Action not permitted
Modal body text goes here.
CVE-2023-33953
Vulnerability from cvelistv5
Published
2023-08-09 12:54
Modified
2024-09-27 18:40
Severity ?
EPSS score ?
Summary
Denial-of-Service in gRPC
References
▼ | URL | Tags | |
---|---|---|---|
cve-coordination@google.com | https://cloud.google.com/support/bulletins#gcp-2023-022 | Vendor Advisory |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T15:54:14.192Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cloud.google.com/support/bulletins#gcp-2023-022" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:a:grpc:grpc:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "grpc", "vendor": "grpc", "versions": [ { "lessThan": "1.53.2", "status": "affected", "version": "0", "versionType": "custom" }, { "lessThan": "154.3", "status": "affected", "version": "1.54", "versionType": "custom" }, { "lessThan": "1.55.2", "status": "affected", "version": "1.55", "versionType": "custom" }, { "lessThan": "1.56.2", "status": "affected", "version": "1.56", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-33953", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-27T17:54:21.539206Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-27T18:40:52.297Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "gRPC", "vendor": "Google", "versions": [ { "lessThan": "1.56.1", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/\u0026nbsp;Three vectors were found that allow the following DOS attacks:\u003cbr\u003e\u003cbr\u003e- Unbounded memory buffering in the HPACK parser\u003cbr\u003e- Unbounded CPU consumption in the HPACK parser\u003cbr\u003e\u003cbr\u003eThe unbounded CPU consumption is down to a copy that occurred per-input-block in the parser, and because that could be unbounded due to the memory copy bug we end up with an O(n^2) parsing loop, with n selected by the client.\u003cbr\u003e\u003cbr\u003eThe unbounded memory buffering bugs:\u003cbr\u003e\u003cbr\u003e- The header size limit check was behind the string reading code, so we needed to first buffer up to a 4 gigabyte string before rejecting it as longer than 8 or 16kb.\u003cbr\u003e- HPACK varints have an encoding quirk whereby an infinite number of 0\u2019s can be added at the start of an integer. gRPC\u2019s hpack parser needed to read all of them before concluding a parse.\u003cbr\u003e- gRPC\u2019s metadata overflow check was performed per frame, so that the following sequence of frames could cause infinite buffering: HEADERS: containing a: 1 CONTINUATION: containing a: 2 CONTINUATION: containing a: 3 etc\u2026" } ], "value": "gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/\u00a0Three vectors were found that allow the following DOS attacks:\n\n- Unbounded memory buffering in the HPACK parser\n- Unbounded CPU consumption in the HPACK parser\n\nThe unbounded CPU consumption is down to a copy that occurred per-input-block in the parser, and because that could be unbounded due to the memory copy bug we end up with an O(n^2) parsing loop, with n selected by the client.\n\nThe unbounded memory buffering bugs:\n\n- The header size limit check was behind the string reading code, so we needed to first buffer up to a 4 gigabyte string before rejecting it as longer than 8 or 16kb.\n- HPACK varints have an encoding quirk whereby an infinite number of 0\u2019s can be added at the start of an integer. gRPC\u2019s hpack parser needed to read all of them before concluding a parse.\n- gRPC\u2019s metadata overflow check was performed per frame, so that the following sequence of frames could cause infinite buffering: HEADERS: containing a: 1 CONTINUATION: containing a: 2 CONTINUATION: containing a: 3 etc\u2026" } ], "impacts": [ { "capecId": "CAPEC-220", "descriptions": [ { "lang": "en", "value": "CAPEC-220 Client-Server Protocol Manipulation" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-834", "description": "CWE-834 Excessive Iteration", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-789", "description": "CWE-789 Memory Allocation with Excessive Size Value", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-08-09T12:54:47.415Z", "orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google" }, "references": [ { "url": "https://cloud.google.com/support/bulletins#gcp-2023-022" } ], "source": { "discovery": "UNKNOWN" }, "title": "Denial-of-Service in gRPC", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "assignerShortName": "Google", "cveId": "CVE-2023-33953", "datePublished": "2023-08-09T12:54:47.415Z", "dateReserved": "2023-05-24T12:08:31.409Z", "dateUpdated": "2024-09-27T18:40:52.297Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2023-33953\",\"sourceIdentifier\":\"cve-coordination@google.com\",\"published\":\"2023-08-09T13:15:09.370\",\"lastModified\":\"2023-08-17T14:15:26.377\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/\u00a0Three vectors were found that allow the following DOS attacks:\\n\\n- Unbounded memory buffering in the HPACK parser\\n- Unbounded CPU consumption in the HPACK parser\\n\\nThe unbounded CPU consumption is down to a copy that occurred per-input-block in the parser, and because that could be unbounded due to the memory copy bug we end up with an O(n^2) parsing loop, with n selected by the client.\\n\\nThe unbounded memory buffering bugs:\\n\\n- The header size limit check was behind the string reading code, so we needed to first buffer up to a 4 gigabyte string before rejecting it as longer than 8 or 16kb.\\n- HPACK varints have an encoding quirk whereby an infinite number of 0\u2019s can be added at the start of an integer. gRPC\u2019s hpack parser needed to read all of them before concluding a parse.\\n- gRPC\u2019s metadata overflow check was performed per frame, so that the following sequence of frames could cause infinite buffering: HEADERS: containing a: 1 CONTINUATION: containing a: 2 CONTINUATION: containing a: 3 etc\u2026\"},{\"lang\":\"es\",\"value\":\"gRPC contiene una vulnerabilidad que permite que los errores de contabilidad de la tabla hpack puedan provocar desconexiones no deseadas entre clientes y servidores en casos excepcionales/ Se han encontrado tres vectores que permiten los siguientes ataques DOS:\\n\\n- Memoria intermedia ilimitada en el analizador sint\u00e1ctico HPACK\\n- Consumo ilimitado de CPU en el analizador sint\u00e1ctico HPACK\\n\\nEl consumo ilimitado de CPU se debe a una copia que se produc\u00eda por bloque de entrada en el analizador sint\u00e1ctico, y dado que podr\u00eda ser ilimitada debido al error de copia de memoria, acabamos con un bucle de an\u00e1lisis sint\u00e1ctico O(n^2), con n seleccionado por el cliente.\\n\\nEl error de memoria intermedia no limitada:\\n\\n- La comprobaci\u00f3n del l\u00edmite de tama\u00f1o de la cabecera estaba detr\u00e1s del c\u00f3digo de lectura de cadenas, por lo que necesit\u00e1bamos primero almacenar en b\u00fafer hasta una cadena de 4 gigabytes antes de rechazarla como m\u00e1s larga de 8 o 16kb.