Cybersecurity specialists report the detection of multiple vulnerabilities in various Siemens products. According to the report, the successful exploitation of reported vulnerabilities allows the deployment of multiple attacks, including conditions of escalation of privileges.
Below are brief descriptions of some of the detected vulnerabilities, in addition to their respective tracking keys and scores assigned by the Common Vulnerability Scoring System (CVSS).
CVE-2020-8670: A race condition in the firmware would allow local administrators to exploit the race and gain unauthorized access to sensitive information and increase privileges on the system.
This flaw received a CVSS score of 6.1/10.
CVE-2020-8703: A boundary error in a subsystem would allow local administrators to cause memory corruption and gain elevated privileges.
The vulnerability received a CVSS score of 4.5/10.
CVE-2020-8704: A race condition in the subsystem would allow local administrators to exploit the error and gain unauthorized access to sensitive information on the affected system.
This vulnerability received a CVSS score of 5.8/10.
CVE-2020-12357: Incorrect initialization in the firmware would allow local administrators to run an application specially designed to execute arbitrary code on the vulnerable system.
The security flaw received a CVSS score of 6.5/10.
CVE-2020-12357: Incorrect initialization in the firmware would allow local administrators to run an application specially designed to execute arbitrary code on the vulnerable system.
The vulnerability received a CVSS score of 5.8/10.
CVE-2020-12360: A boundary condition in the firmware of affected devices would allow local users to trigger an out-of-bounds read error and read the contents of memory on the system.
The flaw received a CVSS score of 4.6/10.
CVE-2020-24486: Insufficient validation of user input in firmware would allow local users to pass a specially crafted input to the application and perform a DoS attack.
This vulnerability received a score of 4.6/
CVE-2020-24506: A boundary condition on a subsystem would allow local administrators to trigger an out-of-bounds read error and read the contents of memory on the system.
The flaw got a CVSS score of 3.9/10.
All reported flaws reside in the following products:
- SINUMERIK ONE PPU 1740: All versions
- SINUMERIK ONE / SINUMERIK 840D sl Handheld Terminal HT 10: All versions
- SINUMERIK MC MCU 1720: All versions
- SINUMERIK 828D HW PPU.4: All versions
- SIMATIC S7-1500 CPU 1518F-4 PN-DP MFP: All versions
- SIMATIC IPC527GE: All versions
- SIMATIC IPC477E Pro: All versions
- SIMATIC IPC127E: All versions
- SIMATIC Field PG M6: All versions
- SIMATIC Field PG M5: All versions
- SIMATIC Drive Controller: All versions
- SIMATIC S7-1500 CPU 1518-4 PN/DP MFP: All versions
- SIMATIC ET 200SP Open Controller CPU 1515SP PC2: All versions
- SIMATIC ITP1000: All versions
- SIMATIC IPC547G: All versions
- SIMATIC IPC477E: All versions
- SIMATIC IPC427E: All versions
- SIMATIC IPC847E: before 25.02.10
- SIMATIC IPC677E: before 25.02.10
- SIMATIC IPC647E: before 25.02.10
- SIMATIC IPC627E: before 25.02.10
While the risk of exploiting these flaws is reduced by the need to deploy a local attack and no active exploitation attempts have been detected, Siemens strongly recommends that its customers upgrade their products to a secure version as soon as possible.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.
He is a cyber security and malware researcher. He studied Computer Science and started working as a cyber security analyst in 2006. He is actively working as an cyber security investigator. He also worked for different security companies. His everyday job includes researching about new cyber security incidents. Also he has deep level of knowledge in enterprise security implementation.