Rewterz Threat Alert – Phobos Ransomware – Active IOCs
January 13, 2023Rewterz Threat Advisory – ICS: Siemens S7-1500 CPU devices Vulnerability
January 13, 2023Rewterz Threat Alert – Phobos Ransomware – Active IOCs
January 13, 2023Rewterz Threat Advisory – ICS: Siemens S7-1500 CPU devices Vulnerability
January 13, 2023Severity
High
Analysis Summary
CVE-2022-45094 CVSS:8.4
Siemens SINEC INS could allow a remote authenticated attacker within the local network to execute arbitrary code on the system, caused by a command injection vulnerability. An attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2022-45093 CVSS:8.5
Siemens SINEC INS could allow a remote authenticated attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing “dot dot” sequences (/../) to read and write arbitrary files on the system.
CVE-2022-45092 CVSS:9.9
Siemens SINEC INS could allow a remote authenticated attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing “dot dot” sequences (/../) to read and write arbitrary files on the system.
Impact
- Code Execution
- Information Theft
Indicators Of Compromise
CVE
- CVE-2022-45094
- CVE-2022-45093
- CVE-2022-45092
Affected Vendors
Siemens
Affected Products
- Siemens SINEC INS 1.0
- Siemens SINEC INS 1.0 SP2
Remediation
Refer to Siemens Security Advisory for patch, upgrade or suggested workaround information.