SB2023121430 - Multiple vulnerabilities in Siemens SINEC INS

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2023121430

SB2023121430 - Multiple vulnerabilities in Siemens SINEC INS

Published: December 14, 2023

Security Bulletin ID SB2023121430
Severity
High
Patch available
YES
Number of vulnerabilities 7
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 14% Medium 43% Low 43%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 7 secuirty vulnerabilities.


1) Resource exhaustion (CVE-ID: CVE-2023-0464)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources when verifying X.509 certificate chains that include policy constraints. A remote attacker can create a specially crafted certificate to trigger resource exhaustion and perform a denial of service (DoS) attack.


2) Information disclosure (CVE-ID: CVE-2023-27538)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the way libcurl handles previously used connections in a connection pool for subsequent transfers. Several SSH settings were left out from the configuration match checks, resulting in erroneous matches for different resources. As a result, libcurl can send authentication string from one resource to another, exposing credentials to a third-party.

3) Improper Certificate Validation (CVE-ID: CVE-2023-48427)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to improper certificate validation of the configured UMC server. A remote attacker can intercept credentials that are sent to the UMC server and manipulate responses, leading to privilege escalation.


4) OS Command Injection (CVE-ID: CVE-2023-48428)

The vulnerability allows a remote user to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation in the radius configuration mechanism. A remote administrator can pass specially crafted data to the application and execute arbitrary OS commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


5) Unexpected Status Code or Return Value (CVE-ID: CVE-2023-48429)

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to the Web UI of affected devices does not check the length of parameters in certain conditions. A remote administrator can send a specially crafted request to the server and cause a denial of service condition on the target system.


6) Input validation error (CVE-ID: CVE-2023-48430)

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to the REST API of affected devices does not check the length of parameters in certain conditions. A remote administrator can pass specially crafted input to the application and perform a denial of service (DoS) attack.


7) Improper Check for Unusual or Exceptional Conditions (CVE-ID: CVE-2023-48431)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to the affected software does not correctly validate the response received by an UMC server. A remote attacker can send specially crafted data to the application and perform a denial of service (DoS) attack.


Remediation

Install update from vendor's website.

References