\\n- Las varints HPACK tienen una peculiaridad de codificaci\u00f3n por la que se puede a\u00f1adir un n\u00famero infinito de ceros al principio de un entero. El analizador hpack de gRPC necesitaba leerlos todos antes de concluir el an\u00e1lisis.\\n- La comprobaci\u00f3n de desbordamiento de metadatos de gRPC se realizaba por fotograma, por lo que la siguiente secuencia de fotogramas pod\u00eda causar un buffering infinito: CABECERAS: contiene un: 1 CONTINUACI\u00d3N: contiene un: 2 CONTINUACI\u00d3N: contiene un: 3 etc?\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"cve-coordination@google.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-770\"},{\"lang\":\"en\",\"value\":\"CWE-834\"}]},{\"source\":\"cve-coordination@google.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-789\"},{\"lang\":\"en\",\"value\":\"CWE-834\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:grpc:grpc:*:*:*:*:*:-:*:*\",\"versionEndExcluding\":\"1.53.2\",\"matchCriteriaId\":\"5278AD31-21EB-4A2E-89FE-D2E765AC4507\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:grpc:grpc:*:*:*:*:*:-:*:*\",\"versionStartIncluding\":\"1.54.0\",\"versionEndExcluding\":\"1.54.3\",\"matchCriteriaId\":\"1A6B7840-8878-4F83-977A-1AF53E103F51\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:grpc:grpc:*:*:*:*:*:-:*:*\",\"versionStartIncluding\":\"1.55.0\",\"versionEndExcluding\":\"1.55.2\",\"matchCriteriaId\":\"12899AA9-F4C9-4E74-B423-8AD74F043758\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:grpc:grpc:*:*:*:*:*:-:*:*\",\"versionStartIncluding\":\"1.56.0\",\"versionEndExcluding\":\"1.56.2\",\"matchCriteriaId\":\"C4864589-BDBC-4F3D-9175-DA7800480B87\"}]}]}],\"references\":[{\"url\":\"https://cloud.google.com/support/bulletins#gcp-2023-022\",\"source\":\"cve-coordination@google.com\",\"tags\":[\"Vendor Advisory\"]}]}}" } }
ssa-093430
Vulnerability from csaf_siemens
Published
2024-05-14 00:00
Modified
2024-06-11 00:00
Summary
SSA-093430: Multiple Vulnerabilities in SIMATIC RTLS Locating Manager before V3.0
Notes
Summary
Siemens has released a new version for SIMATIC RTLS Locating Manager and recommends to update to the latest version.
General Recommendations
As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download:
https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use
Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.
{ "document": { "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Disclosure is not limited. (TLPv2: TLP:CLEAR)", "tlp": { "label": "WHITE" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Siemens has released a new version for SIMATIC RTLS Locating Manager and recommends to update to the latest version.", "title": "Summary" }, { "category": "general", "text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "title": "General Recommendations" }, { "category": "general", "text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories", "title": "Additional Resources" }, { "category": "legal_disclaimer", "text": "Siemens Security Advisories are subject to the terms and conditions contained in Siemens\u0027 underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens\u0027 Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "productcert@siemens.com", "name": "Siemens ProductCERT", "namespace": "https://www.siemens.com" }, "references": [ { "category": "self", "summary": "SSA-093430: Multiple Vulnerabilities in SIMATIC RTLS Locating Manager before V3.0 - HTML Version", "url": "https://cert-portal.siemens.com/productcert/html/ssa-093430.html" }, { "category": "self", "summary": "SSA-093430: Multiple Vulnerabilities in SIMATIC RTLS Locating Manager before V3.0 - CSAF Version", "url": "https://cert-portal.siemens.com/productcert/csaf/ssa-093430.json" }, { "category": "self", "summary": "SSA-093430: Multiple Vulnerabilities in SIMATIC RTLS Locating Manager before V3.0 - PDF Version", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-093430.pdf" }, { "category": "self", "summary": "SSA-093430: Multiple Vulnerabilities in SIMATIC RTLS Locating Manager before V3.0 - TXT Version", "url": "https://cert-portal.siemens.com/productcert/txt/ssa-093430.txt" } ], "title": "SSA-093430: Multiple Vulnerabilities in SIMATIC RTLS Locating Manager before V3.0", "tracking": { "current_release_date": "2024-06-11T00:00:00Z", "generator": { "engine": { "name": "Siemens ProductCERT CSAF Generator", "version": "1" } }, "id": "SSA-093430", "initial_release_date": "2024-05-14T00:00:00Z", "revision_history": [ { "date": "2024-05-14T00:00:00Z", "legacy_version": "1.0", "number": "1", "summary": "Publication Date" }, { "date": "2024-06-11T00:00:00Z", "legacy_version": "1.1", "number": "2", "summary": "Added specific mitigation for CVE-2024-30207" } ], "status": "interim", "version": "2" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version_range", "name": "\u003cV3.0.1.1", "product": { "name": "SIMATIC RTLS Locating Manager (6GT2780-0DA00)", "product_id": "1", "product_identification_helper": { "model_numbers": [ "6GT2780-0DA00" ] } } } ], "category": "product_name", "name": "SIMATIC RTLS Locating Manager (6GT2780-0DA00)" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV3.0.1.1", "product": { "name": "SIMATIC RTLS Locating Manager (6GT2780-0DA10)", "product_id": "2", "product_identification_helper": { "model_numbers": [ "6GT2780-0DA10" ] } } } ], "category": "product_name", "name": "SIMATIC RTLS Locating Manager (6GT2780-0DA10)" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV3.0.1.1", "product": { "name": "SIMATIC RTLS Locating Manager (6GT2780-0DA20)", "product_id": "3", "product_identification_helper": { "model_numbers": [ "6GT2780-0DA20" ] } } } ], "category": "product_name", "name": "SIMATIC RTLS Locating Manager (6GT2780-0DA20)" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV3.0.1.1", "product": { "name": "SIMATIC RTLS Locating Manager (6GT2780-0DA30)", "product_id": "4", "product_identification_helper": { "model_numbers": [ "6GT2780-0DA30" ] } } } ], "category": "product_name", "name": "SIMATIC RTLS Locating Manager (6GT2780-0DA30)" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV3.0.1.1", "product": { "name": "SIMATIC RTLS Locating Manager (6GT2780-1EA10)", "product_id": "5", "product_identification_helper": { "model_numbers": [ "6GT2780-1EA10" ] } } } ], "category": "product_name", "name": "SIMATIC RTLS Locating Manager (6GT2780-1EA10)" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV3.0.1.1", "product": { "name": "SIMATIC RTLS Locating Manager (6GT2780-1EA20)", "product_id": "6", "product_identification_helper": { "model_numbers": [ "6GT2780-1EA20" ] } } } ], "category": "product_name", "name": "SIMATIC RTLS Locating Manager (6GT2780-1EA20)" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV3.0.1.1", "product": { "name": "SIMATIC RTLS Locating Manager (6GT2780-1EA30)", "product_id": "7", "product_identification_helper": { "model_numbers": [ "6GT2780-1EA30" ] } } } ], "category": "product_name", "name": "SIMATIC RTLS Locating Manager (6GT2780-1EA30)" } ], "category": "vendor", "name": "Siemens" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-4807", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "summary", "text": "Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications on the Windows 64 platform when running on newer X86_64 processors supporting the AVX512-IFMA instructions. Impact summary: If in an application that uses the OpenSSL library an attacker can influence whether the POLY1305 MAC algorithm is used, the application state might be corrupted with various application dependent consequences. The POLY1305 MAC (message authentication code) implementation in OpenSSL does not save the contents of non-volatile XMM registers on Windows 64 platform when calculating the MAC of data larger than 64 bytes. Before returning to the caller all the XMM registers are set to zero rather than restoring their previous content. The vulnerable code is used only on newer x86_64 processors supporting the AVX512-IFMA instructions. The consequences of this kind of internal application state corruption can be various - from no consequences, if the calling application does not depend on the contents of non-volatile XMM registers at all, to the worst consequences, where the attacker could get complete control of the application process. However given the contents of the registers are just zeroized so the attacker cannot put arbitrary values inside, the most likely consequence, if any, would be an incorrect result of some application dependent calculations or a crash leading to a denial of service. The POLY1305 MAC algorithm is most frequently used as part of the CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) algorithm. The most common usage of this AEAD cipher is with TLS protocol versions 1.2 and 1.3 and a malicious client can influence whether this AEAD cipher is used by the server. This implies that server applications using OpenSSL can be potentially impacted. However we are currently not aware of any concrete application that would be affected by this issue therefore we consider this a Low severity security issue. As a workaround the AVX512-IFMA instructions support can be disabled at runtime by setting the environment variable OPENSSL_ia32cap: OPENSSL_ia32cap=:~0x200000 The FIPS provider is not affected by this issue.", "title": "Summary" } ], "product_status": { "known_affected": [ "1", "2", "3", "4", "5", "6", "7" ] }, "remediations": [ { "category": "mitigation", "details": "Install required RTLS Locating Manager components on a single host computer where possible and ensure only trusted persons have access to the system", "product_ids": [ "1", "2", "3", "4", "5", "6", "7" ] }, { "category": "mitigation", "details": "Secure the Windows Server, where the RTLS Locating Manager is installed on, with a firewall and make sure no ports are accessible from untrusted networks", "product_ids": [ "1", "2", "3", "4", "5", "6", "7" ] }, { "category": "mitigation", "details": "Apply security hardening of the Windows Server, where the RTLS Locating Manager is installed on, in accordance with your corporate security policies or up-to-date hardening guidelines", "product_ids": [ "1", "2", "3", "4", "5", "6", "7" ] }, { "category": "vendor_fix", "details": "Update to V3.0.1.1 or later version\nThe update is available from Siemens Online Software Delivery (OSD).", "product_ids": [ "1", "2", "3", "4", "5", "6", "7" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "1", "2", "3", "4", "5", "6", "7" ] } ], "title": "CVE-2023-4807" }, { "cve": "CVE-2023-5363", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "summary", "text": "Issue summary: A bug has been identified in the processing of key and initialisation vector (IV) lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers.\r\n\r\nImpact summary: A truncation in the IV can result in non-uniqueness, which could result in loss of confidentiality for some cipher modes.\r\n\r\nWhen calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or EVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after the key and IV have been established. Any alterations to the key length, via the \"keylen\" parameter or the IV length, via the \"ivlen\" parameter, within the OSSL_PARAM array will not take effect as intended, potentially causing truncation or overreading of these values. The following ciphers and cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.\r\n\r\nFor the CCM, GCM and OCB cipher modes, truncation of the IV can result in loss of confidentiality. For example, when following NIST\u0027s SP 800-38D section 8.2.1 guidance for constructing a deterministic IV for AES in GCM mode, truncation of the counter portion could lead to IV reuse.\r\n\r\nBoth truncations and overruns of the key and overruns of the IV will produce incorrect results and could, in some cases, trigger a memory exception. However, these issues are not currently assessed as security critical.\r\n\r\nChanging the key and/or IV lengths is not considered to be a common operation and the vulnerable API was recently introduced. Furthermore it is likely that application developers will have spotted this problem during testing since decryption would fail unless both peers in the communication were similarly vulnerable. For these reasons we expect the probability of an application being vulnerable to this to be quite low. However if an application is vulnerable then this issue is considered very serious. For these reasons we have assessed this issue as Moderate severity overall.\r\n\r\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\r\n\r\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this because the issue lies outside of the FIPS provider boundary.\r\n\r\nOpenSSL 3.1 and 3.0 are vulnerable to this issue.", "title": "Summary" } ], "product_status": { "known_affected": [ "1", "2", "3", "4", "5", "6", "7" ] }, "remediations": [ { "category": "mitigation", "details": "Install required RTLS Locating Manager components on a single host computer where possible and ensure only trusted persons have access to the system", "product_ids": [ "1", "2", "3", "4", "5", "6", "7" ] }, { "category": "mitigation", "details": "Secure the Windows Server, where the RTLS Locating Manager is installed on, with a firewall and make sure no ports are accessible from untrusted networks", "product_ids": [ "1", "2", "3", "4", "5", "6", "7" ] }, { "category": "mitigation", "details": "Apply security hardening of the Windows Server, where the RTLS Locating Manager is installed on, in accordance with your corporate security policies or up-to-date hardening guidelines", "product_ids": [ "1", "2", "3", "4", "5", "6", "7" ] }, { "category": "vendor_fix", "details": "Update to V3.0.1.1 or later version\nThe update is available from Siemens Online Software Delivery (OSD).", "product_ids": [ "1", "2", "3", "4", "5", "6", "7" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "1", "2", "3", "4", "5", "6", "7" ] } ], "title": "CVE-2023-5363" }, { "cve": "CVE-2023-5678", "cwe": { "id": "CWE-754", "name": "Improper Check for Unusual or Exceptional Conditions" }, "notes": [ { "category": "summary", "text": "Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_generate_key() to generate an X9.42 DH key may experience long delays. Likewise, applications that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check() to check an X9.42 DH key or X9.42 DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. While DH_check() performs all the necessary checks (as of CVE-2023-3817), DH_check_pub_key() doesn\u0027t make any of these checks, and is therefore vulnerable for excessively large P and Q parameters. Likewise, while DH_generate_key() performs a check for an excessively large P, it doesn\u0027t check for an excessively large Q. An application that calls DH_generate_key() or DH_check_pub_key() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. DH_generate_key() and DH_check_pub_key() are also called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate(). Also vulnerable are the OpenSSL pkey command line application when using the \"-pubcheck\" option, as well as the OpenSSL genpkey command line application. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.", "title": "Summary" } ], "product_status": { "known_affected": [ "1", "2", "3", "4", "5", "6", "7" ] }, "remediations": [ { "category": "mitigation", "details": "Install required RTLS Locating Manager components on a single host computer where possible and ensure only trusted persons have access to the system", "product_ids": [ "1", "2", "3", "4", "5", "6", "7" ] }, { "category": "mitigation", "details": "Secure the Windows Server, where the RTLS Locating Manager is installed on, with a firewall and make sure no ports are accessible from untrusted networks", "product_ids": [ "1", "2", "3", "4", "5", "6", "7" ] }, { "category": "mitigation", "details": "Apply security hardening of the Windows Server, where the RTLS Locating Manager is installed on, in accordance with your corporate security policies or up-to-date hardening guidelines", "product_ids": [ "1", "2", "3", "4", "5", "6", "7" ] }, { "category": "vendor_fix", "details": "Update to V3.0.1.1 or later version\nThe update is available from Siemens Online Software Delivery (OSD).", "product_ids": [ "1", "2", "3", "4", "5", "6", "7" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "1", "2", "3", "4", "5", "6", "7" ] } ], "title": "CVE-2023-5678" }, { "cve": "CVE-2023-29409", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "notes": [ { "category": "summary", "text": "Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to \u003c= 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three certificates in circulation with keys larger than this, and all three appear to be test certificates that are not actively deployed. It is possible there are larger keys in use in private PKIs, but we target the web PKI, so causing breakage here in the interests of increasing the default safety of users of crypto/tls seems reasonable.", "title": "Summary" } ], "product_status": { "known_affected": [ "1", "2", "3", "4", "5", "6", "7" ] }, "remediations": [ { "category": "mitigation", "details": "Install required RTLS Locating Manager components on a single host computer where possible and ensure only trusted persons have access to the system", "product_ids": [ "1", "2", "3", "4", "5", "6", "7" ] }, { "category": "mitigation", "details": "Secure the Windows Server, where the RTLS Locating Manager is installed on, with a firewall and make sure no ports are accessible from untrusted networks", "product_ids": [ "1", "2", "3", "4", "5", "6", "7" ] }, { "category": "mitigation", "details": "Apply security hardening of the Windows Server, where the RTLS Locating Manager is installed on, in accordance with your corporate security policies or up-to-date hardening guidelines", "product_ids": [ "1", "2", "3", "4", "5", "6", "7" ] }, { "category": "vendor_fix", "details": "Update to V3.0.1.1 or later version\nThe update is available from Siemens Online Software Delivery (OSD).", "product_ids": [ "1", "2", "3", "4", "5", "6", "7" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "1", "2", "3", "4", "5", "6", "7" ] } ], "title": "CVE-2023-29409" }, { "cve": "CVE-2023-33953", "cwe": { "id": "CWE-834", "name": "Excessive Iteration" }, "notes": [ { "category": "summary", "text": "PC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases. Three vectors were found that allow the following DOS attacks: - Unbounded memory buffering in the HPACK parser - Unbounded CPU consumption in the HPACK parser The unbounded CPU consumption is down to a copy that occurred per-input-block in the parser, and because that could be unbounded due to the memory copy bug we end up with a parsing loop, with n selected by the client. The unbounded memory buffering bugs: - The header size limit check was behind the string reading code, so we needed to first buffer up to a 4 gigabyte string before rejecting it as longer than 8 or 16kb. - HPACK varints have an encoding quirk whereby an infinite number of 0\u2019s can be added at the start of an integer. gRPC\u2019s hpack parser needed to read all of them before concluding a parse. - gRPC\u2019s metadata overflow check was performed per frame, so that the following sequence of frames could cause infinite buffering: HEADERS: containing a: 1 CONTINUATION: containing a: 2 CONTINUATION: containing a: 3 etc\u2026\r\n- Unbounded memory buffering in the HPACK parser\r\n- Unbounded CPU consumption in the HPACK parser\r\n\r\nThe unbounded CPU consumption is down to a copy that occurred per-input-block in the parser, and because that could be unbounded due to the memory copy bug we end up with an parsing loop, with n selected by the client.\r\n\r\nThe unbounded memory buffering bugs:\r\n\r\n- The header size limit check was behind the string reading code, so we needed to first buffer up to a 4 gigabyte string before rejecting it as longer than 8 or 16kb.\r\n- HPACK varints have an encoding quirk whereby an infinite number of 0\u2019s can be added at the start of an integer. gRPC\u2019s hpack parser needed to read all of them before concluding a parse.