Siemens has released updates for a wide range of its industrial control products used in manufacturing and other settings that fix numerous security vulnerabilities, some of which can be used to run arbitrary code or gain administrator privileges.
The most serious issue, which allows remote code execution, affects the Siemens Parasolid and Simcenter Femap products. Both products are used for simulations and modeling in industrial settings. Parasolid allows users to model three-dimensional objects, and Simcenter Femap is a simulation app for complex systems. This issue is not just one single vulnerability, but rather includes 20 separate bugs, which are all file parsing bugs.
“Simcenter Femap and Parasolid are affected by multiple file parsing vulnerabilities that could be triggered when the application reads files in X_T file formats. If a user is tricked to open a malicious file with the affected applications, an attacker could leverage the vulnerability to perform remote code execution in the context of the current process,” the Siemens advisory says.
The vulnerabilities affect versions 33.1, 34.0, 34.1, and 35.0 of Parasolid, and versions 2022.1 and 2022.2 of Simcenter Femap.
Among the other vulnerabilities fixed by Siemens is an issue with the file permissions in the CoreShield One Way Gateway application, which is used to send information between network zones with different security levels.
“The default installation of the Windows version of the CoreShield One-Way Gateway (OWG) software sets insecure file permissions that could allow a local attacker to escalate privileges to local administrator,” the advisory says.
There are also several vulnerabilities fixed in SINEC Infrastructure Network Services, a web app that comprises a number of individual network components. Siemens released fixes for 14 vulnerabilities that affect the app, all of which are in third-party components used in SINEC INS.
Siemens also patched a denial-of-service bug in its RuggedCom ROS devices that can allow an attacker to consume all of the device’s resources by sending partial HTTP requests. This attack, first described by security researcher Robert Hansen several years ago, is known as Slowloris and can be quite effective.
“RUGGEDCOM ROS-based devices are vulnerable to a denial of service attack (Slowloris). By sending partial HTTP requests nonstop, with none completed, the affected web servers will be waiting for the completion of each request, occupying all available HTTP connections. The web server recovers by itself once the attack ends,” the Siemens advisory says.
The RuggedCom ROS software runs on switches and other network devices that are in difficult environments, including power substations.