Industrial manufacturing company Siemens has disclosed several critical and high-severity vulnerabilities in its products, including a heap-based buffer overflow flaw (CVE-2022-34819) in the SINEMA Remote Connect Server (SRCS) VPN feature used by SIMATIC devices.
SINEMA Remote Connect allows end users to remotely access plants and machines and leverages VPN connections between the control center, service engineers and installed plants, according to Siemens. The impacted SIMATIC devices, meanwhile, are communication processors that connect controllers to various types of networks. The vulnerability stems from a lack of proper validation of user-supplied data when specific messages are parsed, which could result in a buffer overflow. Attackers could exploit the flaw to execute code in the context of the device.
The flaw has a CVSS score of 10, making it critical; however, it's important to note that the SRCS VPN feature is not activated by default. Siemens also noted that the CVSS score and impact is specific to customer environments. Fixes are available for certain versions of SIMATIC devices, however, many versions still do not yet have a fix (see a full list of affected versions and available fixes here).
“Siemens has released an update for SIMATIC CP 1543-1 (incl. SIPLUS variants) and recommends to update to the latest version,” according to Siemens in a security advisory on Tuesday. “Siemens is preparing further updates and recommends countermeasures for products where updates are not, or not yet available.”
As a workaround for this flaw, Siemens said impacted companies can configure the communication processor to only connect to trusted SINEMA SRCS instances, block access to port 5243/udp or disable the SINEMA SRCS VPN feature completely.
“As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms,” according to the advisory. “In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security, and to follow the recommendations in the product manuals.”
Siemens also issued a security advisory for a high-severity vulnerability impacting its SCALANCE X switches, which are used to connect various industrial control system products like programmable logic controllers (PLCs) and human machine interfaces (HMIs). The buffer overflow flaw (CVE-2022-26649) stems from impacted devices not properly validating the URI of incoming HTTP GET requests, and could enable unauthenticated, remote attackers to crash impacted devices. Various SCALANCE device versions are impacted, and Siemens has released fixes for some versions, while others are still awaiting a fix.
Finally, Siemens patched an authentication bypass vulnerability existing in Opcenter Quality, which is a operational quality management system. The flaw has a CVSS base score of 9.6 out of 10, making it high-severity, and if exploited can enable unauthenticated access to applications or cause denial-of-service attacks for existing users. Impacted versions include Opcenter Quality V13.1 (all versions below V13.1.20220624) and Opcenter Quality V13.2 (all versions below V13.2.20220624). The flaw has been fixed in versions V13.1.20220624 and V13.2.20220624 or later. Siemens recommended that impacted users update to the latest versions of affected products.
“The issue is based on rich client modules using IbsGailWrapper-interface,” according to Siemens. “After issuing the record the authentication bypass vulnerability could take place on all modules.”