-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 # SSA-953464: Multiple Vulnerabilites in Siemens Brownfield Connectivity - Client before V2.15 Publication Date: 2023-02-14 Last Update: 2023-02-14 Current Version: 1.0 CVSS v3.1 Base Score: 9.8 SUMMARY ======= Siemens has released a new version for Brownfield Connectivity - Client that contains fixes for multiple vulnerabilities in the underlying OpenSSL library. Successful exploitation of these vulnerabilities could lead to Denial of Service (DoS). Siemens has released an update for Brownfield Connectivity - Client and recommends to update to the latest version. AFFECTED PRODUCTS AND SOLUTION ============================== * Brownfield Connectivity - Client - Affected versions: All versions < V2.15 - Remediation: Update to V2.15 or later version - Download: Contact customer support to obtain the update WORKAROUNDS AND MITIGATIONS =========================== Product-specific remediations or mitigations can be found in the section "Affected Products and Solution". Please follow the "General Security Recommendations". GENERAL SECURITY RECOMMENDATIONS ================================ As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial- security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity PRODUCT DESCRIPTION =================== Brownfield Connectivity – Client is a Software, which is installed on SINUMERIK and collects PLC & NC data and send them to the Brownfield Connectivity – Gateway. VULNERABILITY CLASSIFICATION ============================ The vulnerability classification has been performed by using the CVSS scoring system in version 3.1 (CVSS v3.1) (https://www.first.org/cvss/). The CVSS environmental score is specific to the customer's environment and will impact the overall CVSS score. The environmental score should therefore be individually defined by the customer to accomplish final scoring. An additional classification has been performed using the CWE classification, a community-developed list of common software security weaknesses. This serves as a common language and as a baseline for weakness identification, mitigation, and prevention efforts. A detailed list of CWE classes can be found at: https://cwe.mitre.org/. * Vulnerability CVE-2022-1292 The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. CVSS v3.1 Base Score: 9.8 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C CWE: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') * Vulnerability CVE-2022-1343 Under certain circumstances, the command line OCSP verify function reports successful verification when the varification in fact failed. In this case the incorrect successful response will also be accompanied by error messages showing the failure and contradicting the apparently successful result. CVSS v3.1 Base Score: 5.3 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C CWE: CWE-295: Improper Certificate Validation * Vulnerability CVE-2022-1434 When using the RC4-MD5 ciphersuite, which is disabled by default, an attacker is able to modify data in transit due to an incorrect use of the AAD data as the MAC key in OpenSSL 3.0. An attacker is not able to decrypt any communication. CVSS v3.1 Base Score: 5.9 CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C CWE: CWE-327: Use of a Broken or Risky Cryptographic Algorithm * Vulnerability CVE-2022-1473 The used OpenSSL version improperly reuses memory when decoding certificates or keys. This can lead to a process termination and Denial of Service for long lived processes. CVSS v3.1 Base Score: 7.5 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C CWE: CWE-404: Improper Resource Shutdown or Release ADDITIONAL INFORMATION ====================== For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories HISTORY DATA ============ V1.0 (2023-02-14): Publication Date TERMS OF USE ============ Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use. Copyright: Siemens 2023 -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEHyx/myPwjH9jB9tDlm7gTEmyujQFAmPqzwAACgkQlm7gTEmy ujQ3ZQ//TvTc0rjbFd4l6bkUjEHVgz8V9T4MxI/mtY/FRHC2fLrd6kQnHZV1VEW2 A1Kf69Nt/+Verkry4fi39hWJbGZRczc+qGRYX65P7oZuowrzHAuNi8+IlY6bTBGS t3zgN0Sc8FeeOcPpCfxeoim90ZR2j0Gt0xifGZFK3xxyLEKTKARYJ9Zk22Dd9e04 vHKjYZKKH5X44ZSovRKnHzmSOZiszQRsGoLUNWOXNn9kI0GWGdm8q7MA3xz/oDTz 0j9a4HviStZfGyllxr5IHyZrldrOyLHZMwmX87A/GlHOJDeNqpzn1GCUs/4yoBzE GeEQdDPAOJPwef04x2wROJHjnNfh75R1CReBYt+VU1n1AF9j8V/vzKYB6HYrNzvK JXC1OZ++WVPF+m3evvPsmHzyNnioU6enadoHH3x/Xk4vJFMwRnivOZObO8hRaXGC E1eRzhtqly9//pvh4CTQH7xaKZNlejaww7OyCYrr5iN4v2iKfC/l0ayHfALbIlEn dj56OXgkphsLFGpoK6Cbdu3uxdS895R8p8qgva6Ta3qoVdxemDmtpyxIXu7CccnG NTdxgR59i5Pg38ASLspTQ3t3phkJ+BUaleoW7EX1rhX3rEhnPcgCiY7g/AoAuQWz 2m0tc0PSOLbFtyUlql6Be6WNdCixRN2/+XAQUo5O7chKChoA+YY= =4R6f -----END PGP SIGNATURE-----