Cybersecurity researchers have disclosed particulars about 15 safety flaws in Siemens SINEC community administration system (NMS), a few of which might be chained by an attacker to realize distant code execution on affected programs.
“The vulnerabilities, if exploited, pose various dangers to Siemens units on the community together with denial-of-service assaults, credential leaks, and distant code execution in sure circumstances,” industrial safety firm Claroty stated in a brand new report.
The shortcomings in query — tracked from CVE-2021-33722 by CVE-2021-33736 — have been addressed by Siemens in model V1.0 SP2 Replace 1 as a part of updates shipped on October 12, 2021.
“Essentially the most extreme might permit an authenticated distant attacker to execute arbitrary code on the system, with system privileges, beneath sure circumstances,” Siemens famous in an advisory on the time.
Chief among the many weaknesses is CVE-2021-33723 (CVSS rating: 8.8), which permits for privilege escalation to an administrator account and might be mixed with CVE-2021-33722 (CVSS rating: 7.2), a path traversal flaw, to execute arbitrary code remotely.
One other notable flaw pertains to a case of SQL injection (CVE-2021-33729, CVSS rating: 8.8) that might be exploited by an authenticated attacker to execute arbitrary instructions within the native database.
“SINEC is in a strong central place inside the community topology as a result of it requires entry to the credentials, cryptographic keys, and different secrets and techniques granting it administrator entry in an effort to handle units within the community,” Claroty’s Noam Moshe stated.
“From an attacker’s perspective finishing up a living-off-the-land sort of assault the place legit credentials and community instruments are abused to hold out malicious exercise, entry to, and management of, SINEC places an attacker in prime place for: reconnaissance, lateral motion, and privilege escalation.”
