SB2021091612 - Multiple vulnerabilities in Siemens LOGO CMR and SIMATIC RTU 3000

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) Use of insufficiently random values (CVE-ID: CVE-2021-37186)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the underlying TCP/IP stack does not properly calculate the random numbers used as ISN (Initial Sequence Numbers). A remote attacker on the local network can spoof the connection and gain access to sensitive information.

2) Buffer overflow (CVE-ID: CVE-2020-36475)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error when generating Diffie-Hellman key pairs. A remote attacker can trigger memory corruption and cause a denial of service condition on the target system.

3) Improper Certificate Validation (CVE-ID: CVE-2020-36478)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to improper certificate validation. A remote attacker can perform a man-in-the-middle (MitM) attack.

Remediation

Install update from vendor's website.

References

• https://cert-portal.siemens.com/productcert/pdf/ssa-316383.pdf
• https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.9
• https://github.com/ARMmbed/mbedtls/releases/tag/v2.25.0
• https://github.com/ARMmbed/mbedtls/releases/tag/v2.7.18
• https://cert-portal.siemens.com/productcert/pdf/ssa-756638.pdf
• https://github.com/ARMmbed/mbedtls/issues/3629