ICSA-18-345-02 Siemens SINUMERIK Controllers (Update A)

🗓️ 11 Dec 2018 00:00:00Reported by Industrial Control Systems Cyber Emergency Response TeamType

ics🔗 www.cisa.gov👁 65 Views

Siemens SINUMERIK Controllers (Update A). Vulnerabilities: Buffer Overflow, Integer Overflow, Mechanism Failure, Permissions, Privileges, Access Controls

Reporter	Title	Published	Views	Family All 74
BDU FSTEC	The vulnerability of Siemens Sinumerik CNC microprogramming software, related to overflow in dynamic memory, allows a intruder to execute arbitrary code.	22 Jan 201900:00	–	bdu_fstec
BDU FSTEC	The vulnerability of Siemens Sinumerik programmable logic controllers lies in the integer overflow that occurs in the VNC server. This allows a perpetrator to execute arbitrary code with privileged privileges.	22 Jan 201900:00	–	bdu_fstec
BDU FSTEC	The vulnerability of Siemens Sinumeric programmable logic controllers lies in the insufficient protection of the configuration file, allowing a hacker to execute arbitrary code with elevated privileges.	22 Jan 201900:00	–	bdu_fstec
BDU FSTEC	The vulnerability of Siemens Sinumerik programmable logic controllers lies in the improper use of protection mechanisms, allowing a perpetrator to execute arbitrary code with root privileges.	22 Jan 201900:00	–	bdu_fstec
BDU FSTEC	The vulnerability of Siemens Sinumerik programmable logic controllers lies in errors in control of resolution settings, which allows a intruder to exploit a privileged command to gain enhanced privileges.	22 Jan 201900:00	–	bdu_fstec
BDU FSTEC	The vulnerability of Siemens Sinumerik programmable logic controllers, related to errors in control of resolution settings, allows attackers to escalate their privileges.	22 Jan 201900:00	–	bdu_fstec
BDU FSTEC	The vulnerability of Siemens Sinumerik programmable logic controllers lies in buffer overflows in their applications, which allow attackers to execute arbitrary code with elevated privileges.	22 Jan 201900:00	–	bdu_fstec
BDU FSTEC	The vulnerability of Siemens Sinumerik programmable logic controllers is related to an error in processing network packets by the VNC server. This error allows a intruder to trigger a service failure of the VNC server.	22 Jan 201900:00	–	bdu_fstec
BDU FSTEC	The vulnerability of Siemens Sinumerik programmable logic controllers lies in errors during exception handling, which allow intruders to read arbitrary data or execute arbitrary code in the kernel mode.	22 Jan 201900:00	–	bdu_fstec
BDU FSTEC	The vulnerability of Siemens Sinumerik programmable logic controllers lies in their exception handling errors, which allow attackers to trigger a service failure of the embedded network interface or execute arbitrary code within the context of the network interface.	22 Jan 201900:00	–	bdu_fstec

Source	Link
cert-portal	www.cert-portal.siemens.com/productcert/txt/ssa-170881.txt
raw	www.raw.githubusercontent.com/cisagov/CSAF/refs/heads/develop/csaf_files/OT/white/2018/icsa-18-345-02.json
cisa	www.cisa.gov/news-events/ics-advisories/icsa-18-345-02
cisa	www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01
cisa	www.cisa.gov/resources-tools/resources/ics-recommended-practices
cisa	www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf
cisa	www.cisa.gov/topics/industrial-control-systems
us-cert	www.us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf
cisa	www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B

11 Dec 2018 00:00Current

8.7High risk

Vulners AI Score8.7

CVSS 39.8

CVSS 29.3

EPSS0.10541