Multiple vulnerabilities in Siemens Energy Products
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 6 |
| CVE-ID | CVE-2020-14509 CVE-2020-14513 CVE-2020-14515 CVE-2020-14517 CVE-2020-14519 CVE-2020-16233 |
| CWE-ID | CWE-119 CWE-20 CWE-347 CWE-326 CWE-346 CWE-404 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
SPPA-T3000 Other software / Other software solutions SPPA-S3000 Other software / Other software solutions SPPA-S2000 Other software / Other software solutions |
| Vendor | Siemens |
Security Bulletin
This security bulletin contains information about 6 vulnerabilities.
1) Buffer overflow
EUVDB-ID: #VU46530
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-14509
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when the packet parser mechanism does not verify length fields. A remote attacker can send specially crafted packets, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSPPA-T3000: R8.2 SP2
SPPA-S3000: 3.04 - 3.05
SPPA-S2000: 3.04 - 3.06
External linkshttp://cert-portal.siemens.com/productcert/txt/ssa-455844.txt
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Input validation error
EUVDB-ID: #VU46534
Risk: Medium
CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-14513
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can send a specifically crafted license file and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSPPA-T3000: R8.2 SP2
SPPA-S3000: 3.04 - 3.05
SPPA-S2000: 3.04 - 3.06
External linkshttp://cert-portal.siemens.com/productcert/txt/ssa-455844.txt
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper Verification of Cryptographic Signature
EUVDB-ID: #VU46532
Risk: High
CVSSv3.1: 7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-14515
CWE-ID:
CWE-347 - Improper Verification of Cryptographic Signature
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the affected software does not verify the cryptographic signature for data within the license-file signature checking mechanism. A remote attacker can build arbitrary license files, including forging a valid license file as if it were a valid license file of an existing vendor.
MitigationInstall update from vendor's website.
Vulnerable software versionsSPPA-T3000: R8.2 SP2
SPPA-S3000: 3.04 - 3.05
SPPA-S2000: 3.04 - 3.06
External linkshttp://cert-portal.siemens.com/productcert/txt/ssa-455844.txt
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Inadequate Encryption Strength
EUVDB-ID: #VU46531
Risk: High
CVSSv3.1: 8.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-14517
CWE-ID:
CWE-326 - Inadequate Encryption Strength
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the protocol encryption can be easily broken and the server accepts external connections. A remote attacker can communicate with the CodeMeter API.
MitigationInstall update from vendor's website.
Vulnerable software versionsSPPA-T3000: R8.2 SP2
SPPA-S3000: 3.04 - 3.05
SPPA-S2000: 3.04 - 3.06
External linkshttp://cert-portal.siemens.com/productcert/txt/ssa-455844.txt
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Origin validation error
EUVDB-ID: #VU46533
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-14519
CWE-ID:
CWE-346 - Origin Validation Error
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to origin validation error. A remote attacker can use the internal WebSockets API via a specifically crafted Java Script payload and alter or create license files when combined with CVE-2020-14515.
MitigationInstall update from vendor's website.
Vulnerable software versionsSPPA-T3000: R8.2 SP2
SPPA-S3000: 3.04 - 3.05
SPPA-S2000: 3.04 - 3.06
External linkshttp://cert-portal.siemens.com/productcert/txt/ssa-455844.txt
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Improper Resource Shutdown or Release
EUVDB-ID: #VU46535
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-16233
CWE-ID:
CWE-404 - Improper Resource Shutdown or Release
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information on the system.
The vulnerability exists due to improper resource shutdown or release. A remote attacker can send a specially crafted packet that can have the server send back packets containing data from the heap.
MitigationInstall update from vendor's website.
Vulnerable software versionsSPPA-T3000: R8.2 SP2
SPPA-S3000: 3.04 - 3.05
SPPA-S2000: 3.04 - 3.06
External linkshttp://cert-portal.siemens.com/productcert/txt/ssa-455844.txt
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
