Rewterz Threat Advisory – ICS: Mitsubishi Electric GC-ENET-COM Vulnerability
April 14, 2023Rewterz Threat Advisory – CVE-2023-29084 – Zoho ManageEngine ADManager Plus Vulnerability
April 14, 2023Rewterz Threat Advisory – ICS: Mitsubishi Electric GC-ENET-COM Vulnerability
April 14, 2023Rewterz Threat Advisory – CVE-2023-29084 – Zoho ManageEngine ADManager Plus Vulnerability
April 14, 2023Severity
High
Analysis Summary
CVE-2022-43716 CVSS:7.5
Siemens products are vulnerable to a denial of service, caused by an unspecified flaw in the webserver. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.
CVE-2022-43767 CVSS:7.5
Siemens products are vulnerable to a denial of service, caused by an unspecified flaw in the webserver. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.
CVE-2022-43768 CVSS:7.5
Siemens products are vulnerable to a denial of service, caused by an unspecified flaw in the webserver. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.
CVE-2023-26293 CVSS:7.3
Siemens TIA Portal could allow a remote attacker to execute arbitrary code on the system, caused by a path traversal vulnerability. By persuading a victim to open a specially-crafted PC system configuration file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-27464 CVSS:5.3
Siemens Mendix Forgot Password could allow a remote attacker to obtain sensitive information, caused by an observable response discrepancy. By sending multiple requests, an attacker could exploit this vulnerability to enumerate valid usernames, and use this information to launch further attacks against the affected system.
CVE-2023-28489 CVSS:9.8
Siemens SICAM A8000 CP-8050 and CP-8031 devices could allow a remote attacker to execute arbitrary commands on the system, caused by a command injection vulnerability. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
CVE-2023-28766 CVSS:7.5
Siemens SIPROTEC 5 devices are vulnerable to a denial of service, caused by a null pointer dereference vulnerability in the web service. By sending an unauthenticated maliciously crafted HTTP request, a remote attacker could exploit this vulnerability to cause a denial of service.
CVE-2023-29053 CVSS:7.8
Siemens JT Open, JT Utilities could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds read in parsing JTfiles. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-2905 CVSS:6.7
Siemens SCALANCE X-200IRT is vulnerable to a man-in-the-middle attack, caused by using weak ciphers by default. An attacker could exploit this vulnerability to launch a man-in-the-middle attack and gain access to the communication channel between endpoints to obtain sensitive information.
CVE-2023-23588 CVSS:6.2
Siemens SIMATIC IPCs could allow a local attacker to obtain sensitive information, caused by the use of a non-unique TLS certificate across installations in the Adaptec Maxview application. By utilize cryptographic attack techniques, an attacker could exploit this vulnerability to obtain local traffic information, and use this information to launch further attacks against the affected system.
CVE-2023-1709 CVSS:7.8
Siemens Teamcenter Visualization and JT2Go are vulnerable to a stack-based buffer overflow, caused by improper bounds checking by APDFL.dll. By persuading a victim to open a specially crafted PDF file, a remote attacker could overflow a buffer and execute arbitrary code in the context of the current process.
Impact
- Denial of Service
- Code Execution
- Information Disclosure
- Command Execution
- Buffer Overflow
Indicators Of Compromise
CVE
- CVE-2022-43716
- CVE-2022-43767
- CVE-2022-43768
- CVE-2023-26293
- CVE-2023-27464
- CVE-2023-28489
- CVE-2023-28766
- CVE-2023-29053
- CVE-2023-2905
- CVE-2023-23588
- CVE-2023-1709
Affected Vendors
Siemens
Affected Products
- Siemens SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0)
- Siemens SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30- 0XE0)
- Siemens SIMATIC CP 1243-7 LTE US (6GK7243-7SX30- 0XE0)
- Siemens SIMATIC CP 1243-8 IRC (6GK7243-8RX30- 0XE0)
- Siemens SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00- 0XE0)
- Siemens SIMATIC CP 443-1
- Siemens SIMATIC CP 443-1 Advanced
- Siemens SIMATIC IPC DiagMonitor
- Siemens SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0)
- Siemens TIA Portal 15
- Siemens TIA Portal 16
- Siemens TIA Portal 18
- Siemens Mendix Forgot Password 3.7.0 Mendix 7 compatible
- Siemens Mendix Forgot Password 4.1.0 Mendix 8 compatible
- Siemens Mendix Forgot Password 5.1.0 Mendix 9 compatible
- Siemens SICAM A8000 CP-8031
- Siemens SIPROTEC 5 6MD89 (CP300)
- Siemens SIPROTEC 5 7KE85 (CP200)
- Siemens SIPROTEC 5 7KE85 (CP300)
- Siemens SIPROTEC 5 7SA82 (CP100)
- Siemens SIPROTEC 5 7SA82 (CP150)
- Siemens SIPROTEC 5 7SA84 (CP200)
- Siemens SIPROTEC 5 7SA86 (CP200)
- Siemens SIPROTEC 5 7SA86 (CP300)
- Siemens SIPROTEC 5 7SA87 (CP200)
- Siemens SIPROTEC 5 7SA87 (CP300)
- Siemens SIPROTEC 5 7SD82 (CP100)
- Siemens SIPROTEC 5 7SD82 (CP150)
- Siemens SIPROTEC 5 7SD84 (CP200)
- Siemens SIPROTEC 5 7SD86 (CP200)
- Siemens JT Utilities
- Siemens JT Open Toolkit
- Siemens SCALANCE X200-4P IRT
- Siemens SCALANCE X201-3P IRT
- Siemens SCALANCE X201-3P IRT PRO
- Siemens SCALANCE X202-2IRT
- Siemens SCALANCE X202-2P IRT
- Siemens SIMATIC IPC647D
- Siemens SCALANCE X202-2P IRT PRO
- Siemens SCALANCE X204IRT
- Siemens SCALANCE XF204-2BA IRT
- Siemens SIPLUS NET SCALANCE X202-2P IRT
- Siemens SIMATIC IPC847D
- Siemens Teamcenter Visualization 14.2
- Siemens SIMATIC IPC847E
- Siemens JT2Go 14.2
- Siemens Teamcenter Visualization 14.0
- Siemens Teamcenter Visualization 13.2
- Siemens Teamcenter Visualization 13.3
- Siemens Teamcenter Visualization 14.1
Remediation
Refer to Siemens Security Advisory for patch, upgrade or suggested workaround information.