\r\n- gRPC\u2019s metadata overflow check was performed per frame, so that the following sequence of frames could cause infinite buffering: HEADERS: containing a: 1 CONTINUATION: containing a: 2 CONTINUATION: containing a: 3 etc\u2026", "title": "Summary" } ], "product_status": { "known_affected": [ "1", "2", "3", "4", "5", "6", "7" ] }, "remediations": [ { "category": "mitigation", "details": "Install required RTLS Locating Manager components on a single host computer where possible and ensure only trusted persons have access to the system", "product_ids": [ "1", "2", "3", "4", "5", "6", "7" ] }, { "category": "mitigation", "details": "Secure the Windows Server, where the RTLS Locating Manager is installed on, with a firewall and make sure no ports are accessible from untrusted networks", "product_ids": [ "1", "2", "3", "4", "5", "6", "7" ] }, { "category": "mitigation", "details": "Apply security hardening of the Windows Server, where the RTLS Locating Manager is installed on, in accordance with your corporate security policies or up-to-date hardening guidelines", "product_ids": [ "1", "2", "3", "4", "5", "6", "7" ] }, { "category": "vendor_fix", "details": "Update to V3.0.1.1 or later version\nThe update is available from Siemens Online Software Delivery (OSD).", "product_ids": [ "1", "2", "3", "4", "5", "6", "7" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "1", "2", "3", "4", "5", "6", "7" ] } ], "title": "CVE-2023-33953" }, { "cve": "CVE-2023-38039", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "notes": [ { "category": "summary", "text": "When curl retrieves an HTTP response, it stores the incoming headers so that\nthey can be accessed later via the libcurl headers API.\n\nHowever, curl did not have a limit in how many or how large headers it would\naccept in a response, allowing a malicious server to stream an endless series\nof headers and eventually cause curl to run out of heap memory.", "title": "Summary" } ], "product_status": { "known_affected": [ "1", "2", "3", "4", "5", "6", "7" ] }, "remediations": [ { "category": "mitigation", "details": "Install required RTLS Locating Manager components on a single host computer where possible and ensure only trusted persons have access to the system", "product_ids": [ "1", "2", "3", "4", "5", "6", "7" ] }, { "category": "mitigation", "details": "Secure the Windows Server, where the RTLS Locating Manager is installed on, with a firewall and make sure no ports are accessible from untrusted networks", "product_ids": [ "1", "2", "3", "4", "5", "6", "7" ] }, { "category": "mitigation", "details": "Apply security hardening of the Windows Server, where the RTLS Locating Manager is installed on, in accordance with your corporate security policies or up-to-date hardening guidelines", "product_ids": [ "1", "2", "3", "4", "5", "6", "7" ] }, { "category": "vendor_fix", "details": "Update to V3.0.1.1 or later version\nThe update is available from Siemens Online Software Delivery (OSD).", "product_ids": [ "1", "2", "3", "4", "5", "6", "7" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "1", "2", "3", "4", "5", "6", "7" ] } ], "title": "CVE-2023-38039" }, { "cve": "CVE-2023-38545", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "notes": [ { "category": "summary", "text": "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake.\r\n\r\nWhen curl is asked to pass along the hostname to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length that hostname can be is 255 bytes.\r\n\r\nIf the hostname is detected to be longer than 255 bytes, curl switches to local name resolving and instead passes on the resolved address only to the proxy. Due to a bug, the local variable that means \"let the host resolve the name\" could get the wrong value during a slow SOCKS5 handshake, and contrary to the intention, copy the too long hostname to the target buffer instead of copying just the resolved address there.", "title": "Summary" } ], "product_status": { "known_affected": [ "1", "2", "3", "4", "5", "6", "7" ] }, "remediations": [ { "category": "mitigation", "details": "Install required RTLS Locating Manager components on a single host computer where possible and ensure only trusted persons have access to the system", "product_ids": [ "1", "2", "3", "4", "5", "6", "7" ] }, { "category": "mitigation", "details": "Secure the Windows Server, where the RTLS Locating Manager is installed on, with a firewall and make sure no ports are accessible from untrusted networks", "product_ids": [ "1", "2", "3", "4", "5", "6", "7" ] }, { "category": "mitigation", "details": "Apply security hardening of the Windows Server, where the RTLS Locating Manager is installed on, in accordance with your corporate security policies or up-to-date hardening guidelines", "product_ids": [ "1", "2", "3", "4", "5", "6", "7" ] }, { "category": "vendor_fix", "details": "Update to V3.0.1.1 or later version\nThe update is available from Siemens Online Software Delivery (OSD).", "product_ids": [ "1", "2", "3", "4", "5", "6", "7" ] } ], "scores": [ { "cvss_v3": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "1", "2", "3", "4", "5", "6", "7" ] } ], "title": "CVE-2023-38545" }, { "cve": "CVE-2023-38546", "cwe": { "id": "CWE-73", "name": "External Control of File Name or Path" }, "notes": [ { "category": "summary", "text": "This flaw allows an attacker to insert cookies at will into a running program\r\nusing libcurl, if the specific series of conditions are met.\r\n\r\nlibcurl performs transfers. In its API, an application creates \"easy handles\"\r\nthat are the individual handles for single transfers.\r\n\r\nlibcurl provides a function call that duplicates en easy handle called\r\n[curl_easy_duphandle](https://curl.se/libcurl/c/curl_easy_duphandle.html).\r\n\r\nIf a transfer has cookies enabled when the handle is duplicated, the\r\ncookie-enable state is also cloned - but without cloning the actual\r\ncookies. If the source handle did not read any cookies from a specific file on\r\ndisk, the cloned version of the handle would instead store the file name as\r\n`none` (using the four ASCII letters, no quotes).\r\n\r\nSubsequent use of the cloned handle that does not explicitly set a source to\r\nload cookies from would then inadvertently load cookies from a file named\r\n`none` - if such a file exists and is readable in the current directory of the\r\nprogram using libcurl. And if using the correct file format of course.", "title": "Summary" } ], "product_status": { "known_affected": [ "1", "2", "3", "4", "5", "6", "7" ] }, "remediations": [ { "category": "mitigation", "details": "Install required RTLS Locating Manager components on a single host computer where possible and ensure only trusted persons have access to the system", "product_ids": [ "1", "2", "3", "4", "5", "6", "7" ] }, { "category": "mitigation", "details": "Secure the Windows Server, where the RTLS Locating Manager is installed on, with a firewall and make sure no ports are accessible from untrusted networks", "product_ids": [ "1", "2", "3", "4", "5", "6", "7" ] }, { "category": "mitigation", "details": "Apply security hardening of the Windows Server, where the RTLS Locating Manager is installed on, in accordance with your corporate security policies or up-to-date hardening guidelines", "product_ids": [ "1", "2", "3", "4", "5", "6", "7" ] }, { "category": "vendor_fix", "details": "Update to V3.0.1.1 or later version\nThe update is available from Siemens Online Software Delivery (OSD).", "product_ids": [ "1", "2", "3", "4", "5", "6", "7" ] } ], "scores": [ { "cvss_v3": { "baseScore": 3.7, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "1", "2", "3", "4", "5", "6", "7" ] } ], "title": "CVE-2023-38546" }, { "cve": "CVE-2023-46218", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "summary", "text": "This flaw allows a malicious HTTP server to set \"super cookies\" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this by exploiting a mixed case flaw in curl\u0027s function that verifies a given cookie domain against the Public Suffix List (PSL). For example a cookie could be set with `domain=co.UK` when the URL used a lower case hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain.", "title": "Summary" } ], "product_status": { "known_affected": [ "1", "2", "3", "4", "5", "6", "7" ] }, "remediations": [ { "category": "mitigation", "details": "Install required RTLS Locating Manager components on a single host computer where possible and ensure only trusted persons have access to the system", "product_ids": [ "1", "2", "3", "4", "5", "6", "7" ] }, { "category": "mitigation", "details": "Secure the Windows Server, where the RTLS Locating Manager is installed on, with a firewall and make sure no ports are accessible from untrusted networks", "product_ids": [ "1", "2", "3", "4", "5", "6", "7" ] }, { "category": "mitigation", "details": "Apply security hardening of the Windows Server, where the RTLS Locating Manager is installed on, in accordance with your corporate security policies or up-to-date hardening guidelines", "product_ids": [ "1", "2", "3", "4", "5", "6", "7" ] }, { "category": "vendor_fix", "details": "Update to V3.0.1.1 or later version\nThe update is available from Siemens Online Software Delivery (OSD).", "product_ids": [ "1", "2", "3", "4", "5", "6", "7" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "1", "2", "3", "4", "5", "6", "7" ] } ], "title": "CVE-2023-46218" }, { "cve": "CVE-2023-46219", "cwe": { "id": "CWE-311", "name": "Missing Encryption of Sensitive Data" }, "notes": [ { "category": "summary", "text": "When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS status they should otherwise use.", "title": "Summary" } ], "product_status": { "known_affected": [ "1", "2", "3", "4", "5", "6", "7" ] }, "remediations": [ { "category": "mitigation", "details": "Install required RTLS Locating Manager components on a single host computer where possible and ensure only trusted persons have access to the system", "product_ids": [ "1", "2", "3", "4", "5", "6", "7" ] }, { "category": "mitigation", "details": "Secure the Windows Server, where the RTLS Locating Manager is installed on, with a firewall and make sure no ports are accessible from untrusted networks", "product_ids": [ "1", "2", "3", "4", "5", "6", "7" ] }, { "category": "mitigation", "details": "Apply security hardening of the Windows Server, where the RTLS Locating Manager is installed on, in accordance with your corporate security policies or up-to-date hardening guidelines", "product_ids": [ "1", "2", "3", "4", "5", "6", "7" ] }, { "category": "vendor_fix", "details": "Update to V3.0.1.1 or later version\nThe update is available from Siemens Online Software Delivery (OSD).", "product_ids": [ "1", "2", "3", "4", "5", "6", "7" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "1", "2", "3", "4", "5", "6", "7" ] } ], "title": "CVE-2023-46219" }, { "cve": "CVE-2024-30206", "cwe": { "id": "CWE-494", "name": "Download of Code Without Integrity Check" }, "notes": [ { "category": "summary", "text": "Affected SIMATIC RTLS Locating Manager Clients do not properly check the integrity of update files. This could allow an unauthenticated remote attacker to alter update files in transit and trick an authorized user into installing malicious code. \r\nA successful exploit requires the attacker to be able to modify the communication between server and client on the network.", "title": "Summary" } ], "product_status": { "known_affected": [ "1", "2", "3", "4", "5", "6", "7" ] }, "remediations": [ { "category": "mitigation", "details": "Install required RTLS Locating Manager components on a single host computer where possible and ensure only trusted persons have access to the system", "product_ids": [ "1", "2", "3", "4", "5", "6", "7" ] }, { "category": "mitigation", "details": "Secure the Windows Server, where the RTLS Locating Manager is installed on, with a firewall and make sure no ports are accessible from untrusted networks", "product_ids": [ "1", "2", "3", "4", "5", "6", "7" ] }, { "category": "mitigation", "details": "Apply security hardening of the Windows Server, where the RTLS Locating Manager is installed on, in accordance with your corporate security policies or up-to-date hardening guidelines", "product_ids": [ "1", "2", "3", "4", "5", "6", "7" ] }, { "category": "vendor_fix", "details": "Update to V3.0.1.1 or later version\nThe update is available from Siemens Online Software Delivery (OSD).", "product_ids": [ "1", "2", "3", "4", "5", "6", "7" ] } ], "scores": [ { "cvss_v3": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "1", "2", "3", "4", "5", "6", "7" ] } ], "title": "CVE-2024-30206" }, { "cve": "CVE-2024-30207", "cwe": { "id": "CWE-321", "name": "Use of Hard-coded Cryptographic Key" }, "notes": [ { "category": "summary", "text": "The affected systems use symmetric cryptography with a hard-coded key to protect the communication between client and server. This could allow an unauthenticated remote attacker to compromise confidentiality and integrity of the communication and, subsequently, availability of the system.\r\nA successful exploit requires the attacker to gain knowledge of the hard-coded key and to be able to intercept the communication between client and server on the network.", "title": "Summary" } ], "product_status": { "known_affected": [ "1", "2", "3", "4", "5", "6", "7" ] }, "remediations": [ { "category": "mitigation", "details": "Protect all communication between RTLS Clients and the Server using a secure channel, e.g. an appropriate VPN solution. Ensure that the configured Server ports are exclusively reachable via the VPN as described in the installation manual", "product_ids": [ "1", "2", "3", "4", "5", "6", "7" ] }, { "category": "mitigation", "details": "Install required RTLS Locating Manager components on a single host computer where possible and ensure only trusted persons have access to the system", "product_ids": [ "1", "2", "3", "4", "5", "6", "7" ] }, { "category": "mitigation", "details": "Secure the Windows Server, where the RTLS Locating Manager is installed on, with a firewall and make sure no ports are accessible from untrusted networks", "product_ids": [ "1", "2", "3", "4", "5", "6", "7" ] }, { "category": "mitigation", "details": "Apply security hardening of the Windows Server, where the RTLS Locating Manager is installed on, in accordance with your corporate security policies or up-to-date hardening guidelines", "product_ids": [ "1", "2", "3", "4", "5", "6", "7" ] }, { "category": "vendor_fix", "details": "Update to V3.0.1.1 or later version\nThe update is available from Siemens Online Software Delivery (OSD).", "product_ids": [ "1", "2", "3", "4", "5", "6", "7" ] } ], "scores": [ { "cvss_v3": { "baseScore": 10.0, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "1", "2", "3", "4", "5", "6", "7" ] } ], "title": "CVE-2024-30207" }, { "cve": "CVE-2024-30208", "cwe": { "id": "CWE-732", "name": "Incorrect Permission Assignment for Critical Resource" }, "notes": [ { "category": "summary", "text": "The \"DBTest\" tool of SIMATIC RTLS Locating Manager does not properly enforce access restriction. This could allow an authenticated local attacker to extract sensitive information from memory.", "title": "Summary" } ], "product_status": { "known_affected": [ "1", "2", "3", "4", "5", "6", "7" ] }, "remediations": [ { "category": "mitigation", "details": "Install required RTLS Locating Manager components on a single host computer where possible and ensure only trusted persons have access to the system", "product_ids": [ "1", "2", "3", "4", "5", "6", "7" ] }, { "category": "mitigation", "details": "Secure the Windows Server, where the RTLS Locating Manager is installed on, with a firewall and make sure no ports are accessible from untrusted networks", "product_ids": [ "1", "2", "3", "4", "5", "6", "7" ] }, { "category": "mitigation", "details": "Apply security hardening of the Windows Server, where the RTLS Locating Manager is installed on, in accordance with your corporate security policies or up-to-date hardening guidelines", "product_ids": [ "1", "2", "3", "4", "5", "6", "7" ] }, { "category": "vendor_fix", "details": "Update to V3.0.1.1 or later version\nThe update is available from Siemens Online Software Delivery (OSD).", "product_ids": [ "1", "2", "3", "4", "5", "6", "7" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "1", "2", "3", "4", "5", "6", "7" ] } ], "title": "CVE-2024-30208" }, { "cve": "CVE-2024-30209", "cwe": { "id": "CWE-319", "name": "Cleartext Transmission of Sensitive Information" }, "notes": [ { "category": "summary", "text": "Affected systems transmit client-side resources without proper cryptographic protection. This could allow an attacker to eavesdrop on and modify resources in transit. A successful exploit requires an attacker to be in the network path between the RTLS Locating Manager server and a client (MitM).", "title": "Summary" } ], "product_status": { "known_affected": [ "1", "2", "3", "4", "5", "6", "7" ] }, "remediations": [ { "category": "mitigation", "details": "Install required RTLS Locating Manager components on a single host computer where possible and ensure only trusted persons have access to the system", "product_ids": [ "1", "2", "3", "4", "5", "6", "7" ] }, { "category": "mitigation", "details": "Secure the Windows Server, where the RTLS Locating Manager is installed on, with a firewall and make sure no ports are accessible from untrusted networks", "product_ids": [ "1", "2", "3", "4", "5", "6", "7" ] }, { "category": "mitigation", "details": "Apply security hardening of the Windows Server, where the RTLS Locating Manager is installed on, in accordance with your corporate security policies or up-to-date hardening guidelines", "product_ids": [ "1", "2", "3", "4", "5", "6", "7" ] }, { "category": "vendor_fix", "details": "Update to V3.0.1.1 or later version\nThe update is available from Siemens Online Software Delivery (OSD).", "product_ids": [ "1", "2", "3", "4", "5", "6", "7" ] } ], "scores": [ { "cvss_v3": { "baseScore": 9.6, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "1", "2", "3", "4", "5", "6", "7" ] } ], "title": "CVE-2024-30209" }, { "cve": "CVE-2024-33494", "cwe": { "id": "CWE-345", "name": "Insufficient Verification of Data Authenticity" }, "notes": [ { "category": "summary", "text": "Affected components do not properly authenticate heartbeat messages. This could allow an unauthenticated remote attacker to affected the availability of secondary RTLS systems configured using a TeeRevProxy service and potentially cause loss of data generated during the time the attack is ongoing.", "title": "Summary" } ], "product_status": { "known_affected": [ "1", "2", "3", "4", "5", "6", "7" ] }, "remediations": [ { "category": "mitigation", "details": "Install required RTLS Locating Manager components on a single host computer where possible and ensure only trusted persons have access to the system", "product_ids": [ "1", "2", "3", "4", "5", "6", "7" ] }, { "category": "mitigation", "details": "Secure the Windows Server, where the RTLS Locating Manager is installed on, with a firewall and make sure no ports are accessible from untrusted networks", "product_ids": [ "1", "2", "3", "4", "5", "6", "7" ] }, { "category": "mitigation", "details": "Apply security hardening of the Windows Server, where the RTLS Locating Manager is installed on, in accordance with your corporate security policies or up-to-date hardening guidelines", "product_ids": [ "1", "2", "3", "4", "5", "6", "7" ] }, { "category": "vendor_fix", "details": "Update to V3.0.1.1 or later version\nThe update is available from Siemens Online Software Delivery (OSD).", "product_ids": [ "1", "2", "3", "4", "5", "6", "7" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "1", "2", "3", "4", "5", "6", "7" ] } ], "title": "CVE-2024-33494" }, { "cve": "CVE-2024-33495", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "notes": [ { "category": "summary", "text": "The affected application does not properly limit the size of specific logs. This could allow an unauthenticated remote attacker to exhaust system resources by creating a great number of log entries which could potentially lead to a denial of service condition. A successful exploitation requires the attacker to have access to specific SIMATIC RTLS Locating Manager Clients in the deployment.", "title": "Summary" } ], "product_status": { "known_affected": [ "1", "2", "3", "4", "5", "6", "7" ] }, "remediations": [ { "category": "mitigation", "details": "Install required RTLS Locating Manager components on a single host computer where possible and ensure only trusted persons have access to the system", "product_ids": [ "1", "2", "3", "4", "5", "6", "7" ] }, { "category": "mitigation", "details": "Secure the Windows Server, where the RTLS Locating Manager is installed on, with a firewall and make sure no ports are accessible from untrusted networks", "product_ids": [ "1", "2", "3", "4", "5", "6", "7" ] }, { "category": "mitigation", "details": "Apply security hardening of the Windows Server, where the RTLS Locating Manager is installed on, in accordance with your corporate security policies or up-to-date hardening guidelines", "product_ids": [ "1", "2", "3", "4", "5", "6", "7" ] }, { "category": "vendor_fix", "details": "Update