
Siemens Polarion ALM could allow a local authenticated attacker to gain elevated privileges on the system, caused by a weak file and folder permissions in the installation path. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges to NT AUTHORITY\SYSTEM.
Impact
- Denial of Service
- Code Execution
- Privilege Escalation
Indicators Of Compromise
CVE
- CVE-2024-22043
- CVE-2024-22042
- CVE-2023-49125
- CVE-2023-51440
- CVE-2023-48364
- CVE-2023-48363
- CVE-2023-50236
Affected Vendors
Siemens
Affected Products
- Siemens Parasolid 35.0
- Siemens Parasolid 35.1
- Siemens Parasolid 36.0
- Siemens Polarion ALM
- Siemens Unicam FX
- Siemens SIMATIC CP 343-1
- Siemens SIMATIC CP 343-1 Lean
- Siemens SIPLUS NET CP 343-1
- Siemens SIPLUS NET CP 343-1 Lean
- Siemens SIMATIC WinCC 7.4
- Siemens SIMATIC WinCC 7.5
- Siemens SIMATIC PCS 7 9.1
- Siemens OpenPCS 7 9.1
- Siemens SIMATIC BATCH 9.1
- Siemens SIMATIC Route Control 9.1
- Siemens SIMATIC WinCC Runtime Professional 18
- Siemens SIMATIC WinCC Runtime Professional 19
- Siemens SIMATIC WinCC 8.0
Remediation
Refer to Siemens Security Advisory for patch, upgrade, or suggested workaround information.