As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
1. EXECUTIVE SUMMARY
- CVSS v4 8.6
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: CPC80 Central Processing/Communication, CPCI85 Central Processing/Communication, OPUPI0 AMQP/MQTT, SICORE Base system
- Vulnerabilities: Improper Null Termination, Command Injection, Cleartext Storage of Sensitive Information
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to execute code in the context of the current process, allow an authenticated privileged remote attacker to execute arbitrary code with root privileges, or lead to a denial-of-service condition.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following versions of multiple Siemens SICAM products are affected:
- CPC80 Central Processing/Communication: All versions prior to V16.41
- CPCI85 Central Processing/Communication: All versions prior to V5.30
- OPUPI0 AMQP/MQTT: All versions prior to V5.30
- SICORE Base system: All versions prior to V1.3.0
3.2 Vulnerability Overview
3.2.1 IMPROPER NULL TERMINATION CWE-170
The affected device firmwares contain an improper null termination vulnerability while parsing a specific HTTP header. This could allow an attacker to execute code in the context of the current process or lead to denial-of-service condition
Content was cut in order to protect the source.Please visit the source for the rest of the article.Read the original article: