Multiple vulnerabilities in Siemens Energy Products



Published: 2022-02-18
Risk High
Patch available YES
Number of vulnerabilities 6
CVE-ID CVE-2020-14509
CVE-2020-14513
CVE-2020-14515
CVE-2020-14517
CVE-2020-14519
CVE-2020-16233
CWE-ID CWE-119
CWE-20
CWE-347
CWE-326
CWE-346
CWE-404
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
SPPA-T3000
Other software / Other software solutions

SPPA-S3000
Other software / Other software solutions

SPPA-S2000
Other software / Other software solutions

Vendor Siemens

Security Bulletin

This security bulletin contains information about 6 vulnerabilities.

1) Buffer overflow

EUVDB-ID: #VU46530

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-14509

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when the packet parser mechanism does not verify length fields. A remote attacker can send specially crafted packets, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SPPA-T3000: R8.2 SP2

SPPA-S3000: 3.04 - 3.05

SPPA-S2000: 3.04 - 3.06


CPE2.3 External links

http://cert-portal.siemens.com/productcert/txt/ssa-455844.txt

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Input validation error

EUVDB-ID: #VU46534

Risk: Medium

CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-14513

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can send a specifically crafted license file and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SPPA-T3000: R8.2 SP2

SPPA-S3000: 3.04 - 3.05

SPPA-S2000: 3.04 - 3.06


CPE2.3 External links

http://cert-portal.siemens.com/productcert/txt/ssa-455844.txt

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Improper Verification of Cryptographic Signature

EUVDB-ID: #VU46532

Risk: High

CVSSv3.1: 7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-14515

CWE-ID: CWE-347 - Improper Verification of Cryptographic Signature

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the affected software does not verify the cryptographic signature for data within the license-file signature checking mechanism. A remote attacker can build arbitrary license files, including forging a valid license file as if it were a valid license file of an existing vendor.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SPPA-T3000: R8.2 SP2

SPPA-S3000: 3.04 - 3.05

SPPA-S2000: 3.04 - 3.06


CPE2.3 External links

http://cert-portal.siemens.com/productcert/txt/ssa-455844.txt

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Inadequate Encryption Strength

EUVDB-ID: #VU46531

Risk: High

CVSSv3.1: 8.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-14517

CWE-ID: CWE-326 - Inadequate Encryption Strength

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the protocol encryption can be easily broken and the server accepts external connections. A remote attacker can communicate with the CodeMeter API.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SPPA-T3000: R8.2 SP2

SPPA-S3000: 3.04 - 3.05

SPPA-S2000: 3.04 - 3.06


CPE2.3 External links

http://cert-portal.siemens.com/productcert/txt/ssa-455844.txt

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Origin validation error

EUVDB-ID: #VU46533

Risk: High

CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-14519

CWE-ID: CWE-346 - Origin Validation Error

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to origin validation error. A remote attacker can use the internal WebSockets API via a specifically crafted Java Script payload and alter or create license files when combined with CVE-2020-14515.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SPPA-T3000: R8.2 SP2

SPPA-S3000: 3.04 - 3.05

SPPA-S2000: 3.04 - 3.06


CPE2.3 External links

http://cert-portal.siemens.com/productcert/txt/ssa-455844.txt

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Improper Resource Shutdown or Release

EUVDB-ID: #VU46535

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-16233

CWE-ID: CWE-404 - Improper Resource Shutdown or Release

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information on the system.

The vulnerability exists due to improper resource shutdown or release. A remote attacker can send a specially crafted packet that can have the server send back packets containing data from the heap.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SPPA-T3000: R8.2 SP2

SPPA-S3000: 3.04 - 3.05

SPPA-S2000: 3.04 - 3.06


CPE2.3 External links

http://cert-portal.siemens.com/productcert/txt/ssa-455844.txt

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###