As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
1. EXECUTIVE SUMMARY
- CVSS v3 9.6
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: Remote Connect Server
- Vulnerabilities: Incorrect User Management, Unrestricted Upload of File with Dangerous Type, Forced Browsing, Improper Check for Unusual or Exceptional Conditions, Client-Side Enforcement of Server-Side Security, Incorrect Authorization, Creation of Temporary File With Insecure Permissions, Improper Restriction of Excessive Authentication Attempts, Incorrect Permission Assignment for Critical Resource, Allocation of Resources Without Limits or Throttling
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to cause a denial-of service condition, learn vulnerable credentials, escalate privileges, modify users outside of scope, gain access to participant groups, use temporary credentials for authentication bypass, or execute arbitrary code.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following products of Siemens, are affected:
- Siemens SINEMA Remote Connect Server: All versions prior to V3.2 SP1
3.2 Vulnerability Overview
3.2.1 INCORRECT USER MANAGEMENT CWE-286
The affected application creates temporary user credentials for UMC (User Management Component) users. An attacker could use these temporary credentials for authent
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: