-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

# SSA-685781: Multiple Vulnerabilities in Apache HTTP Server Affecting Siemens
Products

Publication Date:        2022-06-14
Last Update:             2022-10-11
Current Version:         1.1
CVSS v3.1 Base Score:    9.8


SUMMARY
=======

Multiple vulnerabilities were identified in the Apache HTTP Server
software. These include NULL Pointer Dereferencing, Out-of-bounds
Write and Server-Side Request Forgery related vulnerabilities.

Siemens has released updates for several affected products and
recommends to update to the latest versions. Siemens recommends
specific countermeasures for products where updates are not, or not
yet available.


AFFECTED PRODUCTS AND SOLUTION
==============================


* RUGGEDCOM NMS 
  - Affected versions:
       All versions when using the device firmware upgrade mechanism
    - Affected by vulnerabilities:
    - CVE-2021-34798
  - Remediation:
       Currently no fix is planned

       See recommendations from section "Workarounds and Mitigations"

* SINEC NMS 
  - Affected versions:
       All versions < V1.0.3
  - Remediation:
       Update to V1.0.3 or later version

       See further recommendations from section "Workarounds and Mitigations"
  - Download:
       https://support.industry.siemens.com/cs/ww/en/view/109813788/

* SINEMA Remote Connect Server 
  - Affected versions:
       All versions < V3.1
    - Affected by vulnerabilities:
    - CVE-2021-34798
  - Remediation:
       Update to V3.1 or later version

       See further recommendations from section "Workarounds and Mitigations"
  - Download:
       https://support.industry.siemens.com/cs/ww/en/view/109811169/

* SINEMA Server V14 
  - Affected versions:
       All versions
  - Remediation:
       Currently no fix is planned

       See recommendations from section "Workarounds and Mitigations"


WORKAROUNDS AND MITIGATIONS
===========================

Siemens has identified the following specific workarounds and mitigations that
customers can apply to reduce the risk:

  * Restrict access to the affected systems, especially to port 443/tcp, to trusted
    IP addresses only

Product-specific remediations or mitigations can be found in the section
"Affected Products and Solution".


Please follow the "General Security Recommendations".


GENERAL SECURITY RECOMMENDATIONS
================================

As a general security measure, Siemens strongly recommends to protect
network access to devices with appropriate mechanisms. In order to
operate the devices in a protected IT environment, Siemens recommends
to configure the environment according to Siemens' operational
guidelines for Industrial Security (Download:

https://www.siemens.com/cert/operational-guidelines-industrial-
security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found
at:  https://www.siemens.com/industrialsecurity


PRODUCT DESCRIPTION
===================

RUGGEDCOM NMS is a fully-featured enterprise grade network management
software that provides a comprehensive solution for monitoring,
configuring, and maintaining RUGGEDCOM products, connected end-points
and other internetworking components.
SINEC NMS is a new generation of the Network Management System (NMS)
for the Digital Enterprise. This system can be used to centrally
monitor, manage, and configure networks.

SINEMA Remote Connect is a management platform for remote networks
that enables the simple management of tunnel connections (VPN) between
headquarters, service technicians, and installed machines or plants.
It provides both the Remote Connect Server, which is the server
application, and the Remote Connect Client, which is an OpenVPN client
for optimal connection to SINEMA Remote Connect Server.
SINEMA Server is a network monitoring and management software designed
by Siemens for use in Industrial Ethernet networks.


VULNERABILITY CLASSIFICATION
============================

The vulnerability classification has been performed by using the CVSS scoring
system in version 3.1 (CVSS v3.1) (https://www.first.org/cvss/). The CVSS
environmental score is specific to the customer's environment and will impact
the overall CVSS score. The environmental score should therefore be
individually defined by the customer to accomplish final scoring.

An additional classification has been performed using the CWE classification, a
community-developed list of common software security weaknesses. This serves as
a common language and as a baseline for weakness identification, mitigation,
and prevention efforts. A detailed list of CWE classes can be found at:
https://cwe.mitre.org/.



* Vulnerability CVE-2021-34798

  Malformed requests may cause the server to dereference a NULL
  pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.

    CVSS v3.1 Base Score: 7.5
    CVSS Vector:          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
    CWE:                  CWE-476: NULL Pointer Dereference

* Vulnerability CVE-2021-39275

  ap_escape_quotes() may write beyond the end of a buffer when given
  malicious input. No included modules pass untrusted data to these
  functions, but third-party / external modules may. This issue
  affects Apache HTTP Server 2.4.48 and earlier.

    CVSS v3.1 Base Score: 9.8
    CVSS Vector:          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
    CWE:                  CWE-787: Out-of-bounds Write

* Vulnerability CVE-2021-40438

  A crafted request uri-path can cause mod_proxy to forward the
  request to an origin server choosen by the remote user. This issue
  affects Apache HTTP Server 2.4.48 and earlier.

    CVSS v3.1 Base Score: 9.0
    CVSS Vector:          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
    CWE:                  CWE-918: Server-Side Request Forgery (SSRF)




ADDITIONAL INFORMATION
======================

For further inquiries on security vulnerabilities in Siemens products and
solutions, please contact the Siemens ProductCERT:

https://www.siemens.com/cert/advisories


HISTORY DATA
============

V1.0 (2022-06-14): Publication Date
V1.1 (2022-10-11): Added fix for SINEC NMS

TERMS OF USE
============

Siemens Security Advisories are subject to the terms and conditions contained
in Siemens' underlying license terms or other applicable agreements previously
agreed to with Siemens (hereinafter "License Terms"). To the extent applicable
to information, software or documentation made available in or through a
Siemens Security Advisory, the Terms of Use of Siemens' Global Website
(https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in
particular Sections 8-10 of the Terms of Use, shall apply additionally. In case
of conflicts, the License Terms shall prevail over the Terms of Use.

Copyright: Siemens 2022
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEHyx/myPwjH9jB9tDlm7gTEmyujQFAmNEsgAACgkQlm7gTEmy
ujS4bA//W/3UVNzmYHyYsT7pKEgnXm52h3FgTVrP9W91tqlA0U7HHayLgMMujuov
U8E/wgm8n7vE2xxRyjT9d9CUnSgcZuHSvI21F1DA7l6whlaSB91+8x7TItS3UTux
6gTFcJkEcVFF4IcjU5IUxObEwvTNgHWET1Nk3K5vz0IsNY7dlQt0UVODyS2tmvou
y8F0v+NXOSjACU6rMeCF4WkEoPJDze84CH0tJhdLjNcvwpTCDe8X7pARdyf8tRP8
/SzZcmnC/Hf9Wtc+MIaxwTVYNVsNBPlcwD1JkAsI+EHhtPHt3/qlniqtpqSdXZDy
33W4laNkaD1RSfb1wmHcyHEmfiGQ+ay5gA/LEn3M4M0LX8+hzUdCr6bh3u9Bg34z
/XdoxFB8eQmKWViXwToq9NSDAQMi/uKQ6RMsLcIJ9MQ0082dDCSyquW/CUX+qrwv
Rj0Q0l/T+AkPEMSWRAlfZQay/R549ckkoyRkADnpE++H9ZAtumnoQFa/LvqYHcAa
MCvk/wu5StZZzqG4xlqgGpEwcEr0dxgj9RXnUv3VgQ37vLM7yzTj1WMU92yrZAvo
nDyKju+a2LFWaqTjLXSKSteddqgQCVPSGHoxUfvEN1XNC+VjycmVtmtBLOObLduH
5gbWjAo2dOe5Fzy/TCzev1XCzwLBMaRePAu9uRR7VgtrDUCXVOM=
=HGaw
-----END PGP SIGNATURE-----