SB2023011137 - Multiple vulnerabilities in Siemens SINEC INS
Published: January 11, 2023 Updated: February 22, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 13 secuirty vulnerabilities.
1) Improper Check or Handling of Exceptional Conditions (CVE-ID: CVE-2022-32212)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to IsIPAddress does not properly checks if an IP address is invalid or not. A remote unauthenticated attacker can exploit this vulnerability to bypass the IsAllowedHost check and execute arbitrary code on the system.
2) Inconsistent interpretation of HTTP requests (CVE-ID: CVE-2022-35256)
The vulnerability allows a remote attacker to perform HTTP request smuggling attacks.
The vulnerability exists due to improper validation of HTTP requests. A remote attacker can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.
Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.
3) Use of insufficiently random values (CVE-ID: CVE-2022-35255)
The vulnerability allows a remote attacker to decrypt sensitive information.
The vulnerability exists due to usage of weak randomness in WebCrypto keygen within the SecretKeyGenTraits::DoKeyGen() in src/crypto/crypto_keygen.cc. A remote attacker can decrypt sensitive information.
4) Security features bypass (CVE-ID: CVE-2022-32222)
The vulnerability allows a remote attacker to bypass security restrictions
The vulnerability exists due to Node.js after start on linux based systems attempts to read /home/iojs/build/ws/out/Release/obj.target/deps/openssl/openssl.cnf, which ordinarily doesn't exist. A remote unauthenticated attacker can attemp to read openssl.cnf from /home/iojs/build/ upon startup to create this file and affect the default OpenSSL configuration for other users.
5) Inconsistent interpretation of HTTP requests (CVE-ID: CVE-2022-32215)
The vulnerability allows a remote attacker to perform HTTP request smuggling attacks.
The vulnerability exists due to llhttp parser in the http module does not correctly handle multi-line Transfer-Encoding headers. A remote attacker can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.
Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.
6) Inconsistent interpretation of HTTP requests (CVE-ID: CVE-2022-32213)
The vulnerability allows a remote attacker to perform HTTP request smuggling attacks.
The vulnerability exists due to improper validation of HTTP requests. A remote attacker can send a specially-crafted request to lead to HTTP Request Smuggling to poison the web cache, bypass web application firewall protection, and conduct XSS attacks.
7) Heap-based buffer overflow (CVE-ID: CVE-2022-2274)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. A remote attacker can pass specially crafted data to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
SSL/TLS servers or other servers using 2048 bit RSA private keys running on machines supporting AVX512IFMA instructions of the X86_64 architecture are affected by this issue.
8) Missing Encryption of Sensitive Data (CVE-ID: CVE-2022-2097)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to an error in AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimized implementation. Under specific circumstances OpenSSL does not encrypt the entire message and can reveal sixteen bytes of data that was preexisting in the memory that wasn't written. A remote attacker can gain access to potentially sensitive information.
9) OS Command Injection (CVE-ID: CVE-2022-1292)
The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation in the c_rehash script distributed by some operating systems. A remote attacker with ability to pass data to c_rehash script can and execute arbitrary OS commands with the privileges of the script.
10) OS Command Injection (CVE-ID: CVE-2022-2068)
The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation in the c_rehash script distributed by some operating systems. A remote attacker with ability to pass data to c_rehash script can and execute arbitrary OS commands with the privileges of the script.
The vulnerability exists due to incomplete fix for #VU62765 (CVE-2022-1292).
11) Path traversal (CVE-ID: CVE-2022-45093)
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences. A remote user can send a specially crafted HTTP request to read and write arbitrary files on the system.
12) Command Injection (CVE-ID: CVE-2022-45094)
The vulnerability allows a remote user to execute arbitrary commands on the target system.
The vulnerability exists due to improper input validation in the dhcpd configuration. A remote administrator on the local network can pass specially crafted data to the application and execute arbitrary commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
13) Path traversal (CVE-ID: CVE-2022-45092)
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences. A remote user can send a specially crafted HTTP request to read and write arbitrary files on the system.
Remediation
Install update from vendor's website.