Multiple vulnerabilities in Siemens Desigo PXC and DXR Devices



Published: 2022-05-11
Risk Medium
Patch available YES
Number of vulnerabilities 8
CVE-ID CVE-2022-24040
CVE-2022-24041
CVE-2022-24042
CVE-2022-24043
CVE-2022-24044
CVE-2022-24045
CVE-2022-24039
CVE-2021-41545
CWE-ID CWE-400
CWE-916
CWE-613
CWE-203
CWE-307
CWE-614
CWE-20
CWE-248
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Desigo DXR2
Hardware solutions / Routers & switches, VoIP, GSM, etc

Desigo PXC3
Hardware solutions / Routers & switches, VoIP, GSM, etc

Desigo PXC4
Hardware solutions / Routers & switches, VoIP, GSM, etc

Desigo PXC5
Hardware solutions / Routers & switches, VoIP, GSM, etc

Vendor

Security Bulletin

This security bulletin contains information about 8 vulnerabilities.

1) Resource exhaustion

EUVDB-ID: #VU63056

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-24040

CWE-ID: CWE-400 - Uncontrolled Resource Consumption ('Resource Exhaustion')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources. A remote user can trigger resource exhaustion and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Desigo DXR2: before 01.21.142.5-22

Desigo PXC3: before 01.21.142.4-1

Desigo PXC4: before 02.20.142.10-10884

Desigo PXC5: before 02.20.142.10-10884


CPE2.3 External links

http://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Use of Password Hash With Insufficient Computational Effort

EUVDB-ID: #VU63061

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-24041

CWE-ID: CWE-916 - Use of Password Hash With Insufficient Computational Effort

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the web application stores the PBKDF2 derived key of users passwords with a low iteration count. A remote user can gain unauthorized access to sensitive information on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Desigo DXR2: before 01.21.142.5-22

Desigo PXC3: before 01.21.142.4-1

Desigo PXC4: before 02.20.142.10-10884

Desigo PXC5: before 02.20.142.10-10884


CPE2.3 External links

http://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Insufficient Session Expiration

EUVDB-ID: #VU63064

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-24042

CWE-ID: CWE-613 - Insufficient Session Expiration

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to the web application returns an AuthToken that does not expire at the defined auto logoff delay timeout. A remote non-authenticated attacker can obtain or guess session token and gain unauthorized access to session that belongs to another user.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Desigo DXR2: before 01.21.142.5-22

Desigo PXC3: before 01.21.142.4-1

Desigo PXC4: before 02.20.142.10-10884

Desigo PXC5: before 02.20.142.10-10884


CPE2.3 External links

http://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Observable discrepancy

EUVDB-ID: #VU63067

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-24043

CWE-ID: CWE-203 - Observable discrepancy

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to observable discrepancy issue in the login functionality. A remote attacker can gain unauthorized access to sensitive information on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Desigo DXR2: before 01.21.142.5-22

Desigo PXC3: before 01.21.142.4-1

Desigo PXC4: before 02.20.142.10-10884

Desigo PXC5: before 02.20.142.10-10884


CPE2.3 External links

http://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Improper Restriction of Excessive Authentication Attempts

EUVDB-ID: #VU63068

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-24044

CWE-ID: CWE-307 - Improper Restriction of Excessive Authentication Attempts

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the login functionality of the application does not employ any countermeasures against Password Spraying attacks or Credential Stuffing attacks. A remote attacker can gain unauthorized access to sensitive information on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Desigo DXR2: before 01.21.142.5-22

Desigo PXC3: before 01.21.142.4-1

Desigo PXC4: before 02.20.142.10-10884

Desigo PXC5: before 02.20.142.10-10884


CPE2.3 External links

http://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

EUVDB-ID: #VU63069

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-24045

CWE-ID: CWE-614 - Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the application, after a successful login, sets the session cookie on the browser via client-side JavaScript code, without applying any security attributes. A remote user can gain unauthorized access to sensitive information on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Desigo DXR2: before 01.21.142.5-22

Desigo PXC3: before 01.21.142.4-1

Desigo PXC4: before 02.20.142.10-10884

Desigo PXC5: before 02.20.142.10-10884


CPE2.3 External links

http://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Input validation error

EUVDB-ID: #VU63070

Risk: Medium

CVSSv3.1: 7.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-24039

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to the "addCell" JavaScript function fails to properly sanitize user-controllable input before including it into the generated XML body of the XLS report document. A remote user can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Desigo PXC4: before 02.20.142.10-10884

Desigo PXC5: before 02.20.142.10-10884


CPE2.3 External links

http://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Uncaught Exception

EUVDB-ID: #VU63071

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-41545

CWE-ID: CWE-248 - Uncaught Exception

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to uncaught exception within the BACnet communication function. A remote attacker can cause a denial of service condition on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Desigo DXR2: before 01.21.142.5-22

Desigo PXC3: before 01.21.142.4-1

Desigo PXC4: before 02.20.142.10-10884

Desigo PXC5: before 02.20.142.10-10884


CPE2.3 External links

http://cert-portal.siemens.com/productcert/pdf/ssa-662649.pdf

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###