Vulnérabilité critique pour Siemens Spectrum Power (CVE-2019-6579) Corrigé dans le Monthly Advisory
Siemens Security Advisory Day (SAD) for April 2019 addresses a variety of vulnerabilities, including a critical vulnerability in Siemens Spectrum Power.
Contexte
On April 9, Siemens published its monthly Siemens Advisory Day release across a variety of Siemens products. This includes 11 CVEs newly addressed in Siemens products along with updates to previous advisories, including additional CVEs and product updates and mitigations. The most critical of these vulnerabilities could give an unauthenticated attacker administrative privileges.
Analyse
Siemens Spectrum Power 4.7 customers that utilize project enhancement (PE) Web Office Portal (WOP) are vulnerable to CVE-2019-6579, a critical vulnerability that an unauthenticated attacker with network access could exploit to obtain administrative privileges. This vulnerability has the highest CVSSv3 score possible of 10.0, as it requires no user interaction, and can be exploited as long as WOP is used and the attacker has access to the web server via TCP port 80 or port 443.
Other newly addressed CVEs in Siemens products include denial of service vulnerabilities within the web server (CVE-2019-6568) and the OPC UA server (CVE-2019-6575) of Siemens products. Both of these CVEs have a CVSSv3 score of 7.5.
There were also multiple vulnerabilities patched in components and libraries used by Siemens products, including curl and libcurl in the SINEMA Remote Connect (CVE-2018-1461, CVE-2018-16890, CVE-2019-3822) and the Quagga BGP daemon in RUGGEDCOM ROX II (CVE-2018-5379, CVE-2018-5380, CVE-2018-5381). CVE-2018-5379 is a critical double free vulnerability with a CVSSv3 score of 9.8, that could be exploited via a spoofed BGP UPDATE message delivered on the network, resulting in denial of service (DoS) or achieving arbitrary code execution. CVE-2019-6570 appears to be a vulnerability in the Siemens SINEMA Remote Connect itself, not in a component or library.
CVE-2017-12741 is a denial of service vulnerability in the Siemens SIMOCODE pro V EIP that could be exploited by a remote attacker sending specially crafted packets to UDP port 161. While this advisory is the first release (1.0) from Siemens about this CVE for this product, the CVE itself is associated with a variety of Siemens product configurations already.
The remaining CVEs addressed in this month’s SAD are updates to previous advisories published by Siemens. For instance, SSA-901333 contains an update for the KRACK (Key Reinstallation Attack) vulnerabilities for the SINAMICS V20 Smart Access Module while SSA-268644 adds updates to solutions for variants 3a and 4 of Spectre-NG for the SIMATIC HMI Panels V14.
Solution
Spectrum Power 4.7 users can obtain the Web Office Portal fix, Bugfix bf-47456_PE_WOP_fix by contacting Siemens Energy Customer Support at [email protected].
Siemens SINEMA Remote Connect Client V2.0 HF1, Server V2.0 and SIMOCODE pro V EIP V1.0.2 is also available for download, while RUGGEDCOM ROX II V2.13.0 can be obtained by contacting the RUGGEDCOM support team.
For the denial of service vulnerabilities in Siemens industrial product web servers and OPC UA servers, please refer to the respective Siemens Security Advisory documents for associated product updates and/or mitigation steps.
For solutions and updates on older advisories, including additional CVEs and availability of patches or mitigations, please refer to the table below
|
Siemens Security Advisory ID |
Document Title |
Document |
|
SSA-179516 |
OpenSSL Vulnerability in Industrial Products |
|
|
SSA-268644 |
Spectre-NG (Variants 3a and 4) Vulnerabilities in Industrial Products |
|
|
SSA-844562 |
Multiple Vulnerabilities in Licensing Software for WinCC OA |
|
|
SSA-901333 |
KRACK Attacks Vulnerabilities in Industrial Products |
|
|
SSB-439005 |
Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP |
Identification des systèmes affectés
A list of plugins to identify these vulnerabilities will appear here as they’re released.
Où trouver plus d'informations
- Siemens Security Advisory for Spectrum Power 4.7
- Siemens Security Advisory for Denial-of-Service in OPC UA in Industrial Products
- Siemens Security Advisory for Denial-of-Service in SIMOCODE pro V EIP
- Siemens Security Advisory for Denial-of-Service in Web Server of Industrial Products
- Siemens Security Advisory for Multiple Vulnerabilities in SINEMA Remote Connect
- Siemens Security Advisory for Multiple Vulnerabilities in RUGGEDCOM ROX II
Rejoignez l'équipe SRT de Tenable sur Tenable Community.
Apprenez-en plus sur Tenable, la première plateforme de Cyber Exposure qui vous permet de gérer votre surface d'attaque moderne de manière globale.
Get a free 60-day trial of Tenable.io Vulnerability Management.
Articles connexes
How to Discover, Analyze and Respond to Threats Faster with Generative AI
June 17, 2024Generative AI (GenAI) is being hailed as the most transformative innovation since the rise of the internet. For security, GenAI can revolutionize the field if applied correctly, especially when it comes to threat detection and response. It enhances efficiency and productivity by swiftly processing and delivering critical information when it matters most.
These Services Shall Not Pass: Abusing Service Tags to Bypass Azure Firewall Rules (Customer Action Required)
June 3, 2024Azure customers whose firewall rules rely on Azure Service Tags, pay attention: You could be at risk due to a vulnerability detected by Tenable Research. Here’s what you need to know to determine if you’re affected, and if so, what you should do right away to protect your Azure environment from attackers.
Cybersecurity Snapshot: 6 Best Practices for Implementing AI Securely and Ethically
May 31, 2024Like many organizations, yours is likely using AI – or at least thinking about deploying it soon. But how can you ensure you use it securely, responsibly, ethically and in compliance with regulations? Check out best practices, guidelines and tips in this special edition of the Tenable Cybersecurity Snapshot!
Cybersecurity Snapshot: CISA Tells Tech Vendors To Squash Command Injection Bugs, as OpenSSF Calls on Developers To Boost Security Skills
July 12, 2024Check out CISA’s call for weeding out preventable OS command injection vulnerabilities. Plus, the Linux Foundation and OpenSSF spotlight the lack of cybersecurity expertise among SW developers. Meanwhile, GenAI deployments have tech leaders worried about data privacy and data security. And get the latest on FedRAMP, APT40 and AI-powered misinformation!
How Risk-based Vulnerability Management Boosts Your Modern IT Environment's Security Posture
July 11, 2024Vulnerability assessments and vulnerability management sound similar – but they’re not. As a new Enterprise Strategy Group white paper explains, it’s key to understand their differences and to shift from ad-hoc vulnerability assessments to continuous, risk-based vulnerability management (RBVM). Read on to check out highlights from this Tenable-commissioned study and learn how RBVM helps organizations attain a solid security and risk posture in hybrid, complex and multi-cloud environments.
Microsoft’s July 2024 Patch Tuesday Addresses 138 CVEs (CVE-2024-38080, CVE-2024-38112)
July 9, 2024Microsoft addresses 138 CVEs in its July 2024 Patch Tuesday release, with five critical vulnerabilities and three zero-day vulnerabilities, two of which were exploited in the wild.
- Threat Management
- Vulnerability Management
- Vulnerability Scanning