Edit Content
Report Incident
English
Sinhala
Tamil

ADVISORY!

TLP : CLEAR

Date : 24/05/2024

REF NO : CERT / 2024/05/49

ChromeOS Multiple Vulnerabilities

Severity Level: High

Components Affected

  • Parasolid
  • SIMATIC RTLS
  • Simcenter Nastran
  • SIMATIC CN 4100
  • RUGGEDCOM
  • Solid Edge
  • Teamcenter Visualization
  • JT2Go
  • CPC80
  • CPCI85
  • OPUPI0 AMQP/MQTT
  • SICORE
  • Tecnomatix Plant Simulation
  • Cerberus PRO
  • Desigo Fire Safety UL
  • PS/IGES Parasolid Translator Component

Overview

Multiple vulnerabilities have been reported in Siemens Products which could allow an attacker to execute arbitrary code, escalate privileges or perform denial of service (DoS) conditions on the targeted system.

Description

Multiple vulnerabilities have been reported in Siemens products, details of which are provided below:

Impact

  • Out of bounds read and null pointer dereference vulnerability
  • Improper input validation
  • Improper check for unusual or exceptional conditions
  • uncontrolled resource consumption
  • Heap based buffer overflow
  • Missing encryption of sensitive data
  • Use of hardcoded cryptographic key
  • Insufficiently protected credentials
  • Stack based buffer overflow
  • Use of hardcoded credentials
  • Out of bounds write 
  • Out of bounds read
  • Cleartext storage of sensitive information
  • Exposure of sensitive information
  • SQL injection
  • Path traversal
  • Classic buffer overflow
  • Type confusion

Solution/ Workarounds

Apply appropriate fixes/workarounds as mentioned in Siemens Security Advisory:  

https://cert-portal.siemens.com/productcert/html/ssa-046364.html

https://cert-portal.siemens.com/productcert/html/ssa-093430.html

https://cert-portal.siemens.com/productcert/html/ssa-258494.html

https://cert-portal.siemens.com/productcert/html/ssa-273900.html

https://cert-portal.siemens.com/productcert/html/ssa-292022.html

https://cert-portal.siemens.com/productcert/html/ssa-489698.html

https://cert-portal.siemens.com/productcert/html/ssa-589937.html

https://cert-portal.siemens.com/productcert/html/ssa-661579.html

https://cert-portal.siemens.com/productcert/html/ssa-871704.html

https://cert-portal.siemens.com/productcert/html/ssa-916916.html

https://cert-portal.siemens.com/productcert/html/ssa-923361.html

https://cert-portal.siemens.com/productcert/html/ssa-953710.html

https://cert-portal.siemens.com/productcert/html/ssa-976324.html

Reference

  1. https://cert-portal.siemens.com/productcert/html/ssa-046364.html
  2. https://cert-portal.siemens.com/productcert/html/ssa-093430.html
  3. https://cert-portal.siemens.com/productcert/html/ssa-258494.html
  4. https://cert-portal.siemens.com/productcert/html/ssa-273900.html
  5. https://cert-portal.siemens.com/productcert/html/ssa-292022.html
  6. https://cert-portal.siemens.com/productcert/html/ssa-489698.html
  7. https://cert-portal.siemens.com/productcert/html/ssa-589937.html
  8. https://cert-portal.siemens.com/productcert/html/ssa-661579.html
  9. https://cert-portal.siemens.com/productcert/html/ssa-871704.html
  10. https://cert-portal.siemens.com/productcert/html/ssa-916916.html
  11. https://cert-portal.siemens.com/productcert/html/ssa-923361.html
  12. https://cert-portal.siemens.com/productcert/html/ssa-953710.html
  13. https://cert-portal.siemens.com/productcert/html/ssa-976324.html

Disclaimer : The information provided herein is on an “as is” basis, without warranty of any kind.

Sri Lanka Computer Emergency Readiness Team | Coordination Centre

Linkedin-in Facebook-f Twitter Youtube

Quick Links

Useful Links

Contact

  • Hotline : 101
  • +94 11 269 1692
  • Room 4-112, BMICH, Bauddhaloka Mawatha, Colombo 07, Sri Lanka.
  • General inquiry: cert@cert.gov.lk
  • Security incidents: incidents@cert.gov.lk
  • Social media incidents: report@cert.gov.lk

Copyright © 2023 SRI LANKA CERT | CC