Siemens fixes many defects in a wide range of ICS products


Siemens has released updates for a wide range of its industrial control products used in manufacturing and other settings that address numerous security vulnerabilities, some of which can be used to execute arbitrary code or gain user privileges. administrator.

The most serious problem, which allows remote code execution, concerns Siemens Parasolid and Simcenter Femap products. Both products are used for simulations and modeling in an industrial environment. Parasolid allows users to model three-dimensional objects and Simcenter Femap is a simulation application for complex systems. This issue is not just a single vulnerability, but rather comprises 20 separate bugs, all of which are file scanning bugs.

“Simcenter Femap and Parasolid are affected by multiple file scanning vulnerabilities that could be triggered when the application reads files in X_T file formats. If a user is tricked into opening a malicious file with the affected applications, an attacker could exploit the vulnerability to execute code remotely within the context of the current process,” the Siemens advisory reads.

The vulnerabilities affect versions 33.1, 34.0, 34.1 and 35.0 of Parasolid, and versions 2022.1 and 2022.2 of Simcenter Femap.

Among other vulnerabilities fixed by Siemens is an issue with file permissions in the CoreShield One Way Gateway application, which is used to send information between areas of the network with different levels of security.

“The default installation of the Windows version of CoreShield One-Way Gateway (OWG) software sets insecure file permissions that could allow a local attacker to elevate privileges to local administrator,” the advisory reads. .

Several vulnerabilities have also been patched in SINEC Infrastructure Network Services, a web application that includes a number of individual network components. Siemens has released patches for 14 vulnerabilities that affect the application, all of which are in third-party components used in SINEC INS.

Siemens has also fixed a denial of service bug in its RuggedCom ROS devices that can allow an attacker to consume all of the device’s resources by sending partial HTTP requests. This attack, first described by security researcher Robert Hansen several years ago, is known as Slowloris and can be quite effective.

“RUGGEDCOM ROS-based devices are vulnerable to a denial of service attack (Slowloris). By sending partial HTTP requests nonstop, with none completed, the affected web servers will wait for each request to complete, occupying all available HTTP connections. The web server will recover on its own after the attack is over,” the Siemens advisory reads.

RuggedCom ROS software runs on switches and other network devices that reside in harsh environments, including electrical substations.


Comments are closed.