As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
1. EXECUTIVE SUMMARY
- CVSS v3 7.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: SIMATIC S7-1500
- Vulnerabilities: Improper Check for Unusual or Exceptional Conditions, Improper Input Validation, Use After Free, Out-of-bounds Write
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attack to cause a heap-based buffer overflow, local privilege escalation, kernel information leak, and a denial-of-service condition.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following Siemens products are affected:
- Siemens SIMATIC S7-1500 TM MFP (GNU/Linux subsystem): All versions
3.2 Vulnerability Overview
3.2.1 IMPROPER CHECK FOR UNUSUAL OR EXCEPTIONAL CONDITIONS CWE-754
Applications that use the functions DH_generate_key() to generate an X9.42 DH key may experience long delays. Likewise, applications that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check() to check an X9.42 DH key or X9.42 DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source, this may lead to a denial-of-service condition. An application that calls DH_generate_key() or DH_check_pub_key() and supplies a key or parameters obtained from an untrus
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: