Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Siemens SINEC NMS UMC Unauthenticated Heap-based Buffer Overflow

Critical

Synopsis

A heap-based buffer overflow vulnerability exists in um.gpslib.dll v210.1.0.1 in Siemens SINEC NMS UMC (User Management Component) when processing a network message sent to um.Ris.exe or um.ssrem.exe, which are seen to be listening on TCP ports 4002 and 4004, respectively. Exploitation of this issue may ultimately lead to remote code execution.

Solution

Update to latest version supplied by the vendor. See vendor advisory for details.

Disclosure Timeline

April 25, 2024 - Tenable discloses to Siemens.
April 25, 2024 - Siemens acknowledges.
June 7, 2024 - Tenable requests status update from Siemens.
June 10, 2024 - Siemens provides status update: Tentative release in early July.
June 11, 2024 - Tenable acknowledges.
June 21, 2024 - Siemens provides advisory information and CVE identifier. Siemens also states delay in development and requests extension to August 13. Tenable acknowledges and agrees to new disclosure date.
July 15, 2024 - Siemens requests delay to September patching cycle due to development constraints. Tenable agrees to extend to September 10, 2024. Siemens acknowledges.
August 13, 2024 - Tenable requests status update.
August 19, 2024 - Siemens provides status update.
September 4, 2024 - Tenable requests status update. Siemens provides status update.
September 5, 2024 - Tenable sends Siemens draft of advisory.

All information within TRA advisories is provided “as is”, without warranty of any kind, including the implied warranties of merchantability and fitness for a particular purpose, and with no guarantee of completeness, accuracy, or timeliness. Individuals and organizations are responsible for assessing the impact of any actual or potential security vulnerability.

Tenable takes product security very seriously. If you believe you have found a vulnerability in one of our products, we ask that you please work with us to quickly resolve it in order to protect customers. Tenable believes in responding quickly to such reports, maintaining communication with researchers, and providing a solution in short order.

For more details on submitting vulnerability information, please see our Vulnerability Reporting Guidelines page.

If you have questions or corrections about this advisory, please email [email protected]

Risk Information

CVE ID: CVE-2024-33698
Tenable Advisory ID: TRA-2024-37
Credit:
Tenable Research
CVSSv3 Base / Temporal Score:
9.8 / 8.8
CVSSv3 Vector:
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:
Siemens SINEC NMS prior to V2.11.6
SIMATIC Information Server
SIMATIC PCS neo
Totally Integrated Automation Portal (TIA Portal)
Risk Factor:
Critical

Advisory Timeline

September 10, 2024 - Initial release.