As of January 10, 2023, a significant shift in how Siemens handles vulnerabilities in its product line has been implemented: CISA will no longer be updating Industrial Control Systems (ICS) security advisories for Siemens products beyond the initial advisory announcement. For those using or maintaining systems relying on Siemens products, it is crucial to stay informed directly through Siemens' own ProductCERT Security Advisories, available on their official site.
CISA further advises:
For detailed insights and continual updates, direct your attention to the Siemens-related security advisory and consider establishing a protocol within your organization for reporting and addressing potential exploitation attempts.
For complete details, you can access the full CISA advisory here.
Source: CISA Siemens Questa and ModelSim
Executive Summary
This advisory highlights vulnerabilities within Siemens Questa and ModelSim. Both platforms are widely used in critical manufacturing sectors worldwide. Here are the key takeaways:- CVSS Scores: The vulnerabilities have a CVSS v4 score of 5.4, indicating moderate severity.
- Exploitation: These vulnerabilities are exploitable locally, emphasizing the importance of internal security measures.
- Impact: If an attacker successfully exploits these vulnerabilities, they may inject arbitrary code and escalate their privileges.
Risk Evaluation
The implications of the vulnerabilities found in Questa and ModelSim are grave. Successful exploitation allows attackers to gain unauthorized access to the system, which can lead to unauthorized code execution and escalated privileges. This is particularly concerning in environments handling sensitive data or critical operations.Technical Details
Affected Products
If you are working with Siemens Questa or ModelSim, please note that all versions before V2024.3 are susceptible to security flaws:- ModelSim: All versions prior to V2024.3
- Questa: All versions prior to V2024.3
Description of Vulnerabilities
Three main vulnerabilities have been identified concerning Uncontrolled Search Path Elements (CWE-427), which can be exploited if the runtime environment allows loading of DLLs or executables from a user-accessible directory.- vish2.exe: This application can load a specific DLL from the current working directory, posing risks if executed from a directory writable by users.
- CVE-2024-47194
- CVSS v3.1 Base Score: 6.7 | CVSS v4 Base Score: 5.4
- CVE-2024-47195
- CVSS v3.1 Base Score: 6.7 | CVSS v4 Base Score: 5.4
- CVE-2024-47196
- CVSS v3.1 Base Score: 6.7 | CVSS v4 Base Score: 5.4
Background
Siemens, established in Germany, has made substantial contributions to critical manufacturing across various countries. The rapid deployment of their software solutions means that security risks must be taken seriously.Research and Reporting
Credit for identifying these vulnerabilities goes to a researcher known as ycdxsb, who reported them to Siemens and subsequently to CISA.Mitigation Strategies
Siemens has provided specific recommendations to address these vulnerabilities:- Update Software: Upgrade to ModelSim and Questa version V2024.3 or later.
- Harden Application Servers: Limit local access to the application servers, especially against untrusted personnel.
CISA further advises:
- Minimize the exposure of control system devices to the internet.
- Implement VPNs for remote access while recognizing their potential vulnerabilities.
- Regularly update systems to remain protected against evolving threats.
Engaging with CISA's Resources
Organizations are encouraged to familiarize themselves with CISA’s provided resources on cybersecurity best practices. This includes guidance on control systems security and proactive defense strategies.For detailed insights and continual updates, direct your attention to the Siemens-related security advisory and consider establishing a protocol within your organization for reporting and addressing potential exploitation attempts.
Conclusion
As users of Siemens Questa and ModelSim, understanding the risks associated with these vulnerabilities is essential. Implementing the suggested mitigations will not only protect critical manufacturing systems but also enhance overall cybersecurity resilience. Stay vigilant, keep software updated, and leverage organizational protocols to foster a culture of security awareness.For complete details, you can access the full CISA advisory here.
Source: CISA Siemens Questa and ModelSim