Analysis Summary

CVE-2024-39567 CVSS:7.8

Siemens SINEMA Remote Connect could allow a local authenticated attacker to execute arbitrary code on the system, caused by a command injection flaw when loading VPN configurations. By sending a specially crafted input, an attacker could exploit this vulnerability to execute arbitrary code with system privileges.

CVE-2024-39571 CVSS:8.8

Siemens SINEMA Remote Connect Server could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a command injection flaw when loading SNMP configurations. By sending a specially crafted input, an attacker could exploit this vulnerability to execute arbitrary code with root privileges.

CVE-2024-39570 CVSS:8.8

Siemens SINEMA Remote Connect Server could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a command injection flaw when loading VxLAN configurations. By sending a specially crafted input, an attacker could exploit this vulnerability to execute arbitrary code with root privileges.

CVE-2023-52237 CVSS:7.5

Siemens RUGGEDCOM ROS could allow a remote authenticated attacker to obtain sensitive information, caused by improper protection to hashes and password salts of all users. By utilize brute force attack techniques, an attacker could exploit this vulnerability to obtain passwords information, and use this information to launch further attacks against the affected system.

CVE-2024-33654 CVSS:7.8

Siemens Simcenter Femap could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds read flaw. By persuading a victim to open a specially crafted BMP file, an attacker could exploit this vulnerability to execute arbitrary code in the context of the current process.

CVE-2024-39568 CVSS:7.8

Siemens SINEMA Remote Connect could allow a local authenticated attacker to execute arbitrary code on the system, caused by a command injection flaw when loading proxy configurations. By sending a specially crafted input, an attacker could exploit this vulnerability to execute arbitrary code with system privileges.

CVE-2024-36266 CVSS:9.3

Siemens PowerSys could allow a remote authenticated attacker to gain elevated privileges on the system, caused by improper authentication. By sending a specially crafted request, an attacker could exploit this vulnerability to gain administrative privileges for the managed remote devices.

CVE-2023-50763 CVSS:9.8

Siemens SIMATIC CP, SIPLUS ET, TIM are vulnerable to a denial of service, caused by an infinite loop when processing incomplete certificate chains. By persuading a victim to parse a specially crafted certificate file, a remote attacker could exploit this vulnerability to cause a denial of service.

Impact

• Gain Access
• Information Disclosure
• Privilege Escalation
• Denial of Service

Indicators of Compromise

CVE

• CVE-2024-39567
• CVE-2024-39571
• CVE-2024-39570
• CVE-2023-52237
• CVE-2024-33654
• CVE-2024-39568
• CVE-2024-36266
• CVE-2023-50763

Affected Vendors

Affected Products

• Siemens Simcenter Femap
• Siemens SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0)
• Siemens SINEMA Remote Connect Client
• Siemens SIMATIC CP 1542SP-1
• Siemens SIMATIC CP 1543SP-1
• Siemens SIPLUS ET 200SP CP 1543SP-1 ISEC
• Siemens SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL
• Siemens SIPLUS TIM 1531 IRC
• Siemens TIM 1531 IRC
• Siemens PowerSys
• Siemens SINEMA Remote Connect Server 3.2
• Siemens RUGGEDCOM i800 0
• Siemens RUGGEDCOM i800NC 0
• Siemens RUGGEDCOM i801 0
• Siemens RUGGEDCOM i801NC 0

Remediation

Refer to Siemens Security Advisory for patch, upgrade or suggested workaround information.

CVE-2024-39567

CVE-2024-39571

CVE-2024-39570

CVE-2023-52237

CVE-2024-33654

CVE-2024-39568

CVE-2024-36266

CVE-2023-50763