Rewterz Threat Advisory –ICS: Siemens Multiple Security Vulnerabilities

Severity

High

Analysis Summary

CVE-2021-31892

Due to an error in a third-party dependency, the SSL flags used for setting up a TLS connection to a server are overwritten with the wrong settings. This results in a missing validation of the server certificate and thus results in a possible TLS MITM scenario.

CVE-2021-31893 

The affected software contains a buffer overflow vulnerability while handling certain files that may allow a local attacker to trigger a denial-of-service condition or potentially lead to remote code execution.

CVE-2021-31894

An attacker could change the content of certain metafiles and subsequently manipulate parameters or the behavior of devices that would be later configured by the affected software.

CVE-2015-8011

A remote attacker can send specially crafted packets, which may cause a denial-of-service condition and arbitrary code execution.

CVE-2020-27827

A remote attacker sending specially crafted LLDP packets can cause memory to be lost when allocating data, which may cause a denial-of-service condition.

Impact

• Improper Certificate Validation
• Buffer Overflow
• Incorrect Permission Assignment
• Resource Consumption

Affected Vendors

Siemens

Affected Products

• SINAMICS STARTER (containing STEP 7 OEM version): All versions prior to v5.4 HF2
• SIMATIC PCS 7 V9.X: All versions
• SIMATIC NET CP 1545-1: All versions
• SIMATIC HMI Unified Comfort Panels: All versions prior to v17
• TIM 1531 IRC (incl. SIPLUS NET variants): All versions prior to v2.2
• SINUMERIK Analyze MyCondition: All versions
• SINUMERIK Analyze MyPerformance: All versions
• SINUMERIK Integrate for Production 5.1: Version 5.1
• SINUMERIK Manage My Tools: All versions
• SINUMERIK Optimize MyProgramming / NX-Cam Editor: All versions

Remediation

Refer to the vendor website for more information on affected products, patches, and upgrades https://us-cert.cisa.gov/ics/advisories