Request a Demo
Rewterz
Rewterz Threat Alert – AveMaria RAT aka WarzoneRAT – Active IOCs
February 19, 2024
Rewterz
Rewterz Threat Advisory – Multiple F5 Products Vulnerabilities
February 19, 2024

Rewterz Threat Advisory – ICS: Multiple Siemens Products Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2024-22043 CVSS:3.3

Siemens Parasolid is vulnerable to a denial of service, caused by a NULL pointer dereference vulnerability. By parsing specially crafted XT files, a local attacker could exploit this vulnerability to cause a denial of service.

CVE-2024-22042 CVSS:7.8

Siemens Unicam FX could allow a local authenticated attacker to gain elevated privileges on the system, caused by incorrect use of privileged APIs. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.

CVE-2023-49125 CVSS:7.8

Siemens Parasolid could allow a local attacker to execute arbitrary code on the system, caused by an out-of-bounds read flaw. By parsing a specially crafted files containing XT format, an attacker could exploit this vulnerability to execute code in the context of the current process.

CVE-2023-51440 CVSS:7.5

Siemens CP343-1 Devices are vulnerable to a denial of service, caused by improper validation of TCP sequence numbers. By injecting spoofed TCP RST packets, a remote attacker could exploit this vulnerability to cause a denial of service condition.

CVE-2023-48364 CVSS:6.5

Siemens SIMATIC WinCC and OpenPCS are vulnerable to a denial of service, caused by a NULL pointer dereference flaw in the implementation of the RPC. By sending specially crafted RPC messages, a remote attacker could exploit this vulnerability to cause a denial of service condition in the RPC server.

CVE-2023-48363 CVSS:6.5

Siemens SIMATIC WinCC and OpenPCS are vulnerable to a denial of service, caused by a NULL pointer dereference flaw in the implementation of the RPC. By sending specially crafted RPC messages, a remote attacker could exploit this vulnerability to cause a denial of service condition in the RPC server.

CVE-2023-50236 CVSS:7.8

Siemens Polarion ALM could allow a local authenticated attacker to gain elevated privileges on the system, caused by a weak file and folder permissions in the installation path. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges to NT AUTHORITY\SYSTEM.

Impact

  • Denial of Service
  • Code Execution
  • Privilege Escalation

Indicators Of Compromise

CVE

  • CVE-2024-22043
  • CVE-2024-22042
  • CVE-2023-49125
  • CVE-2023-51440
  • CVE-2023-48364
  • CVE-2023-48363
  • CVE-2023-50236

Affected Vendors

Siemens

Affected Products

  • Siemens Parasolid 35.0
  • Siemens Parasolid 35.1
  • Siemens Parasolid 36.0
  • Siemens Polarion ALM
  • Siemens Unicam FX
  • Siemens SIMATIC CP 343-1
  • Siemens SIMATIC CP 343-1 Lean
  • Siemens SIPLUS NET CP 343-1
  • Siemens SIPLUS NET CP 343-1 Lean
  • Siemens SIMATIC WinCC 7.4
  • Siemens SIMATIC WinCC 7.5
  • Siemens SIMATIC PCS 7 9.1
  • Siemens OpenPCS 7 9.1
  • Siemens SIMATIC BATCH 9.1
  • Siemens SIMATIC Route Control 9.1
  • Siemens SIMATIC WinCC Runtime Professional 18
  • Siemens SIMATIC WinCC Runtime Professional 19
  • Siemens SIMATIC WinCC 8.0

Remediation

Refer to Siemens Security Advisory for patch, upgrade, or suggested workaround information.

CVE-2024-22043

CVE-2024-22042

CVE-2023-49125

CVE-2023-51440

CVE-2023-48364

CVE-2023-48363

CVE-2023-50236