Rewterz Threat Advisory – ICS: Siemens JT2Go and Teamcenter Visualization Vulnerabilities
December 19, 2022Rewterz Threat Alert – Trickbot malware – Active IOCs
December 19, 2022Rewterz Threat Advisory – ICS: Siemens JT2Go and Teamcenter Visualization Vulnerabilities
December 19, 2022Rewterz Threat Alert – Trickbot malware – Active IOCs
December 19, 2022Severity
Medium
Analysis Summary
CVE-2022-25032 CVSS:7.5
Siemens SCALANCE SC-600 is vulnerable to a denial of service, caused by an out-of-bounds write when deflating if the input has multiple distant matches. A remote attacker could exploit this vulnerability to cause a denial of service.
CVE-2022-46355 CVSS:6.5
Siemens SCALANCE X-200RNA switches could allow a remote attacker to obtain sensitive information. An attacker could exploit this vulnerability to obtain sensitive information from the HTTP Referer and use this information to launch further attacks against the affected system.
CVE-2022-46350 CVSS:7.9
Siemens SCALANCE X-200RNA switches are vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the integrated web server. A remote attacker within the local network could exploit this vulnerability using a specially-crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVE-2022-46351 CVSS:6.5
Siemens SCALANCE X-200RNA switches are vulnerable to a denial of service, caused by uncontrolled resource consumption. By sending specially-crafted PROFINET DCP packets, a remote attacker within the local network could exploit this vulnerability to cause a denial of service on a local Ethernet segment (Layer 2).
CVE-2022-46352 CVSS:7.5
Siemens SCALANCE X-200RNA switches are vulnerable to a denial of service, caused by uncontrolled resource consumption. By sending specially-crafted PROFINET DCP packets, a remote attacker could exploit this vulnerability to cause a denial of service.
CVE-2022-46354 CVSS:2.6
Siemens SCALANCE X-200RNA switches could allow a remote attacker within the local network to obtain sensitive information, caused by improper access control. An attacker could exploit this vulnerability to obtain session information and use this information to launch further attacks against the affected system.
CVE-2022-46353 CVSS:8.8
Siemens SCALANCE X-200RNA switches could allow a remote attacker to hijack a user’s session, caused by use of insufficiently-random values in the webserver. An attacker could exploit this vulnerability to brute-force session ids and hijack existing sessions.
CVE-2022-46144 CVSS:6.5
Multiple Siemens SCALANCE products are vulnerable to a denial of service, caused by not properly process CLI commands after a user forcefully quits the secure shell (SSH) connection. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause the CLI via SSH or serial interface irresponsive, and results in a a denial of service condition.
CVE-2022-46140 CVSS:6.5
Multiple Siemens SCALANCE products could allow a remote authenticated attacker to obtain sensitive information, caused by the use of a weak encryption scheme to encrypt the debug zip file. By utilize cryptographic attack techniques, an attacker could exploit this vulnerability to obtain the debug information about the system., and use this information to launch further attacks against the affected system.
CVE-2022-46143 CVSS:2.7
Multiple Siemens SCALANCE products could allow a remote authenticated attacker to obtain sensitive information, caused by not validating the TFTP blocksize correctly. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain the previously allocated data from an uninitialized buffer, and use this information to launch further attacks against the affected system.
CVE-2022-46142 CVSS:5.7
Multiple Siemens SCALANCE products could allow a physical attacker to obtain sensitive information, caused by the storage of CLI user passwords encrypted in flash memory. By utilize cryptographic attack techniques, an attacker could exploit this vulnerability to obtain the CLI user passwords., and use this information to launch further attacks against the affected system.
Impact
- Code Execution
- Denial of Service
Indicators Of Compromise
CVE
- CVE-2022-25032
- CVE-2022-46355
- CVE-2022-46350
- CVE-2022-46351
- CVE-2022-46352
- CVE-2022-46354
- CVE-2022-46353
- CVE-2022-46144
- CVE-2022-46140
- CVE-2022-46143
- CVE-2022-46142
Affected Vendors
Siemens
Affected Products
- Siemens SCALANCE M804PB (6GK5804-0AP00-2AA2)
- Siemens SCALANCE M812-1 ADSL-Router (Annex A) (6GK5812-1AA00-2AA2)
- Siemens SCALANCE M812-1 ADSL-Router (Annex B) (6GK5812-1BA00-2AA2)
- Siemens SCALANCE M816-1 ADSL-Router (Annex A) (6GK5816-1AA00-2AA2)
- Siemens SCALANCE M816-1 ADSL-Router (Annex B) (6GK5816-1BA00-2AA2)
- Siemens SCALANCE SC622-2C (6GK5622-2GS00-2AC2)
- Siemens SCALANCE SC626-2C (6GK5626-2GS00-2AC2)
- Siemens SCALANCE SC632-2C (6GK5632-2GS00-2AC2)
- Siemens SCALANCE SC636-2C (6GK5636-2GS00-2AC2)
- Siemens SCALANCE SC622-2C 2.3
- Siemens SCALANCE SC632-2C 2.3
- Siemens SCALANCE SC636-2C 2.3
- Siemens SCALANCE SC642-2C 2.3
- Siemens SCALANCE SC646-2C 2.3
- Siemens SCALANCE X204RNA (HSR) (6GK5204-0BA00- 2MB2) 3.2.6
- Siemens SCALANCE X204RNA (PRP) (6GK5204-0BA00- 2KB2) 3.2.6
- Siemens SCALANCE X204RNA EEC (PRP) (6GK5204- 0BS00-3LA3) 3.2.6
- Siemens RUGGEDCOM RM1224 LTE(4G) EU (6GK6108- 4AM00-2BA2)
- Siemens RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2)
- Siemens SCALANCE X204RNA EEC (HSR) (6GK5204- 0BS00-2NA3) 3.2.6
- Siemens SCALANCE X204RNA EEC (PRP/HSR) (6GK5204-0BS00-3PA3) 3.2.6
Remediation
Refer to Siemens Security Advisory for patch, upgrade or suggested workaround information.