Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
thnThe Hacker NewsTHN:06A6183B71F9ED0897A8E041513FCA91
HistoryJun 18, 2022 - 6:29 a.m.

Over a Dozen Flaws Found in Siemens' Industrial Network Management System

2022-06-1806:29:00
The Hacker News
thehackernews.com
30

0.002 Low

EPSS

Percentile

52.5%

JSON

Siemens vulnerabilities

Cybersecurity researchers have disclosed details about 15 security flaws in Siemens SINEC network management system (NMS), some of which could be chained by an attacker to achieve remote code execution on affected systems.

“The vulnerabilities, if exploited, pose a number of risks to Siemens devices on the network including denial-of-service attacks, credential leaks, and remote code execution in certain circumstances,” industrial security company Claroty said in a new report.

The shortcomings in question — tracked from CVE-2021-33722 through CVE-2021-33736 — were addressed by Siemens in version V1.0 SP2 Update 1 as part of patches shipped on October 12, 2021.

“The most severe could allow an authenticated remote attacker to execute arbitrary code on the system, with system privileges, under certain conditions,” Siemens noted in an advisory at the time.

Siemens vulnerabilities

Chief among the weaknesses is CVE-2021-33723 (CVSS score: 8.8), which allows for privilege escalation to an administrator account and could be combined with CVE-2021-33722 (CVSS score: 7.2), a path traversal flaw, to execute arbitrary code remotely.

Another notable flaw relates to a case of SQL injection (CVE-2021-33729, CVSS score: 8.8) that could be exploited by an authenticated attacker to execute arbitrary commands in the local database.

“SINEC is in a powerful central position within the network topology because it requires access to the credentials, cryptographic keys, and other secrets granting it administrator access in order to manage devices in the network,” Claroty’s Noam Moshe said.

“From an attacker’s perspective carrying out a living-off-the-land type of attack where legitimate credentials and network tools are abused to carry out malicious activity, access to, and control of, SINEC puts an attacker in prime position for: reconnaissance, lateral movement, and privilege escalation.”

Found this article interesting? Follow THN on Facebook, Twitter and LinkedIn to read more exclusive content we post.

Related

cve 4
prion 4
nvd 4
cnvd 4
cvelist 4
checkpoint_advisories 1
nessus 1
ics 1
cve
cve
CVE-2021-33723
2021-10-12 10:15:11
CVE-2021-33736
2021-10-12 10:15:12
CVE-2021-33722
2021-10-12 10:15:11
prion
prion
Command injection
2021-10-12 10:15:00
Path traversal
2021-10-12 10:15:00
Design/Logic Flaw
2021-10-12 10:15:00
nvd
nvd
CVE-2021-33723
2021-10-12 10:15:11
CVE-2021-33736
2021-10-12 10:15:12
CVE-2021-33729
2021-10-12 10:15:12
cnvd
cnvd
Siemens SINEC NMS SQL Injection Vulnerability (CNVD-2021-77592)
2021-10-13 00:00:00
Siemens SINEC NMS User Profile Change Vulnerability
2021-10-13 00:00:00
Siemens SINEC NMS SQL Injection Vulnerability (CNVD-2021-77587)
2021-10-13 00:00:00
cvelist
cvelist
CVE-2021-33729
2021-10-12 09:49:29
CVE-2021-33723
2021-10-12 09:49:24
CVE-2021-33736
2021-10-12 09:49:35
checkpoint_advisories
checkpoint_advisories
Siemens SINEC NMS Directory Traversal (CVE-2021-33722)
2021-12-29 00:00:00
nessus
nessus
Siemens SINEC NMS < V1.0 SP2 Update 1 Multiple Vulnerabilities
2022-07-05 00:00:00
ics
ics
Siemens SINEC NMS
2021-10-14 12:00:00

0.002 Low

EPSS

Percentile

52.5%

JSON
Related for THN:06A6183B71F9ED0897A8E041513FCA91
cve4prion4nvd4cnvd4cvelist4checkpoint_advisories1nessus1ics1