Your one-stop web resource providing safety and security information to manufacturers

Siemens has updates ready to tackle multiple vulnerabilities in its SINEMA Remote Connect (Client and Server) product, according to a report with NCCIC.

The vulnerabilities are an ncorrect calculation of buffer size, out-of-bounds read, stack-based buffer overflow, and an improper handling of insufficient permissions.

RELATED STORIES
Siemens Updates RUGGEDCOM ROX II Firmware
Fix is in for Out-of-Bounds Hole in Siemens Lines
Siemens Fixing DoS Issue with OPC UA
Omron Fixes CX-Programmer Hole

Successful exploitation of these remotely exploitable vulnerabilities could allow an attacker to circumvent the system authorization for certain functionalities, and to execute privileged functions.

The following products suffer from the vulnerabilities Siemens self-reported:
• SINEMA Remote Connect Client; all versions prior to v2.0 HF1
• SINEMA Remote Connect Server; all versions prior to v2.0

Cyber Security

Not every product listed, however, is affected by every vulnerability described. Click on the Siemens advisory for more detail.

In one vulnerabilitie, the HTTP client curl is vulnerable to a buffer overrun.

The vulnerability could be exploited by an attacker providing a malicious HTTP server. Successful exploitation requires no system privileges. User interaction by a legitimate use is required to exploit the vulnerability. An attacker could use the vulnerability to compromise confidentiality, integrity and availability of the affected device.

CVE-2018-14618 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.5.

In addition, the HTTP client library libcurl is vulnerable to a heap buffer out-of-bounds read.

The vulnerability could be exploited by an attacker providing a malicious HTTP server. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the affected system.

CVE-2018-16890 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.5.

Also, the HTTP client library libcurl is vulnerable to a stack-based buffer overflow.

The vulnerability could be exploited by an attacker providing a malicious HTTP server. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise confidentiality, integrity and availability of the affected system.

CVE-2019-3822 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 8.1.

In addition, due to insufficient checking of user permissions, an attacker may access URLs that require special authorization.

The vulnerability could end up exploited by an attacker with network access to the affected system. An attacker must have access to a low privileged account to exploit the vulnerability. An attacker could use the vulnerability to compromise confidentiality, integrity and availability of the affected system.

CVE-2019-6570 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 8.3.

The product sees action mainly in the agriculture and food; chemical; critical manufacturing; energy, and water and wastewater sectors. It also sees action on a global basis.

No known public exploits specifically target these vulnerabilities. However, an attacker with low skill level could leverage the vulnerabilities.

Siemens has updates for the following products:
• SINEMA Remote Connect Client: Update to v2.0 HF1
• SINEMA Remote Connect Server: Update to v2.0

Siemens recommends users apply the following specific workarounds and mitigations to reduce the risk:
• Turn off NTLM authentication to mitigate CVE-2018-16890 and CVE-2019-3822
• Turn off SMTP to mitigate CVE-2019-3822
• Apply defense-in-depth strategies

Siemens recommends users configure their environment according to Siemens’ operational guidelines for Industrial Security and follow the recommendations in the product manuals.
Click here for additional information on Industrial Security by Siemens.

For more information on these vulnerabilities and more detailed mitigation instructions, see Siemens Security Advisory SSA-436177.

For further inquiries on security vulnerabilities in Siemens products and solutions, contact the Siemens ProductCERT.

Pin It on Pinterest

Share This