SB2022061528 - Multiple vulnerabilities in Siemens SCALANCE LPE9403

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2022061528

SB2022061528 - Multiple vulnerabilities in Siemens SCALANCE LPE9403

Published: June 15, 2022 Updated: July 5, 2024

Security Bulletin ID SB2022061528
Severity
High
Patch available
YES
Number of vulnerabilities 11
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 9% Medium 36% Low 55%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 11 secuirty vulnerabilities.


1) Path traversal (CVE-ID: CVE-2020-27304)

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences within the mg_handle_form_request API. A remote attacker can send a specially crafted HTTP request and upload arbitrary files on the system.


2) Improper Initialization (CVE-ID: CVE-2021-20317)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper initialization the Linux kernel. A corrupted timer tree causes the task wakeup to be missing in the timerqueue_add function in lib/timerqueue.c. A local user can run a specially crafted application to crash the kernel.


3) Uncontrolled Memory Allocation (CVE-ID: CVE-2021-33910)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to stack exhaustion within the basic/unit-name.c in systemd. A local user can crash the systemd (PID 1) and cause a kernel panic.


4) Race condition (CVE-ID: CVE-2021-36221)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a race condition in net/http/httputil ReverseProxy when handling ErrAbortHandler events. A remote attacker can trigger a race condition and crash the ReverseProxy.


5) Allocation of Resources Without Limits or Throttling (CVE-ID: CVE-2021-39293)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper validation of archive/zip in Go programming language when processing archive header. A remote attacker can pass a specially crafted file to the application and perform a denial of service (DoS) attack.


6) Resource exhaustion (CVE-ID: CVE-2021-33196)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources when parsing archives. A remote attacker can pass a specially crafted .zip file to the application, trigger resource exhaustion and perform a denial of service (DoS) attack.


7) Improper Preservation of Permissions (CVE-ID: CVE-2021-41089)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions, which leads to security restrictions bypass and privilege escalation.


8) Improper Preservation of Permissions (CVE-ID: CVE-2021-41091)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions, which leads to security restrictions bypass and privilege escalation.


9) Information disclosure (CVE-ID: CVE-2021-41092)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application. A remote attacker can gain unauthorized access to sensitive information on the system.


10) Incorrect default permissions (CVE-ID: CVE-2021-41103)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to incorrect default permissions for container root directories and some plugins. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host can discover, read, and modify those files.


11) Use of uninitialized resource (CVE-ID: CVE-2022-0847)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to usage of an uninitialized resources. A local user can overwrite arbitrary file in the page cache, even if the file is read-only, and execute arbitrary code on the system with elevated privileges.

The vulnerability was dubbed Dirty Pipe.


Remediation

Install update from vendor's website.

References