As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: SCALANCE W1750D
- Vulnerabilities: Classic Buffer Overflow, Improper Input Validation, Command Injection
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to inject commands or exploit buffer overflow vulnerabilities which could lead to sensitive information disclosure, unauthenticated denial-of-service or unauthenticated remote code execution.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following products of Siemens, are affected:
- SCALANCE W1750D (JP) (6GK5750-2HX01-1AD0): All versions
- SCALANCE W1750D (ROW) (6GK5750-2HX01-1AA0): All versions
- SCALANCE W1750D (USA) (6GK5750-2HX01-1AB0): All versions
3.2 Vulnerability Overview
3.2.1 BUFFER COPY WITHOUT CHECKING SIZE OF INPUT (‘CLASSIC BUFFER OVERFLOW’) CWE-120
There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba’s access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
CVE-2023-45614 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been a
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: