Request a Demo
Rewterz
Rewterz Threat Advisory – CVE-2021-26354 – Multiple AMD Chipsets Vulnerability
May 11, 2023
Rewterz
Rewterz Threat Advisory – CVE-2023-29338 – Microsoft Visual Studio Code Vulnerability
May 11, 2023

Rewterz Threat Advisory – ICS: Multiple Siemens Products Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2023-27410 CVSS:4.1

Siemens SCALANCE LPE9403 is vulnerable to a denial of service, caused by a heap-based buffer overflow in the edgebox_web_app binary. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.

CVE-2023-27409 CVSS:2.5

Siemens SCALANCE LPE9403 could allow a local authenticated attacker to traverse directories on the system, caused by improper validation of the deviceinfo binary. An attacker could use a specially crafted file request containing “dot dot” sequences (/../) in the mac parameter to read arbitrary files on the system.

CVE-2023-27408 CVSS:3.8

Siemens SCALANCE LPE9403 could allow a local authenticated attacker to bypass security restrictions, caused by the creation of temporary file with insecure permissions. By sending a specially crafted request, an attacker could exploit this vulnerability to interfere with the integrity of the mutex and the data it protects.

CVE-2023-27407 CVSS:9.9

Siemens SCALANCE LPE9403 could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by a flaw in the web based management interface. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands in the underlying operating system as the root user.

CVE-2023-29128 CVSS:3.8

Siemens SIMATIC Cloud Connect could allow a remote authenticated attacker to traverse directories on the system, caused by improper validation of filename in the upload feature. An attacker could send a specially crafted URL request containing “dot dot” sequences (/../) to write arbitrary files on the system.

CVE-2023-29107 CVSS:5.3

Siemens SIMATIC Cloud Connect could allow a remote attacker to obtain sensitive information, caused by improper access control. By sending a specially crafted request, an attacker could exploit this vulnerability to download arbitrary files, and use this information to launch further attacks against the affected system.

CVE-2023-29106 CVSS:5.3

Siemens SIMATIC Cloud Connect could allow a remote attacker to obtain sensitive information, caused by improper authentication validation by the REST API. By sending a specially crafted request, an attacker could exploit this vulnerability to download arbitrary files, and use this information to launch further attacks against the affected system.

CVE-2023-29105 CVSS:5.9

Siemens SIMATIC Cloud Connect is vulnerable to a denial of service, caused by improper validating the random (non-JSON) MQTT payload. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.

CVE-2023-29104 CVSS:6

Siemens SIMATIC Cloud Connect could allow a remote authenticated attacker to traverse directories on the system, caused by improper validation of filename in the upload feature. An attacker could send a specially crafted URL request containing “dot dot” sequences (/../) to overwrite and download arbitrary files on the system.

CVE-2023-29103 CVSS:4.3

Siemens SIMATIC Cloud Connect could allow a remote authenticated attacker to obtain sensitive information, caused by the use of a hard-coded password to protect the diagnostic files. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain protected data information, and use this information to launch further attacks against the affected system.

CVE-2023-28832 CVSS:7.2

Siemens SIMATIC Cloud Connect could allow a remote authenticated attacker to execute arbitrary code on the system, caused by command injection flaw in the web based management interface. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

Impact

  • Code Execution
  • Denial of Service
  • Information Disclosure
  • Command Execution
  • Security Bypass

Indicators Of Compromise

CVE

  • CVE-2023-27410
  • CVE-2023-27409
  • CVE-2023-27408
  • CVE-2023-27407
  • CVE-2023-29128
  • CVE-2023-29107
  • CVE-2023-29106
  • CVE-2023-29105
  • CVE-2023-29104
  • CVE-2023-29103
  • CVE-2023-28832

Affected Vendors

Siemens

Affected Products

  • Siemens SCALANCE LPE9403 2.0
  • Siemens SIMATIC Cloud Connect 7 CC712 2.0
  • Siemens SIMATIC Cloud Connect 7 CC716 2.0

Remediation

Refer to Siemens Security Advisory for patch, upgrade or suggested workaround information.

Siemens SCALANCE

Siemens SIMATIC