#VU80878 Time-of-check Time-of-use (TOCTOU) Race Condition in Siemens products - CVE-2022-24351

Cybersecurity Help s.r.o.

Published: 2023-09-19

Vulnerability identifier: #VU80878

Vulnerability risk: Low

CVSSv4.0: 2.1 [CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-24351

CWE-ID: CWE-367

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
RUGGEDCOM APE1808 ADM
Hardware solutions / Firmware
RUGGEDCOM APE1808 ADM CC
Hardware solutions / Firmware
RUGGEDCOM APE1808 CKP
Hardware solutions / Firmware
RUGGEDCOM APE1808 CKP CC
Hardware solutions / Firmware
RUGGEDCOM APE1808 CLOUDCONNECT
Hardware solutions / Firmware
RUGGEDCOM APE1808 CLOUDCONNECT CC
Hardware solutions / Firmware
RUGGEDCOM APE1808 ELAN
Hardware solutions / Firmware
RUGGEDCOM APE1808 ELAN CC
Hardware solutions / Firmware
RUGGEDCOM APE1808 SAM-L
Hardware solutions / Firmware
RUGGEDCOM APE1808 SAM-L CC
Hardware solutions / Firmware
RUGGEDCOM APE1808CLA-P
Hardware solutions / Firmware
RUGGEDCOM APE1808CLA-P CC
Hardware solutions / Firmware
RUGGEDCOM APE1808CLA-S1
Hardware solutions / Firmware
RUGGEDCOM APE1808CLA-S1 CC
Hardware solutions / Firmware
RUGGEDCOM APE1808CLA-S3
Hardware solutions / Firmware
RUGGEDCOM APE1808CLA-S3 CC
Hardware solutions / Firmware
RUGGEDCOM APE1808CLA-S5
Hardware solutions / Firmware
RUGGEDCOM APE1808CLA-S5 CC
Hardware solutions / Firmware
RUGGEDCOM APE1808LNX
Hardware solutions / Firmware
RUGGEDCOM APE1808LNX CC
Hardware solutions / Firmware
RUGGEDCOM APE1808W10
Hardware solutions / Firmware
RUGGEDCOM APE1808W10 CC
Hardware solutions / Firmware

Vendor: Siemens

Description

The vulnerability allows a local attacker to compromise the target system.

The vulnerability exists due to a time-of-check, time-of-use (TOCTOU) race condition. A local attacker can alter data and code used by the remainder of the boot process.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

RUGGEDCOM APE1808 ADM: before 1.0.212N

RUGGEDCOM APE1808 ADM CC: before 1.0.212N

RUGGEDCOM APE1808 CKP: before 1.0.212N

RUGGEDCOM APE1808 CKP CC: before 1.0.212N

RUGGEDCOM APE1808 CLOUDCONNECT: before 1.0.212N

RUGGEDCOM APE1808 CLOUDCONNECT CC: before 1.0.212N

RUGGEDCOM APE1808 ELAN: before 1.0.212N

RUGGEDCOM APE1808 ELAN CC: before 1.0.212N

RUGGEDCOM APE1808 SAM-L: before 1.0.212N

RUGGEDCOM APE1808 SAM-L CC: before 1.0.212N

RUGGEDCOM APE1808CLA-P: before 1.0.212N

RUGGEDCOM APE1808CLA-P CC: before 1.0.212N

RUGGEDCOM APE1808CLA-S1: before 1.0.212N

RUGGEDCOM APE1808CLA-S1 CC: before 1.0.212N

RUGGEDCOM APE1808CLA-S3: before 1.0.212N

RUGGEDCOM APE1808CLA-S3 CC: before 1.0.212N

RUGGEDCOM APE1808CLA-S5: before 1.0.212N

RUGGEDCOM APE1808CLA-S5 CC: before 1.0.212N

RUGGEDCOM APE1808LNX: before 1.0.212N

RUGGEDCOM APE1808LNX CC: before 1.0.212N

RUGGEDCOM APE1808W10: before 1.0.212N

RUGGEDCOM APE1808W10 CC: before 1.0.212N

External links
https://cert-portal.siemens.com/productcert/txt/ssa-957369.txt

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Dell Client Platform update for INSYDE UEFI BIOS

Multiple vulnerabilities in Siemens RUGGEDCOM APE1808 Product Family