Latest Siemens vulnerabilities: SCALANCE and RUGGEDCOM products
Siemens has disclosed multiple vulnerabilities for a variety of products and devices, including the SCALANCE and RUGGEDCOM product lines.
- CVE-2024-41976 is rated high, with a CVSS score of 7.2, and allows an attacker to issue invalid VPN configuration data causing an authenticated attacker to execute arbitrary code.
- CVE-2024-41977 is rated high, with a CVSS score of 7.1, and allows an attacker to escalate their privileges due to devices not properly enforcing user session isolation.
- CVE-2024-41978 is rated high, with a CVSS score of 6.5, and allows an authenticated attacker to forge 2FA tokens of other users due to devices storing sensitive 2FA information in log files on disk.
- CVE-2024-44321 is rated medium, with a CVSS score of 2.7, and allows an attacker to issue large input data causing an unauthenticated denial-of-service.
What is the impact?
Successful exploitation of this vulnerability would allow an authenticated attacker to remotely execute code, escalate their privileges, or forge other users credentials. The first three do require attacks be authenticated initially to exploit these vulnerabilities.The last vulnerability is on the lower score, but would still require the device be restarted if the denial-of-service condition was triggered.
Are updates or workarounds available?
Siemens recommends upgrading all affected devices to firmware V8.1 or later. Additionally, users should ensure these devices are isolated in their own networks to prevent unwanted network traffic to the device.How to find potentially vulnerable systems with runZero
From the Asset Inventory, use the following query to locate systems running potentially vulnerable software:
hw:"RUGGEDCOM" OR hw:"SCALANCE" OR hw:"LOGO"CVE-2024-35292 – SIMATIC S7-200 SMART Devices (July 2024)
In July 2024, Siemens disclosed a vulnerability in their SIMATIC S7-200 SMART Devices.
CVE-2024-35292 is rated high, with a CVSS score of 8.2, and allowed attackers to predict IP ID sequence numbers as their base method of attack and eventually could allow an attacker to create a denial-of-service condition.What was the impact?
Successful exploitation of this vulnerability would allow an attacker to issue a denial-of-service condition.Are updates or workarounds available?
The only workaround was to restrict access to the network where the affected products were located by introducing strict access control mechanisms.How runZero users found potentially vulnerable systems
From the Asset Inventory, runZero users applied the following query to locate systems running potentially vulnerable software:
hw:SIMATICSENTRON, SCALANCE, and RUGGEDCOM vulnerabilities (March 2024)
In March, 2024, Siemens released security advisories for a variety of products and devices, including the SENTRON, SCALANCE, and RUGGEDCOM product lines.Several of the vulnerabilities had CVSS scores in the 7.0 to 8.9 range (high) and several more in the 9.0 to 10.0 range (critical).
For the full list of vulnerabilities, you can consult Siemens ProductCERT.
What was the impact?
Several of these vulnerabilities allowed for unauthenticated remote code execution, allowing for compromise of the vulnerable systems. Other vulnerabilities could lead to privilege escalation, information disclosure, or denial of service. Users were urged to upgrade as quickly as possible. Siemens released updates via a variety of channels. See Siemens ProductCERT for details.How runZero users found potentially vulnerable systems
From the Asset Inventory, runZero users applied the following query to locate Siemens assets that were potentially vulnerable:
hardware:Siemens OR hardware:RuggedComAbout Version 2 Digital
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.
Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About runZero
runZero, a network discovery and asset inventory solution, was founded in 2018 by HD Moore, the creator of Metasploit. HD envisioned a modern active discovery solution that could find and identify everything on a network–without credentials. As a security researcher and penetration tester, he often employed benign ways to get information leaks and piece them together to build device profiles. Eventually, this work led him to leverage applied research and the discovery techniques developed for security and penetration testing to create runZero.
