Multiple vulnerabilities in Siemens SCALANCE LPE9403



Published: 2022-06-15 | Updated: 2022-12-22
Risk High
Patch available YES
Number of vulnerabilities 11
CVE-ID CVE-2020-27304
CVE-2021-20317
CVE-2021-33910
CVE-2021-36221
CVE-2021-39293
CVE-2021-33196
CVE-2021-41089
CVE-2021-41091
CVE-2021-41092
CVE-2021-41103
CVE-2022-0847
CWE-ID CWE-22
CWE-665
CWE-789
CWE-362
CWE-770
CWE-400
CWE-281
CWE-200
CWE-276
CWE-908
Exploitation vector Network
Public exploit Public exploit code for vulnerability #3 is available.
Vulnerability #11 is being exploited in the wild.
Vulnerable software
Subscribe
SCALANCE LPE9403
Hardware solutions / Routers & switches, VoIP, GSM, etc

Vendor Siemens

Security Bulletin

This security bulletin contains information about 11 vulnerabilities.

1) Path traversal

EUVDB-ID: #VU61251

Risk: High

CVSSv3.1:

CVE-ID: CVE-2020-27304

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences within the mg_handle_form_request API. A remote attacker can send a specially crafted HTTP request and upload arbitrary files on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SCALANCE LPE9403: before 2.0


CPE2.3
External links

http://cert-portal.siemens.com/productcert/txt/ssa-222547.txt

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

2) Improper Initialization

EUVDB-ID: #VU58208

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-20317

CWE-ID: CWE-665 - Improper Initialization

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper initialization the Linux kernel. A corrupted timer tree causes the task wakeup to be missing in the timerqueue_add function in lib/timerqueue.c. A local user can run a specially crafted application to crash the kernel.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SCALANCE LPE9403: before 2.0


CPE2.3
External links

http://cert-portal.siemens.com/productcert/txt/ssa-222547.txt

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

3) Uncontrolled Memory Allocation

EUVDB-ID: #VU55034

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-33910

CWE-ID: CWE-789 - Uncontrolled Memory Allocation

Exploit availability: Yes

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to stack exhaustion within the basic/unit-name.c in systemd. A local user can crash the systemd (PID 1) and cause a kernel panic.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SCALANCE LPE9403: before 2.0


CPE2.3
External links

http://cert-portal.siemens.com/productcert/txt/ssa-222547.txt

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

4) Race condition

EUVDB-ID: #VU55668

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-36221

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a race condition in net/http/httputil ReverseProxy when handling ErrAbortHandler events. A remote attacker can trigger a race condition and crash the ReverseProxy.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SCALANCE LPE9403: before 2.0


CPE2.3
External links

http://cert-portal.siemens.com/productcert/txt/ssa-222547.txt

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

5) Allocation of Resources Without Limits or Throttling

EUVDB-ID: #VU60921

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-39293

CWE-ID: CWE-770 - Allocation of Resources Without Limits or Throttling

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper validation of archive/zip in Go programming language when processing archive header. A remote attacker can pass a specially crafted file to the application and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SCALANCE LPE9403: before 2.0


CPE2.3
External links

http://cert-portal.siemens.com/productcert/txt/ssa-222547.txt

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

6) Resource exhaustion

EUVDB-ID: #VU54521

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-33196

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources when parsing archives. A remote attacker can pass a specially crafted .zip file to the application, trigger resource exhaustion and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SCALANCE LPE9403: before 2.0


CPE2.3
External links

http://cert-portal.siemens.com/productcert/txt/ssa-222547.txt

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

7) Improper Preservation of Permissions

EUVDB-ID: #VU64415

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-41089

CWE-ID: CWE-281 - Improper preservation of permissions

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions, which leads to security restrictions bypass and privilege escalation.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SCALANCE LPE9403: before 2.0


CPE2.3
External links

http://cert-portal.siemens.com/productcert/txt/ssa-222547.txt

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

8) Improper Preservation of Permissions

EUVDB-ID: #VU64416

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-41091

CWE-ID: CWE-281 - Improper preservation of permissions

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions, which leads to security restrictions bypass and privilege escalation.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SCALANCE LPE9403: before 2.0


CPE2.3
External links

http://cert-portal.siemens.com/productcert/txt/ssa-222547.txt

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

9) Information disclosure

EUVDB-ID: #VU64417

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-41092

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application. A remote attacker can gain unauthorized access to sensitive information on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SCALANCE LPE9403: before 2.0


CPE2.3
External links

http://cert-portal.siemens.com/productcert/txt/ssa-222547.txt

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

10) Incorrect default permissions

EUVDB-ID: #VU57038

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-41103

CWE-ID: CWE-276 - Incorrect Default Permissions

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to incorrect default permissions for container root directories and some plugins. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host can discover, read, and modify those files.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SCALANCE LPE9403: before 2.0


CPE2.3
External links

http://cert-portal.siemens.com/productcert/txt/ssa-222547.txt

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

11) Use of uninitialized resource

EUVDB-ID: #VU61110

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-0847

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: Yes

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to usage of an uninitialized resources. A local user can overwrite arbitrary file in the page cache, even if the file is read-only, and execute arbitrary code on the system with elevated privileges.

The vulnerability was dubbed Dirty Pipe.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SCALANCE LPE9403: before 2.0


CPE2.3
External links

http://cert-portal.siemens.com/productcert/txt/ssa-222547.txt

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###