#VU10112 Stack-based buffer overflow in Siemens Server applications
Vulnerability identifier: #VU10112
Vulnerability risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-121
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
SIMATIC WinCC Add-On SIPAPER IT MIS
Server applications /
SCADA systems
SIMATIC WinCC Add-On SICEMENT IT MIS
Server applications /
SCADA systems
SIMATIC WinCC Add-On PM-QUALITY
Server applications /
SCADA systems
SIMATIC WinCC Add-On PM-OPEN TCP/IP
Server applications /
SCADA systems
SIMATIC WinCC Add-On PM-OPEN PV02
Server applications /
SCADA systems
SIMATIC WinCC Add-On PM-OPEN PI
Server applications /
SCADA systems
SIMATIC WinCC Add-On PM-OPEN IMPORT
Server applications /
SCADA systems
SIMATIC WinCC Add-On PM-OPEN HOST-S
Server applications /
SCADA systems
SIMATIC WinCC Add-On PM-OPEN EXPORT
Server applications /
SCADA systems
SIMATIC WinCC Add-On PM-MAINT
Server applications /
SCADA systems
SIMATIC WinCC Add-On PM-CONTROL
Server applications /
SCADA systems
SIMATIC WinCC Add-On PM-ANALYZE
Server applications /
SCADA systems
SIMATIC WinCC Add-On PM-AGENT
Server applications /
SCADA systems
SIMATIC WinCC Add-On PI CONNECT AUDIT TRAIL
Server applications /
SCADA systems
SIMATIC WinCC Add-On PI CONNECT ALARM
Server applications /
SCADA systems
SIMATIC WinCC Add-On Historian CONNECT ALARM
Server applications /
SCADA systems
Vendor: Siemens
Description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to stack-based buffer overflow. A remote attacker can send language packs containing malformed filenames, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
Mitigation
Install update from vendor's website.
Vulnerable software versions
SIMATIC WinCC Add-On SIPAPER IT MIS: All versions
SIMATIC WinCC Add-On SICEMENT IT MIS: All versions
SIMATIC WinCC Add-On PM-QUALITY: All versions
SIMATIC WinCC Add-On PM-OPEN TCP/IP: All versions
SIMATIC WinCC Add-On PM-OPEN PV02: All versions
SIMATIC WinCC Add-On PM-OPEN PI: All versions
SIMATIC WinCC Add-On PM-OPEN IMPORT: All versions
SIMATIC WinCC Add-On PM-OPEN HOST-S: All versions
SIMATIC WinCC Add-On PM-OPEN EXPORT: All versions
SIMATIC WinCC Add-On PM-MAINT: All versions
SIMATIC WinCC Add-On PM-CONTROL: All versions
SIMATIC WinCC Add-On PM-ANALYZE: All versions
SIMATIC WinCC Add-On PM-AGENT: All versions
SIMATIC WinCC Add-On PI CONNECT AUDIT TRAIL: All versions
SIMATIC WinCC Add-On PI CONNECT ALARM: All versions
SIMATIC WinCC Add-On Historian CONNECT ALARM: All versions
External links
http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-127490.pdf
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
