RCE vulnerabilities discovered in the Siemens system

image

15 vulnerabilities have been discovered in the Siemens SINEC Network Management System (NMS), some of which can be used for remote code execution.

“Vulnerabilities pose risks for Siemens devices in the network DoS attacks, credential leaks and remote code execution”, — says the new report of the industrial safety company Claroty.

Disadvantages of CVE-2021-33722 – CVE-2021-33736 were eliminated by Siemens on October 12, 2021 in V1.0 SP2 Update 1. “The most serious of them may allow a remote authorized attacker to execute arbitrary code on a system with system privileges”, — Siemens noted then in the bulletin.

Vulnerability CVE-2021-33723 (CVSS score: 8.8) allows you to upgrade privileges to an administrator account and can be combined with the vulnerability of bypassing the path CVE-2021-33722 (CVSS score: 7.2) for remote execution of arbitrary code.

Another drawback of CVE-2021-33729 (CVSS score: 8.8) is related to SQL injection, which can be used by an authorized attacker to execute arbitrary commands in a local database.

“SINEC occupies a central position in the network because it requires access to credentials, cryptographic keys and other data that gives SINEC administrator access to manage devices on the network”,— said Noam Moshe of Claroty.

“To an attacker performing a LotL attack (Living off the Land), (when legitimate credentials and network tools are used), SINEC helps to perform reconnaissance, lateral movement and privilege escalation”, — the expert added.

Start a discussion …