SSA-039007

Siemens Security Advisory by Siemens ProductCERT

SSA-039007: Heap-based Buffer Overflow Vulnerability in User Management Component (UMC)

Publication Date:	2024-09-10
Last Update:	2024-11-12
Current Version:	V1.2
CVSS v3.1 Base Score:	9.8
CVSS v4.0 Base Score:	9.3

SUMMARY

Siemens User Management Component (UMC) is affected by a heap-based buffer overflow vulnerability which could allow an unauthenticated remote attacker arbitrary code execution.

Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends countermeasures for products where fixes are not, or not yet available.

AFFECTED PRODUCTS AND SOLUTION

Un-/Collapse All

Affected Product and Versions	Remediation
Opcenter Execution Foundation All versions affected by CVE-2024-33698	Currently no fix is available See recommendations from section Workarounds and Mitigations
Opcenter Quality All versions affected by CVE-2024-33698	Currently no fix is available See recommendations from section Workarounds and Mitigations
Opcenter RDL All versions affected by CVE-2024-33698	Currently no fix is available See recommendations from section Workarounds and Mitigations
SIMATIC Information Server	Currently no fix is available See recommendations from section Workarounds and Mitigations
SIMATIC Information Server 2022 All versions affected by CVE-2024-33698	Currently no fix is available See recommendations from section Workarounds and Mitigations
SIMATIC Information Server 2024 All versions affected by CVE-2024-33698	Currently no fix is available See recommendations from section Workarounds and Mitigations
SIMATIC PCS neo	Open for details See recommendations from section Workarounds and Mitigations
SIMATIC PCS neo V4.0 All versions affected by CVE-2024-33698	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIMATIC PCS neo V4.1 All versions < V4.1 Update 2 affected by CVE-2024-33698	Update to V4.1 Update 2 or later version https://support.industry.siemens.com/cs/ww/en/view/109825230/ See further recommendations from section Workarounds and Mitigations
SIMATIC PCS neo V5.0 All versions affected by CVE-2024-33698	Currently no fix is available See recommendations from section Workarounds and Mitigations
SINEC NMS All versions affected by CVE-2024-33698	Update UMC to V2.11.6. Contact customer support to receive patch and update information. See further recommendations from section Workarounds and Mitigations
Totally Integrated Automation Portal (TIA Portal)	Open for details See recommendations from section Workarounds and Mitigations
Totally Integrated Automation Portal (TIA Portal) V16 All versions affected by CVE-2024-33698	Currently no fix is planned See recommendations from section Workarounds and Mitigations
Totally Integrated Automation Portal (TIA Portal) V17 All versions < V17 Update 8 affected by CVE-2024-33698	Update to V17 Update 8 or later version https://support.industry.siemens.com/cs/ww/en/view/109784441/ See further recommendations from section Workarounds and Mitigations
Totally Integrated Automation Portal (TIA Portal) V18 All versions < V18 Update 5 affected by CVE-2024-33698	Update to V18 Update 5 or later version https://support.industry.siemens.com/cs/ww/en/view/109817218/ See further recommendations from section Workarounds and Mitigations
Totally Integrated Automation Portal (TIA Portal) V19 All versions < V19 Update 3 affected by CVE-2024-33698	Update to V19 Update 3 or later version https://support.industry.siemens.com/cs/ww/en/view/109925643/ See further recommendations from section Workarounds and Mitigations

WORKAROUNDS AND MITIGATIONS

Siemens has identified the following specific workarounds and mitigations that customers can apply to reduce the risk:

CVE-2024-33698:

Filter the ports 4002 and 4004 to only accept connections to/from the IP addresses of machines that run UMC and are part of the UMC network e.g. with an external firewall

In addition if no RT server machines are used, port 4004 can be blocked completely

Product-specific remediations or mitigations can be found in the section Affected Products and Solution.
Please follow the General Security Recommendations.

GENERAL SECURITY RECOMMENDATIONS

As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity

PRODUCT DESCRIPTION

SIMATIC IT Unified Architecture Foundation (SIT UAF) is a framework to build and run state-of-the-art manufacturing operations management (MOM) applications.

Opcenter Quality is a quality management system (QMS) that enables organizations to safeguard compliance, optimize quality, reduce defect and rework costs and achieve operational excellence by increasing process stability. The integrated process capabilities (control charts, statistics, quality gates) can detect production errors to avoid further processing and shipment of nonconforming material.

Opcenter RD&L (formerly known as "SIMATIC IT R&D Suite") offers companies in CPG and process industries a scalable and flexible platform to streamline, optimize, and align all formulated product data management.

SIMATIC PCS neo is a distributed control system (DCS).

SINEC NMS is a new generation of the Network Management System (NMS) for the Digital Enterprise. This system can be used to centrally monitor, manage, and configure networks.

Totally Integrated Automation Portal (TIA Portal) is a PC software that provides access to the complete range of Siemens digitalized automation services, from digital planning and integrated engineering to transparent operation.

User Management Component (UMC) is an integrating component that enables system-wide, central maintenance of users.

VULNERABILITY DESCRIPTION

Un-/Collapse All

This chapter describes all vulnerabilities (CVE-IDs) addressed in this security advisory. Wherever applicable, it also documents the product-specific impact of the individual vulnerabilities.

Vulnerability CVE-2024-33698

Affected products contain a heap-based buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to execute arbitrary code.

CVSS v3.1 Base Score	9.8
CVSS v3.1 Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CVSS v4.0 Base Score	9.3
CVSS v4.0 Vector	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CWE	CWE-122: Heap-based Buffer Overflow

ACKNOWLEDGMENTS

Siemens thanks the following party for its efforts:

Tenable for coordinated disclosure

ADDITIONAL INFORMATION

For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories

HISTORY DATA

V1.0 (2024-09-10):	Publication Date
V1.1 (2024-10-08):	Added fix for Totally Integrated Automation Portal (TIA Portal) V19 and clarified formulation for mitigation
V1.2 (2024-11-12):	Added affected products Opcenter Execution Foundation, Opcenter Quality and Opcenter RDL. Added fix for Totally Integrated Automation Portal (TIA Portal) V18. Clarified no fix planned for product Totally Integrated Automation Portal (TIA Portal) V16

The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.