Overview
Siemens has released an update to fix vulnerabilities in their products. Users of affected versions are advised to update to the latest version.
Affected Products
CVE-2024-36398, CVE-2024-41940, CVE-2024-41939
- SINEC NMS version: ~ 3.0 (excluded)
CVE-2024-41903, CVE-2024-41904, CVE-2024-41905
- SINEC Traffic Analyzer version: ~ 2.0 (excluded)
CVE-2022-35868
- TIA Multiuser Server version: 14
- TIA Multiuser Server version: ~ 15.1 Update 8 (excluded)
- TIA Project-Server version: ~ 1.1 (excluded)
- TIA Project-Server version: 16
- TIA Project-Server version: ~ 17 Update 6 (excluded)
CVE-2024-41908
- NX version: ~ 2406.3000 (excluded)
CVE-2024-41976, CVE-2024-41977, CVE-2024-41978
- RUGGEDCOM RM1224 LTE (4G) EU version: ~ 8.1 (excluded)
- RUGGEDCOM RM1224 LTE (4G) NAM version: ~ 8.1 (excluded)
- SCALANCE M804PB version: ~ 8.1 (excluded)
- SCALANCE M812-1 ADSL-Router family version: ~ 8.1 (excluded)
- SCALANCE M816-1 ADSL-Router family version: ~ 8.1 (excluded)
- SCALANCE M826-2 SHDSL-Router version: ~ 8.1 (excluded)
- SCALANCE M874-2 version: ~ 8.1 (excluded)
- SCALANCE M874-3 version: ~ 8.1 (excluded)
- SCALANCE M874-3 3G-Router (CN) version: ~ 8.1 (excluded)
- SCALANCE M876-3 version: ~ 8.1 (excluded)
- SCALANCE M876-3 (ROK) version: ~ 8.1 (excluded)
- SCALANCE M876-4 versions: ~ 8.1 (excluded)
- SCALANCE M876-4 (EU) version: ~ 8.1 (excluded)
- SCALANCE M876-4 (NAM) version: ~ 8.1 (excluded)
- SCALANCE MUM853-1 (A1) version: ~ 8.1 (excluded)
- SCALANCE MUM853-1 (B1) version: ~ 8.1 (excluded)
- SCALANCE MUM853-1 (EU) version: ~ 8.1 (excluded)
- SCALANCE MUM856-1 (A1) version: ~ 8.1 (excluded)
- SCALANCE MUM856-1 (B1) version: ~ 8.1 (excluded)
- SCALANCE MUM856-1 (CN) version: ~ 8.1 (excluded)
- SCALANCE MUM856-1 (EU) version: ~ 8.1 (excluded)
- SCALANCE MUM856-1 (RoW) version: ~ 8.1 (excluded)
- SCALANCE S615 EEC LAN-Router version: ~ 8.1 (excluded)
- SCALANCE S615 LAN-Router version: ~ 8.1 (excluded)
Resolved Vulnerabilities
Running a subset of services as `NT AUTHORITY\SYSTEM` allows attackers to execute operating system commands with elevated privileges (CVE-2024-36398)
Failure to properly validate user input to the privileged command queue, which could allow an attacker to execute OS commands with elevated privileges (CVE-2024-41940)
A vulnerability in which privilege checks are not properly enforced, allowing an attacker to bypass checks and elevate privileges in the application (CVE-2024-41939)
Vulnerability where the root file system of a container could be mounted with read and write permissions, allowing an attacker to change the file system of the container, resulting in unauthorized modification and data corruption (CVE-2024-41903)
Excessive authentication attempt limits are not properly enforced, which could allow an attacker to conduct a brute force attack against legitimate user credentials or keys (CVE2024-41904)
No access controls for accessing files, which could allow attackers to access sensitive information (CVE-2024-41905)
Contained an untrusted search path vulnerability, which could allow an attacker to trick a legitimate user into escalating privileges when starting a service from an attacker-controlled path (CVE-2022-35868)
An out-of-bounds read vulnerability while parsing crafted PRT files could allow an attacker to crash the application or execute code in the context of the current process (CVE-2024-41908)
A vulnerability in certain VPN configuration fields that does not properly validate input, which could allow remote attackers to execute arbitrary code on the device (CVE-2024-41976)
Vulnerability in a web server component that did not properly enforce isolation between user sessions, allowing remote attackers to escalate privileges on the device (CVE-2024-41977)
Vulnerability that could allow remote attackers to forge another user’s 2FA token by injecting sensitive information about 2FA token generation into log files (CVE-2024-41978)
Vulnerability Patches
The following product-specific Vulnerability Patches were made available in the August 13, 2024 update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.
