OilRig Leverages Windows Kernel Bug in Espionage Operation Targeting Gulf and UAE – Active IOCs
October 14, 2024New Wave of Phishing Attacks Abuses GitHub, Telegram Bots, and ASCII QR Codes
October 14, 2024OilRig Leverages Windows Kernel Bug in Espionage Operation Targeting Gulf and UAE – Active IOCs
October 14, 2024New Wave of Phishing Attacks Abuses GitHub, Telegram Bots, and ASCII QR Codes
October 14, 2024Severity
High
Analysis Summary
CVE-2024-45463, CVE-2024-45464
A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process.
CVE-2024-45465, CVE-2024-45466
A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process.
CVE-2024-45467, CVE-2024-45468
A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process.
CVE-2024-41798 CVSS:9.8
A vulnerability has been identified in SENTRON 7KM PAC3200 (All versions). Affected devices only provide a 4-digit PIN to protect from administrative access via Modbus TCP interface. Attackers with access to the Modbus TCP interface could easily bypass this protection by brute-force attacks or by sniffing the Modbus clear text communication.
CVE-2024-41902 CVSS:7.8
A vulnerability has been identified in JT2Go (All versions < V2406.0003). The affected application contains a stack-based buffer overflow vulnerability that could be triggered while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process.
CVE-2024-41981 CVSS:7.8
A vulnerability has been identified in Simcenter Nastran 2306 (All versions), Simcenter Nastran 2312 (All versions), Simcenter Nastran 2406 (All versions < V2406.5000). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted BDF files. This could allow an attacker to execute code in the context of the current process.
CVE-2023-52952 CVSS:8.5
A vulnerability has been identified in HiMed Cockpit 12 pro, HiMed Cockpit 14 pro+, HiMed Cockpit 18 pro, HiMed Cockpit 18 pro+. The Kiosk Mode of the affected devices contains a restricted desktop environment escape vulnerability. This could allow an unauthenticated local attacker to escape the restricted environment and gain access to the underlying operating system.
Impact
- Gain Access
- Code Execution
- Security Bypass
- Buffer Overflow
Indicators of Compromise
CVE
- CVE-2024-45463
- CVE-2024-45464
- CVE-2024-45465
- CVE-2024-45466
- CVE-2024-45467
- CVE-2024-45468
- CVE-2024-41798
- CVE-2024-41902
- CVE-2024-41981
- CVE-2023-52952
Affected Vendors
Affected Products
- Siemens JT2Go
- Siemens Tecnomatix Plant Simulation V2302
- Siemens Tecnomatix Plant Simulation V2404
- Siemens SENTRON 7KM PAC3200
- Siemens Simcenter Nastran 2306
- Siemens Simcenter Nastran 2312
- Siemens Simcenter Nastran 2406
- Siemens HiMed Cockpit 12 pro - V11.5.1
- Siemens HiMed Cockpit 14 pro+ - V11.5.1
- Siemens HiMed Cockpit 18 pro - V11.5.1
- Siemens HiMed Cockpit 18 pro+ - V11.5.1
Remediation
Refer to Siemens Security Advisory for patch, upgrade, or suggested workaround information.