Multiple Siemens Product Vulnerability Alert

Recently, Siemens officially issued a notice to fix various levels of security vulnerabilities in its various products. The affected products include SIMATIC WinCC OA, Spectrum Power, RUGGEDCOM RXO II and so on. It contains 2 vulnerabilities with a CVSS 3.0 score of 10 points.

Siemens Vulnerabilities

SIMATIC WinCC OA Remote Code Execution Vulnerability – CVE-2018-3991

A vulnerability affecting SIMATIC WinCC OA CVE-2018-3991 was caused by improper access control of the 22347/TCP port. Successful exploitation of this vulnerability could lead to a heap overflow, which could lead to potential remote code execution.

CVSS v3.0 Base Score 10.0

  • Affected version:
    • SIMATIC WinCC OA Version 3.14 < P025
    • SIMATIC WinCC OA Version 3.15 < P018
    • SIMATIC WinCC OA Version 3.16 < P007
  • Unaffected version:
    • SIMATIC WinCC OA Version 3.14 PO25
    • SIMATIC WinCC OA Version 3.15 PO18
    • SIMATIC WinCC OA Version 3.16 P007

Solution

The official patch has been released by Siemens to fix the above vulnerability.

CVE-2019-6579: Spectrum Power 4.7 Command Injection Vulnerability

An attacker with network access on port 80/TCP or 443/TCP can execute system commands with administrative privileges.

CVSS v3.0 Base Score 10.0

  • Affected version:
    • Spectrum Power 4 with Web Office Portal is affected

Solution

Siemens provides repair updates for affected products.

CVE-2018-5379: RUGGEDCOM ROX II

The release version of the Quagga BGP daemon (bgpd) doubles the memory when processing some form of an UPDATE message (including cluster lists and/or unknown attributes). A successful attack can result in a denial of service or may allow an attacker to execute arbitrary code.

CVSS v3.0 Base Score 9.8

  • Affected version:
    • RUGGEDCOM ROX II version < V2.13.0
  • Unaffected version:
    • RUGGEDCOM ROX II version V2.13.0

Solution

Siemens provides repair updates for affected products.