April 17, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Advisory – Multiple Dell PowerProtect Data Manager Vulnerabilities
February 15, 2024Rewterz Threat Advisory – Multiple Adobe Acrobat and Adobe Reader Vulnerabilities
February 15, 2024Rewterz Threat Advisory – Multiple Dell PowerProtect Data Manager Vulnerabilities
February 15, 2024Rewterz Threat Advisory – Multiple Adobe Acrobat and Adobe Reader Vulnerabilities
February 15, 2024
Severity
High
Analysis Summary
CVE-2024-23813 CVSS: 7.3
Siemens Polarion ALM could allow a remote attacker to bypass security restrictions, caused by improper authentication in the REST API endpoints in doorsconnector. An attacker could exploit this vulnerability to access the REST API endpoints and execute arbitrary code on the system.
CVE-2024-23816 CVSS: 9.8
Siemens Location Intelligence could allow a <remote/local> attacker to bypass security restrictions, caused by use of hard-coded secret values when computing Keyed-Hash Message Authentication Code. An attacker could exploit this vulnerability to obtain administrative access,
Impact
- Security Bypass
Indicators Of Compromise
CVE
- CVE-2024-23813
- CVE-2024-23816
Affected Vendors
Siemens
Affected Products
- Siemens Polarion ALM
- Siemens Location Intelligence Perpetual Large (9DE5110-8CA13-1AX0) 4.2
- Siemens Location Intelligence Perpetual Medium (9DE5110-8CA12-1AX0) 4.2
Remediation
Refer to Siemens Security Advisory for patch, upgrade or suggested workaround information.
