Siemens SINAMICS Medium Voltage Products Remote Access (Update B)

🗓️ 11 May 2021 00:00:00Reported by Industrial Control Systems Cyber Emergency Response TeamType

ics🔗 www.cisa.gov👁 54 Views

Siemens SINAMICS Medium Voltage Products Remote Access (Update B), CVSS v3 9.8, Exploitable remotely, Vulnerabilities: Improper Restriction of Operations Within the Bounds of a Memory Buffer, Access of Memory Location After End of Buffer, Uncontrolled Resource Consumption, Improper Initialization, Out-of-Bound Read, Heap-based Buffer Overflow, Stack-based Buffer Overflow, Improper Null Termination, Successful exploitation allows attacker to gain full remote access to the HMI

Reporter	Title	Published	Views	Family All 101
BDU FSTEC	The vulnerability of the RRE decoder VNC client component of the remote desktop management software UltraVNC allows a hacker to execute arbitrary code.	16 Apr 202000:00	–	bdu_fstec
BDU FSTEC	The vulnerability of the CoRRE decoder’s VNC client, a software tool for managing remote desktops like UltraVNC, allows a hacker to execute arbitrary code.	16 Apr 202000:00	–	bdu_fstec
BDU FSTEC	The vulnerability of the Ultra decoder component of the VNC client software for remote desktop management tools, UltraVNC, allows a intruder to execute arbitrary code.	16 Apr 202000:00	–	bdu_fstec
BDU FSTEC	The vulnerability of the Ultra2 decoder in the VNC client software for remote desktop management tools called UltraVNC allows a hacker to execute arbitrary code.	16 Apr 202000:00	–	bdu_fstec
BDU FSTEC	The vulnerability of the VNC client of the remote desktop management software UltraVNC allows a hacker to execute arbitrary code.	16 Apr 202000:00	–	bdu_fstec
BDU FSTEC	The vulnerability of the UltraVNC software, which is part of the monitoring, control, and remote maintenance module for the commercial cold production equipment TelevisGo, allows a intruder to execute arbitrary code.	19 May 202000:00	–	bdu_fstec
BDU FSTEC	The vulnerability of the VNC client software for remote desktop management, UltraVNC, relates to writing beyond the buffer boundaries in memory. This allows a malicious actor to trigger a service failure.	30 Jul 202100:00	–	bdu_fstec
BDU FSTEC	The vulnerabilities of Siemens SIMATIC and SINAMICS software products allow a perpetrator to execute arbitrary code.	24 Dec 202200:00	–	bdu_fstec
BDU FSTEC	The vulnerability of microprogramming software in Siemens SIMATIC and SINAMICS products, related to a memory release error, allows attackers to trigger malfunctions during maintenance operations.	28 Jun 202300:00	–	bdu_fstec
Circl	CVE-2019-8262	7 May 202423:27	–	circl

Source	Link
cert-portal	www.cert-portal.siemens.com/productcert/csaf/ssa-286838.json
cert-portal	www.cert-portal.siemens.com/productcert/txt/ssa-286838.txt
cert-portal	www.cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf
raw	www.raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2021/icsa-21-131-04.json
cisa	www.cisa.gov/news-events/ics-advisories/icsa-21-131-04
cisa	www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01
cisa	www.cisa.gov/resources-tools/resources/ics-recommended-practices
cisa	www.cisa.gov/topics/industrial-control-systems
us-cert	www.us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf
cisa	www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf

11 May 2021 00:00Current

9.5High risk

Vulners AI Score9.5

CVSS 27.5

CVSS 3.19.8

CVSS 39.8

EPSS0.054

SSVC