SB2024081438 - Multiple vulnerabilities in Siemens Location Intelligence

Security Bulletin ID SB2024081438

Severity

Medium

Patch available

YES

Number of vulnerabilities 3

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) Inadequate Encryption Strength (CVE-ID: CVE-2024-41681)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the web server is configured to support weak ciphers by default. A remote attacker on the local network can read and modify any data passed over the connection between legitimate clients and the affected device.

2) Improper Restriction of Excessive Authentication Attempts (CVE-ID: CVE-2024-41682)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to improper restriction of excessive authentication attempts. A remote attacker can conduct brute force attacks against legitimate user passwords.

3) Weak password requirements (CVE-ID: CVE-2024-41683)

The vulnerability allows an attacker to perform brute-force attack and guess the password.

The vulnerability exists due to weak password requirements. An attacker can perform a brute-force attack and guess users' passwords.

Remediation

Install update from vendor's website.

References

https://cert-portal.siemens.com/productcert/html/ssa-720392.html