Rewterz Threat Advisory – Siemens SINEMA Remote Connect Multiple Privilege Escalation Vulnerabilities

April 12, 2019

Severity

High

Analysis Summary

CVE-2018-14618

The HTTP client curl is vulnerable to a buffer overrun.

The vulnerability could be exploited by an attacker providing a malicious HTTP server. Successful exploitation requires no system privileges. User interaction by a legitimate use is required to exploit the vulnerability. An attacker could use the vulnerability to compromise confidentiality, integrity and availability of the affected device.

CVE-2018-16890

The HTTP client library libcurl is vulnerable to a heap buffer out-of-bounds read.

The vulnerability could be exploited by an attacker providing a malicious HTTP server. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the affected system.

CVE-2019-3822

The HTTP client library libcurl is vulnerable to a stack-based buffer overflow.

CVE-2019-6570

Due to insufficient checking of user permissions, an attacker may access URLs that require special authorization.

The vulnerability could be exploited by an attacker with network access to the affected system. An attacker must have access to a low privileged account to exploit the vulnerability. An attacker could use the vulnerability to compromise confidentiality, integrity and availability of the affected system.

Impact

Privilege escalation

Affected Vendors

Siemens

Affected Products

SINEMA Remote Connect (Client and Server)
SINEMA Remote Connect Client
all versions prior to v2.0 HF1
SINEMA Remote Connect Server
all versions prior to v2.0

Remediation

Vendor currently has updates for the following products:

SINEMA Remote Connect Client: Update to v2.0 HF1: https://support.industry.siemens.com/cs/de/en/view/109764829

SINEMA Remote Connect Server: Update to v2.0: https://support.industry.siemens.com/cs/de/en/view/109764829