Rewterz

North Korean APT Kimsuky aka Black Banshee – Active IOCs

October 4, 2024
Rewterz

Recently Patched Vulnerability in CUPS Allows DDoS Attacks to be Amplified

October 4, 2024

ICS: Multiple Siemens Products Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2024-39876 CVSS:4

Siemens SINEMA Remote Connect Server is vulnerable to a denial of service, caused by not properly handle log rotation. By sending a specially crafted request, a local attacker could exploit this vulnerability to cause a denial of service condition.

CVE-2023-32735 CVSS:6.5

Multiple Siemens products could allow a local authenticated attacker to execute arbitrary code on the system, caused by not properly restrict the .NET BinaryFormatter when deserializing user-controllable input. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

Impact

  • Denial of Service
  • Code Execution

Indicators of Compromise

CVE

  • CVE-2024-39876
  • CVE-2023-32735

Affected Vendors

Siemens

Affected Products

  • Siemens SINEMA Remote Connect Server 3.2
  • Siemens SIMATIC STEP 7 Safety V18 0
  • Siemens SIMATIC STEP 7 Safety V16 0
  • Siemens SIMATIC STEP 7 Safety V17 0
  • Siemens SIMATIC STEP 7 V16 0
  • Siemens SIMATIC STEP 7 V17 0

Remediation

Refer to Siemens Security Advisory for patch, upgrade or suggested workaround information.

CVE-2024-39876

CVE-2023-32735

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.