SSA-097786

Siemens Security Advisory by Siemens ProductCERT

SSA-097786: Insertion of Sensitive Information into Log File Vulnerability in SINUMERIK systems

Publication Date:	2024-09-10
Last Update:	2024-09-10
Current Version:	V1.0
CVSS v3.1 Base Score:	5.5
CVSS v4.0 Base Score:	6.8

SUMMARY

SINUMERIK systems, that have been provisioned with Create MyConfig (CMC), are affected by a Insertion of Sensitive Information into Log File vulnerability. When using a CMC package on a NCU or on an IPC the password used in the CMC package or typed in manually during package execution is traced on the machine to the file uptrace.out. This could allow a local authenticated user with low privileges to read that password and use it to impersonate a user with higher privileges.

Siemens has released new versions for the affected products and recommends to update to the latest versions.

AFFECTED PRODUCTS AND SOLUTION

Un-/Collapse All

Affected Product and Versions	Remediation
SINUMERIK 828D V4 All versions < V4.95 SP3 affected by CVE-2024-43781	Update to V4.95 SP3 or later version Updated software version can be obtained from Siemens customer support or a local partner. See further recommendations from section Workarounds and Mitigations
SINUMERIK 840D sl V4 All versions < V4.95 SP3 in connection with using Create MyConfig (CMC) <= V4.8 SP1 HF6 affected by CVE-2024-43781	Update to V4.95 SP3 or later version Updated software version can be obtained from Siemens customer support or a local partner. See further recommendations from section Workarounds and Mitigations
SINUMERIK ONE	Open for details Updated software version can be obtained from Siemens customer support or a local partner. See further recommendations from section Workarounds and Mitigations
SINUMERIK ONE All versions < V6.23 in connection with using Create MyConfig (CMC) <= V6.6 affected by CVE-2024-43781	Update to V6.23 or later version Updated software version can be obtained from Siemens customer support or a local partner. See further recommendations from section Workarounds and Mitigations
SINUMERIK ONE All versions < V6.15 SP4 in connection with using Create MyConfig (CMC) <= V6.6 affected by CVE-2024-43781	Update to V6.15 SP4 or later version Updated software version can be obtained from Siemens customer support or a local partner. See further recommendations from section Workarounds and Mitigations

WORKAROUNDS AND MITIGATIONS

Siemens has identified the following specific workarounds and mitigations that customers can apply to reduce the risk:

CVE-2024-43781:
Delete the file(s) manually (after using CMC):
- on an NCU: /card/user/sinumerik/hmi/log/sltrc/uptrace.out
- on an IPC: c:\ProgramData\Siemens\MotionControl\user\sinumerik\hmi\log\sltrc\uptrace.out
and the corresponding backup of the tracefile, uptrace.out.bak.

Replace trace configuration to switch off trace for the future.

Product-specific remediations or mitigations can be found in the section Affected Products and Solution.
Please follow the General Security Recommendations.

GENERAL SECURITY RECOMMENDATIONS

As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity

PRODUCT DESCRIPTION

SINUMERIK CNC offers automation solutions for the shop floor, job shops and large serial production environments.

SINUMERIK ONE is a digital-native CNC system with an integrated SIMATIC S7-1500 CPU for automation.

VULNERABILITY DESCRIPTION

Un-/Collapse All

This chapter describes all vulnerabilities (CVE-IDs) addressed in this security advisory. Wherever applicable, it also documents the product-specific impact of the individual vulnerabilities.

Vulnerability CVE-2024-43781

Affected systems, that have been provisioned with Create MyConfig (CMC), contain a Insertion of Sensitive Information into Log File vulnerability. This could allow a local authenticated user with low privileges to read sensitive information and thus circumvent access restrictions.

CVSS v3.1 Base Score	5.5
CVSS v3.1 Vector	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
CVSS v4.0 Base Score	6.8
CVSS v4.0 Vector	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
CWE	CWE-532: Insertion of Sensitive Information into Log File

ADDITIONAL INFORMATION

For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories

HISTORY DATA

V1.0 (2024-09-10):

Publication Date

Siemens Security Advisories are subject to the terms and conditions contained in Siemens’ underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens’ Global Website (https://www.siemens.com/ terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.