Vulnerabilities fixed in Siemens products

Siemens has fixed vulnerabilities in several products such as Altair Grid Engine, COMOS, LOGO, SICAM, SIDOOR, SIMATIC, SIPLUS, Spectrum Power and Solid Edge. The vulnerabilities potentially enable a malicious person to carry out attacks that can lead to the following categories of damage: -...

Siemens SIMATIC Devices Channel Accessible by Non-Endpoint (CVE-2023-7008)

A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles or the upstream DNS resolver to manipulate records. This plugin only works with Tenable.ot. Please visit...

Siemens SIMATIC Devices Missing Release of Memory after Effective Lifetime (CVE-2024-39489)

In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: fix memleak in seg6hmacinitalgo seg6hmacinitalgo returns without cleaning up the previous allocations if one fails, so it's going to leak all that memory and the crypto tfms. Update seg6hmacexit to only free the memory...

Siemens SIMATIC and SCALANCE Devices Use After Free (CVE-2023-3141)

A use-after-free flaw was found in r592remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This flaw allows a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak. This plugin only works with Tenable.ot. Please visit...

Siemens SIMATIC Devices Use After Free (CVE-2023-3610)

A use-after-free vulnerability in the Linux kernel's netfilter: nftables component can be exploited to achieve local privilege escalation. Flaw in the error handling of bound chains causes a use-after-free in the abort path of NFTMSGNEWRULE. The vulnerability requires CAPNETADMIN to be triggered...

Siemens SIMATIC and SCALANCE Devices Out-of-bounds Write (CVE-2022-1015)

A flaw was found in the Linux kernel in linux/net/netfilter/nftablesapi.c of the netfilter subsystem. This flaw allows a local user to cause an out-of-bounds write issue. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...

Siemens SIMATIC, SCALANCE and RUGGEDCOM Devices Out-of-bounds Read (CVE-2023-6606)

An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information. This plugin only works with Tenable.ot. Please visit...

Siemens SIMATIC, SCALANCE and RUGGEDCOM Devices Use After Free (CVE-2024-53057)

In the Linux kernel, the following vulnerability has been resolved: net/sched: stop qdisctreereducebacklog on TCHROOT. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if...

Siemens SIMATIC, SCALANCE and RUGGEDCOM Devices NULL Pointer Dereference (CVE-2024-47737)

In the Linux kernel, the following vulnerability has been resolved: nfsd: call cacheput if xdrreservespace returns NULL. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; ...

Siemens SIMATIC and SCALANCE Devices Improper Input Validation (CVE-2023-32233)

In the Linux kernel through 6.3.1, a use-after-free in Netfilter nftables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mishandled. This plug...

Siemens SIMATIC Devices Improper Locking (CVE-2024-38780)

In the Linux kernel, the following vulnerability has been resolved: dma-buf/sw-sync: don't enable IRQ from syncprintobj. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; ...

Siemens SIMATIC Devices Improper Input Validation (CVE-2023-51767)

OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks for authentication bypass because the integer value of authenticated in mmanswerauthpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim...

Siemens SIMATIC Devices Improper Control of a Resource Through its Lifetime (CVE-2024-57901)

afpacket: vlangetprotocoldgram vs MSGPEEK Blamed allowing a crash. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503805; scriptversion"1.1";...

Siemens SIMATIC Devices Out-of-bounds Read (CVE-2024-37356)

In the Linux kernel, the following vulnerability has been resolved: tcp: Fix shift-out-of-bounds in dctcpupdatealpha. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if...

Siemens SIMATIC, SCALANCE and RUGGEDCOM Devices Buffer Underflow (CVE-2024-49948)

In the Linux kernel, the following vulnerability has been resolved: net: add more sanity checks to qdiscpktleninit. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if...

Siemens SIMATIC Devices Improper Validation of Specified Type of Input (CVE-2024-27065)

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: do not compare internal table flags on updates Restore skipping transaction if table update does not modify flags. This plugin only works with Tenable.ot. Please visit...

Siemens SIMATIC, SCALANCE and RUGGEDCOM Devices Use After Free (CVE-2023-35827)

An issue was discovered in the Linux kernel through 6.3.8. A use- after-free was found in ravbremove in drivers/net/ethernet/renesas/ravbmain.c. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, In...

Siemens SIMATIC Devices NULL Pointer Dereference (CVE-2024-26878)

In the Linux kernel, the following vulnerability has been resolved: quota: Fix potential NULL pointer dereference. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if...

Siemens SIMATIC Devices Race Condition (CVE-2024-38596)

In the Linux kernel, the following vulnerability has been resolved: afunix: Fix data races in unixreleasesock/unixstreamsendmsg. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...

Siemens SIMATIC Devices Use After Free (CVE-2024-36904)

In the Linux kernel, the following vulnerability has been resolved: tcp: Use refcountincnotzero in tcptwskunique. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if...