Rewterz Threat Advisory – ICS : Multiple Siemens Vulnerabilities

Rewterz Threat Advisory – Multiple Adobe Vulnerabilities

September 16, 2021

Rewterz Threat Advisory – Multiple Linux Kernel Security Vulnerabilities

September 16, 2021

Rewterz Threat Advisory – ICS : Multiple Siemens Vulnerabilities

Severity

High

Analysis Summary

CVE-2021-25665

Siemens Simcenter STAR-CCM+ Viewer could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write vulnerability. By persuading a victim to open a specially scene (.sce) file, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2021-33716

Siemens SIMATIC CP products could allow a remote attacker to obtain sensitive information, caused by storing sensitive information in cleartext. By sending a specially crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information.

CVE-2021-37176

Siemens Simcenter Femap could allow a remote attacker to obtain sensitive information, caused by the lack of proper validation of user-supplied data in the Modfem File Parsing in femap.exe. By sending a specially crafted request, a remote attacker could exploit this vulnerability to leak information in the context of the current process.

CVE-2021-33737

Siemens SIMATIC CP products are vulnerable to a denial of service, caused by buffer overflow. By sending a specially crafted packet to TCP port 102, a remote attacker could exploit this vulnerability to cause a denial of service condition.

CVE-2021-31891

Siemens Siveillance OIS could allow a remote attacker to execute arbitrary code on the system, caused by improper neutralization of elements in the HTTP requests. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2021-37181

Siemens Desigo CC Family could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data vulnerability. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2021-37206

Siemens SIPROTEC 5 is vulnerable to a denial of service, caused by improper input validation. By sending specially-crafted packets, a remote attacker could exploit this vulnerability to cause the device to restart.

CVE-2021-37200

Siemens SINEC NMS could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing “dot dot” sequences (/../) to download arbitrary files on the system.

CVE-2021-40354

Siemens Teamcenter could allow a remote authenticated attacker to bypass security restrictions, caused by improper access control in surrogate functionality. By sending a specially-crafted request, an attacker could exploit this vulnerability to perform an account takeover.

CVE-2021-40355

Siemens Teamcenter could allow a remote attacker to obtain sensitive information, caused by an insecure direct object reference (IDOR) vulnerability. By sending a specially crafted request, a remote attacker could exploit this vulnerability to use user-supplied input to access objects directly.

CVE-2021-37201

Siemens SINEC NMS is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to manipulate the SINEC NMS configuration. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.

CVE-2021-40356

Siemens Teamcenter could allow a remote attacker to obtain sensitive information, caused by an XML external entity (XXE) error when processing XML data. By sending a specially-crafted XML code, a remote attacker could exploit this vulnerability to obtain sensitive information.

CVE-2021-27391

Siemens APOGEE and TALON automation devices are vulnerable to a buffer overflow, caused by improper bounds checking when parsing the Host parameter in HTTP requests. By sending a specially crafted request, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the system to crash.

CVE-2021-33720

Siemens SIPROTEC 5 relays are vulnerable to a denial of service, caused by a buffer overflow. By sending specially-crafted packets to Port 4443/TCP, a remote attacker could exploit this vulnerability to cause a denial of service.

CVE-2021-33719

Siemens SIPROTEC 5 relays is vulnerable to a buffer overflow, caused by improper bounds checking. By sending specially-crafted packets to Port 4443/TCP, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause a denial of service.