Rewterz Threat Advisory – Multiple Adobe Vulnerabilities
September 16, 2021Rewterz Threat Advisory – Multiple Linux Kernel Security Vulnerabilities
September 16, 2021Rewterz Threat Advisory – Multiple Adobe Vulnerabilities
September 16, 2021Rewterz Threat Advisory – Multiple Linux Kernel Security Vulnerabilities
September 16, 2021Severity
High
Analysis Summary
CVE-2021-25665
Siemens Simcenter STAR-CCM+ Viewer could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write vulnerability. By persuading a victim to open a specially scene (.sce) file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2021-33716
Siemens SIMATIC CP products could allow a remote attacker to obtain sensitive information, caused by storing sensitive information in cleartext. By sending a specially crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information.
CVE-2021-37176
Siemens Simcenter Femap could allow a remote attacker to obtain sensitive information, caused by the lack of proper validation of user-supplied data in the Modfem File Parsing in femap.exe. By sending a specially crafted request, a remote attacker could exploit this vulnerability to leak information in the context of the current process.
CVE-2021-33737
Siemens SIMATIC CP products are vulnerable to a denial of service, caused by buffer overflow. By sending a specially crafted packet to TCP port 102, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2021-31891
Siemens Siveillance OIS could allow a remote attacker to execute arbitrary code on the system, caused by improper neutralization of elements in the HTTP requests. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2021-37181
Siemens Desigo CC Family could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data vulnerability. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2021-37206
Siemens SIPROTEC 5 is vulnerable to a denial of service, caused by improper input validation. By sending specially-crafted packets, a remote attacker could exploit this vulnerability to cause the device to restart.
CVE-2021-37200
Siemens SINEC NMS could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing “dot dot” sequences (/../) to download arbitrary files on the system.
CVE-2021-40354
Siemens Teamcenter could allow a remote authenticated attacker to bypass security restrictions, caused by improper access control in surrogate functionality. By sending a specially-crafted request, an attacker could exploit this vulnerability to perform an account takeover.
CVE-2021-40355
Siemens Teamcenter could allow a remote attacker to obtain sensitive information, caused by an insecure direct object reference (IDOR) vulnerability. By sending a specially crafted request, a remote attacker could exploit this vulnerability to use user-supplied input to access objects directly.
CVE-2021-37201
Siemens SINEC NMS is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to manipulate the SINEC NMS configuration. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.
CVE-2021-40356
Siemens Teamcenter could allow a remote attacker to obtain sensitive information, caused by an XML external entity (XXE) error when processing XML data. By sending a specially-crafted XML code, a remote attacker could exploit this vulnerability to obtain sensitive information.
CVE-2021-27391
Siemens APOGEE and TALON automation devices are vulnerable to a buffer overflow, caused by improper bounds checking when parsing the Host parameter in HTTP requests. By sending a specially crafted request, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the system to crash.
CVE-2021-33720
Siemens SIPROTEC 5 relays are vulnerable to a denial of service, caused by a buffer overflow. By sending specially-crafted packets to Port 4443/TCP, a remote attacker could exploit this vulnerability to cause a denial of service.
CVE-2021-33719
Siemens SIPROTEC 5 relays is vulnerable to a buffer overflow, caused by improper bounds checking. By sending specially-crafted packets to Port 4443/TCP, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause a denial of service.
Impact
- Denial of Services
- Information Disclosure
- Exposure of Sensitive Data
- Code Execution
- Security Bypass
- Buffer Overflow
Affected Vendors
- Siemens
Affected Products
- Siemens Simcenter STAR-CCM+ Viewer 2021.2.0
- Siemens Simcenter Femap 2021.1
- Siemens Simcenter Femap 2020.1
- SIMATIC CP 343-1
- SIMATIC CP 343-1 Advanced
- SIMATIC CP 343-1 ERPC
- SIMATIC CP 343-1 Lean
- SIMATIC CP 443-1
- Siemens Desigo CC
- Siemens GMA-Manager Siemens
- Operation Scheduler
- Siemens Siveillance Control
- Siemens Siveillance Control Pro
- Siemens Cerberus DMS 4.0
- Siemens Cerberus DMS 4.1
- Siemens Cerberus DMS 4.2
- Siemens Cerberus DMS 5.0
- Siemens Desigo CC Compact 5.0
- Siemens Desigo CC Compact 4.0
- Siemens Desigo CC Compact 4.1
- Siemens Desigo CC Compact 4.2
- Siemens Desigo CC 4.2
- Siemens Desigo CC 4.1
- Siemens Desigo CC 4.0
- Siemens Desigo CC 5.0
- Siemens SIPROTEC 5 relays with CPU variants CP050 8.70
- Siemens SIPROTEC 5 relays with CPU variants CP100 8.70
- Siemens SIPROTEC 5 relays with CPU variants CP300 8.70
- Siemens SIPROTEC 5 relays with CPU variants CP200 8.70
- Siemens SINEC NMS 1.0
- Siemens Teamcenter 12.4.0.7
- Siemens Teamcenter 13.0.0.6
- Siemens Teamcenter 13.1.0.4
- Siemens Teamcenter 13.2.0.1
- Siemens APOGEE MBC 2.6.2
- Siemens APOGEE PXC Modular 3.5.2
- Siemens APOGEE PXC Modular 2.7
- Siemens TALON TC Compact 3.5.2
- Siemens SIPROTEC 5 relays with CPU variants CP200
Remediation
Refer to Siemens advisory for patch, upgrade, or suggested workaround information.
CVE-2021-25665
https://cert-portal.siemens.com/productcert/txt/ssa-109294.txt
CVE-2021-33716
https://cert-portal.siemens.com/productcert/pdf/ssa-535997.pdf
CVE-2021-37176
https://cert-portal.siemens.com/productcert/txt/ssa-997732.txt
CVE-2021-33737
https://cert-portal.siemens.com/productcert/txt/ssa-549234.txt
CVE-2021-31891
https://cert-portal.siemens.com/productcert/txt/ssa-453715.txt
CVE-2021-37206
https://cert-portal.siemens.com/productcert/txt/ssa-500748.txt
CVE-2021-37200
https://cert-portal.siemens.com/productcert/txt/ssa-330339.txt
CVE-2021-40354 ; CVE-2021-40355
https://cert-portal.siemens.com/productcert/pdf/ssa-987403.pdf
CVE-2021-37201
https://cert-portal.siemens.com/productcert/txt/ssa-330339.txt
CVE-2021-40356
https://cert-portal.siemens.com/productcert/pdf/ssa-987403.pdf
CVE-2021-27391
https://cert-portal.siemens.com/productcert/txt/ssa-535380.txt
CVE-2021-33720
https://cert-portal.siemens.com/productcert/txt/ssa-847986.txt
CVE-2021-33719
https://cert-portal.siemens.com/productcert/txt/ssa-847986.txt