As of January 10, 2023, the Cybersecurity and Infrastructure Security Agency (CISA) announced a significant change in its approach towards updating security advisories regarding vulnerabilities related to Siemens products. The latest information can now be found directly on Siemens' ProductCERT Security Advisories.
The vulnerability has been tracked as CVE-2024-47783, with CVSS v3 assigning a base score of 7.8 and a vector string of
For further information, users can find more details in the Siemens security advisory SSA-064257.
Stay alert, stay secure, and don’t forget to keep your systems updated!
Source: CISA Siemens SIPORT
Executive Summary
Recent advisories reveal a critical vulnerability impacting Siemens SIPORT systems, specifically versions prior to V3.4.0. This vulnerability is categorized under the Common Vulnerability Scoring System (CVSS) with an impressive score of 8.5 (CVSS v4). The nature of the vulnerability, identified as "Incorrect Permission Assignment for Critical Resource," poses a serious risk under circumstances of low attack complexity.Key Details:
- CVSS v4 Score: 8.5
- Vendor: Siemens
- Affected Equipment: SIPORT (versions < V3.4.0)
- Vulnerability Type: Incorrect Permission Assignment
Risk Evaluation
Attackers with local but unprivileged accounts could exploit this vulnerability, permitting them to override or modify service executables. This could lead to elevated privileges, allowing malicious parties to execute unauthorized actions within the systems.Technical Details
Affected Products
- Siemens SIPORT: Versions earlier than V3.4.0 are notably vulnerable.
Vulnerability Overview
The vulnerability revolves around a critical weakness characterized by improper assignment of file permissions to installation folders. As described in CWE-732, this flaw permits local attackers to manipulate service executables, resulting in a potential escalation of privileges.The vulnerability has been tracked as CVE-2024-47783, with CVSS v3 assigning a base score of 7.8 and a vector string of
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.Background
- Critical Infrastructure Sectors: Commercial Facilities
- Global Deployment: Siemens products are used worldwide, with headquarters in Germany.
- Researcher: The vulnerability was reported to CISA by Siemens.
Mitigations
To assuage the associated risks, Siemens outlines several recommendations:- Permissions: Remove write permissions for non-administrative users on files and folders associated with the installation path.
- Update Required: Users are urged to upgrade their systems to V3.4.0 or later.
- Employ robust mechanisms to protect network access.
- Configure the environment according to the Siemens' operational guidelines for industrial security.
- Regularly review and follow recommendations outlined in product manuals.
CISA Guidance
CISA provides comprehensive defensive strategies, including:- Minimizing the external exposure of control system devices.
- Utilizing firewalls to isolate control networks from business networks.
- Secure remote access via updated VPNs, recognizing that VPNs may contain vulnerabilities themselves.
Conclusion
While Siemens continues to manage risks associated with this vulnerability, users of SIPORT systems are strongly advised to proactively address these concerns. Following the outlined measures will help mitigate risks and fortify defenses against potential exploitation. As always, the best defense is an informed and proactive approach to cybersecurity.For further information, users can find more details in the Siemens security advisory SSA-064257.
Stay alert, stay secure, and don’t forget to keep your systems updated!
Source: CISA Siemens SIPORT