July 1, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
North Korean APT Kimsuky aka Black Banshee – Active IOCs
September 4, 2024New WikiLoader Malware Attack Leverages Fake GlobalProtect VPN Software – Active IOCs
September 4, 2024North Korean APT Kimsuky aka Black Banshee – Active IOCs
September 4, 2024New WikiLoader Malware Attack Leverages Fake GlobalProtect VPN Software – Active IOCs
September 4, 2024
Severity
Medium
Analysis Summary
CVE-2024-30321 CVSS:5.9
Siemens SIMATIC WinCC and SIMATIC PCS could allow a remote attacker to obtain sensitive information, caused by improper handling of certain requests to the web application. By sending a specially crafted HTTP request, an attacker could exploit this vulnerability to obtain users and passwords information, and use this information to launch further attacks against the affected system.
CVE-2023-52238 CVSS:4.3
Siemens RUGGEDCOM ROS could allow a remote authenticated attacker to obtain sensitive information, caused by the transmit of MACSEC key in clear text. By sniffing the network traffic, an attacker could exploit this vulnerability to retrieve the MACSEC key and access (decrypt) the ethernet frames information, and use this information to launch further attacks against the affected system.
Impact
- Information Disclosure
Indicators of Compromise
CVE
- CVE-2024-30321
- CVE-2023-52238
Affected Vendors
Siemens
Affected Products
- Siemens RUGGEDCOM i800 0
- Siemens RUGGEDCOM i800NC 0
- Siemens RUGGEDCOM i801 0
- Siemens RUGGEDCOM i801NC 0
- Siemens SIMATIC PCS 7 V9.1 0
- Siemens SIMATIC WinCC Runtime Professional V18 0
- Siemens SIMATIC WinCC Runtime Professional V19 0
- Siemens SIMATIC WinCC V7.4 0
- Siemens SIMATIC WinCC V7.5 0
- Siemens SIMATIC WinCC V8.0 0
Remediation
Refer to Siemens Security Advisory for patch, upgrade or suggested workaround information.