As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
1. EXECUTIVE SUMMARY
- CVSS v3 8.2
- ATTENTION: Low Attack Complexity
- Vendor: Siemens
- Equipment: RUGGEDCOM APE1808 Product Family
- Vulnerabilities: Exposure of Sensitive Information to an Unauthorized Actor, Buffer Underflow, Classic Buffer Overflow, Time-of-check Time-of-use Race Condition, Out-of-bounds Read, Improper Restriction of Operations within the Bounds of a Memory Buffer, Out-of-bounds Write, Improper Input Validation, Missing Release of Memory after Effective Lifetime, Improperly Implemented Security Check for Standard, Plaintext Storage of a Password
2. RISK EVALUATION
Successful exploitation of these vulnerabilities on affected products could lead to information disclosure, system crash or escalation of privileges.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
Siemens reports that the following products contain affected versions of Insyde BIOS:
- RUGGEDCOM APE1808 ADM (6GK6015-0AL20-0GL0): BIOS versions prior to V1.0.212N
- RUGGEDCOM APE1808 ADM CC (6GK6015-0AL20-0GL1): BIOS versions prior to V1.0.212N
- RUGGEDCOM APE1808 CKP (6GK6015-0AL20-0GK0): BIOS versions prior to V1.0.212N
- RUGGEDCOM APE1808 CKP CC (6GK6015-0AL20-0GK1): BIOS versions prior to V1.0.212N
- RUGGEDCOM APE1808 CLOUDCONNECT (6GK6015-0AL20-0GM0): BIOS versions prior to V1.0.212N
- RUGGEDCOM APE1808 CLOUDCONNECT CC (6GK6015-0AL20-0GM1): BIOS versions < V1.0.212N
- RUGGEDCOM APE1808 ELAN (6GK6015-0AL20-0GP0): BIOS versions prior to V1.0.212N
- RUGGEDCOM APE1808 ELAN CC (6GK6015-0AL20-0GP1): BIOS versions prior to V1.0.212N
- RUGGEDCOM APE1808 SAM-L (6GK6015-0AL20-0GN0): BIOS versions prior to V1.0.212N
- RUGGEDCOM APE1808 SAM-L CC (6GK601
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.This article has been indexed from All CISA AdvisoriesRead the original article: