Multiple vulnerabilities in Siemens SINEMA Remote Connect Server



Published: 2019-09-18
Risk High
Patch available YES
Number of vulnerabilities 4
CVE-ID CVE-2019-13918
CVE-2019-13920
CVE-2019-13922
CVE-2019-13919
CWE-ID CWE-307
CWE-352
CWE-916
CWE-200
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe 		SINEMA Remote Connect Server
Server applications / SCADA systems

Vendor Siemens

Security Bulletin

This security bulletin contains information about 4 vulnerabilities.

1) Improper restriction of excessive authentication attempts

EUVDB-ID: #VU21191

Risk: High

CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-13918

CWE-ID: CWE-307 - Improper Restriction of Excessive Authentication Attempts

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to the web interface.

The vulnerability exists due to the web interface has no means to prevent password guessing attacks. A remote attacker can gain full access to the web interface.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

SINEMA Remote Connect Server: before 2.0 SP1

External links

http://cert-portal.siemens.com/productcert/pdf/ssa-884497.pdf
http://www.us-cert.gov/ics/advisories/icsa-19-260-02


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Cross-site request forgery

EUVDB-ID: #VU21193

Risk: Low

CVSSv3.1: 6 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-13920

CWE-ID: CWE-352 - Cross-Site Request Forgery (CSRF)

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform cross-site request forgery attacks.

The vulnerability exists due to insufficient validation of the HTTP request origin in some parts of the web application. A remote attacker who is able to trigger requests of a logged-in user to the application can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website, such as switching the connectivity state of a user or a device.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

SINEMA Remote Connect Server: before 2.0 SP1

External links

http://cert-portal.siemens.com/productcert/pdf/ssa-884497.pdf
http://www.us-cert.gov/ics/advisories/icsa-19-260-02


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Use of password hash with insufficient computational effort

EUVDB-ID: #VU21194

Risk: Medium

CVSSv3.1: 5.8 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-13922

CWE-ID: CWE-916 - Use of Password Hash With Insufficient Computational Effort

Exploit availability: No

Description

The vulnerability allows a remote attacker to access to privileged user and device information.

The vulnerability exists due to the software generates a hash for a password, but it uses a scheme that does not provide a sufficient level of computational effort. A remote authenticated administrator can obtain the hash of a connected device’s password.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

SINEMA Remote Connect Server: before 2.0 SP1

External links

http://cert-portal.siemens.com/productcert/pdf/ssa-884497.pdf
http://www.us-cert.gov/ics/advisories/icsa-19-260-02


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Information disclosure

EUVDB-ID: #VU21192

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-13919

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to improper access restriction on some pages. A remote authenticated attacker with valid credentials for the web interface can gain unauthorized read access to sensitive information on the system.

Note: The information affected by this vulnerability does not include passwords.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

SINEMA Remote Connect Server: before 2.0 SP1

External links

http://www.us-cert.gov/ics/advisories/icsa-19-260-02
http://cert-portal.siemens.com/productcert/pdf/ssa-884497.pdf


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###