CVE-2024-36398, CVE-2024-41940, CVE-2024-41939
- SINEC NMS version: 3.0 and at least version 3.0
CVE-2024-41903, CVE-2024-41904, CVE-2024-41905
- SINEC Traffic Analyzer version: 2.at least version 0
CVE-2022-35868
- TIA Multiuser Server version: Currently no fix is planned
- TIA Multiuser Server version: 15.1 Update 8 or later
- TIA Project-Server version: 1.1 or later
- TIA Project-Server version: Currently no fix is planned
- TIA Project-Server version: 17 Update 6 or later
CVE-2024-41908
- NX version: 2406.3000 or later
CVE-2024-41976, CVE-2024-41977, CVE-2024-41978
- RUGGEDCOM RM1224 LTE (4G) EU version: 8.1
- RUGGEDCOM RM1224 LTE(4G) NAM version: 8.1
- SCALANCE M804PB version: 8.1
- SCALANCE M812-1 ADSL-Router family version: 8.1
- SCALANCE M816-1 ADSL-Router family version: 8.1
- SCALANCE M826-2 SHDSL-Router version: 8.1
- SCALANCE M874-2 version: 8.1
- SCALANCE M874-3 version: 8.1
- SCALANCE M874-3 3G-Router (CN) version: 8.1
- SCALANCE M876-3 version: 8.1
- SCALANCE M876-3 (ROK) version: 8.1
- SCALANCE M876-4 version: 8.1
- SCALANCE M876-4 (EU) version: 8.1
- SCALANCE M876-4 (NAM) version: 8.1
- SCALANCE MUM853-1 (A1) version: 8.1
- SCALANCE MUM853-1 (B1) version: 8.1
- SCALANCE MUM853-1 (EU) version: 8.1
- SCALANCE MUM856-1 (A1) version: 8.1
- SCALANCE MUM856-1 (B1) version: 8.1
- SCALANCE MUM856-1 (CN) version: 8.1
- SCALANCE MUM856-1 (EU) version: 8.1
- SCALANCE MUM856-1 (RoW) version: 8.1
- SCALANCE S615 EEC LAN-Router version: 8.1
- SCALANCE S615 LAN-Router version: 8.1
References
[1] SSA-784301: Multiple Vulnerabilities in SINEC NMS Before V3.0
https://cert-portal.siemens.com/productcert/html/ssa-784301.html
[2] SSA-640968: Untrusted Search Path Vulnerability in TIA Project-Server formerly known as TIA Multiuser Server
https://cert-portal.siemens.com/productcert/html/ssa-640968.html
[3] SSA-716317: Multiple Vulnerability in SINEC Traffic Analyzer Before V2.0
https://cert-portal.siemens.com/productcert/html/ssa-716317.html
[4] SSA-357412: PRT File Parsing Vulnerability in NX Before V2406.3000
https://cert-portal.siemens.com/productcert/html/ssa-357412.html
[5] SSA-087301: Multiple Vulnerabilities in SCALANCE M-800 Family Before V8.1
https://cert-portal.siemens.com/productcert/html/ssa-087301.html
Article Link: Siemens Product Security Update Advisory – ASEC