to V3.0.1.1 or later version\nThe update is available from Siemens Online Software Delivery (OSD).", "product_ids": [ "1", "2", "3", "4", "5", "6", "7" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "1", "2", "3", "4", "5", "6", "7" ] } ], "title": "CVE-2024-33495" }, { "cve": "CVE-2024-33496", "cwe": { "id": "CWE-522", "name": "Insufficiently Protected Credentials" }, "notes": [ { "category": "summary", "text": "Affected SIMATIC RTLS Locating Manager Report Clients do not properly protect credentials that are used to authenticate to the server. This could allow an authenticated local attacker to extract the credentials and use them to escalate their access rights from the Manager to the Systemadministrator role.", "title": "Summary" } ], "product_status": { "known_affected": [ "1", "2", "3", "4", "5", "6", "7" ] }, "remediations": [ { "category": "mitigation", "details": "Install required RTLS Locating Manager components on a single host computer where possible and ensure only trusted persons have access to the system", "product_ids": [ "1", "2", "3", "4", "5", "6", "7" ] }, { "category": "mitigation", "details": "Secure the Windows Server, where the RTLS Locating Manager is installed on, with a firewall and make sure no ports are accessible from untrusted networks", "product_ids": [ "1", "2", "3", "4", "5", "6", "7" ] }, { "category": "mitigation", "details": "Apply security hardening of the Windows Server, where the RTLS Locating Manager is installed on, in accordance with your corporate security policies or up-to-date hardening guidelines", "product_ids": [ "1", "2", "3", "4", "5", "6", "7" ] }, { "category": "vendor_fix", "details": "Update to V3.0.1.1 or later version\nThe update is available from Siemens Online Software Delivery (OSD).", "product_ids": [ "1", "2", "3", "4", "5", "6", "7" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "1", "2", "3", "4", "5", "6", "7" ] } ], "title": "CVE-2024-33496" }, { "cve": "CVE-2024-33497", "cwe": { "id": "CWE-522", "name": "Insufficiently Protected Credentials" }, "notes": [ { "category": "summary", "text": "Affected SIMATIC RTLS Locating Manager Track Viewer Client do not properly protect credentials that are used to authenticate to the server. This could allow an authenticated local attacker to extract the credentials and use them to escalate their access rights from the Manager to the Systemadministrator role.", "title": "Summary" } ], "product_status": { "known_affected": [ "1", "2", "3", "4", "5", "6", "7" ] }, "remediations": [ { "category": "mitigation", "details": "Install required RTLS Locating Manager components on a single host computer where possible and ensure only trusted persons have access to the system", "product_ids": [ "1", "2", "3", "4", "5", "6", "7" ] }, { "category": "mitigation", "details": "Secure the Windows Server, where the RTLS Locating Manager is installed on, with a firewall and make sure no ports are accessible from untrusted networks", "product_ids": [ "1", "2", "3", "4", "5", "6", "7" ] }, { "category": "mitigation", "details": "Apply security hardening of the Windows Server, where the RTLS Locating Manager is installed on, in accordance with your corporate security policies or up-to-date hardening guidelines", "product_ids": [ "1", "2", "3", "4", "5", "6", "7" ] }, { "category": "vendor_fix", "details": "Update to V3.0.1.1 or later version\nThe update is available from Siemens Online Software Delivery (OSD).", "product_ids": [ "1", "2", "3", "4", "5", "6", "7" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "1", "2", "3", "4", "5", "6", "7" ] } ], "title": "CVE-2024-33497" }, { "cve": "CVE-2024-33498", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "notes": [ { "category": "summary", "text": "Affected applications do not properly release memory that is allocated when handling specifically crafted incoming packets. This could allow an unauthenticated remote attacker to cause a denial of service condition by crashing the service when it runs out of memory. The service is restarted automatically after a short time.", "title": "Summary" } ], "product_status": { "known_affected": [ "1", "2", "3", "4", "5", "6", "7" ] }, "remediations": [ { "category": "mitigation", "details": "Install required RTLS Locating Manager components on a single host computer where possible and ensure only trusted persons have access to the system", "product_ids": [ "1", "2", "3", "4", "5", "6", "7" ] }, { "category": "mitigation", "details": "Secure the Windows Server, where the RTLS Locating Manager is installed on, with a firewall and make sure no ports are accessible from untrusted networks", "product_ids": [ "1", "2", "3", "4", "5", "6", "7" ] }, { "category": "mitigation", "details": "Apply security hardening of the Windows Server, where the RTLS Locating Manager is installed on, in accordance with your corporate security policies or up-to-date hardening guidelines", "product_ids": [ "1", "2", "3", "4", "5", "6", "7" ] }, { "category": "vendor_fix", "details": "Update to V3.0.1.1 or later version\nThe update is available from Siemens Online Software Delivery (OSD).", "product_ids": [ "1", "2", "3", "4", "5", "6", "7" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "1", "2", "3", "4", "5", "6", "7" ] } ], "title": "CVE-2024-33498" }, { "cve": "CVE-2024-33499", "cwe": { "id": "CWE-732", "name": "Incorrect Permission Assignment for Critical Resource" }, "notes": [ { "category": "summary", "text": "The affected application assigns incorrect permissions to a user management component. This could allow a privileged attacker to escalate their privileges from the Administrators group to the Systemadministrator group.", "title": "Summary" } ], "product_status": { "known_affected": [ "1", "2", "3", "4", "5", "6", "7" ] }, "remediations": [ { "category": "mitigation", "details": "Install required RTLS Locating Manager components on a single host computer where possible and ensure only trusted persons have access to the system", "product_ids": [ "1", "2", "3", "4", "5", "6", "7" ] }, { "category": "mitigation", "details": "Secure the Windows Server, where the RTLS Locating Manager is installed on, with a firewall and make sure no ports are accessible from untrusted networks", "product_ids": [ "1", "2", "3", "4", "5", "6", "7" ] }, { "category": "mitigation", "details": "Apply security hardening of the Windows Server, where the RTLS Locating Manager is installed on, in accordance with your corporate security policies or up-to-date hardening guidelines", "product_ids": [ "1", "2", "3", "4", "5", "6", "7" ] }, { "category": "vendor_fix", "details": "Update to V3.0.1.1 or later version\nThe update is available from Siemens Online Software Delivery (OSD).", "product_ids": [ "1", "2", "3", "4", "5", "6", "7" ] } ], "scores": [ { "cvss_v3": { "baseScore": 9.1, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "1", "2", "3", "4", "5", "6", "7" ] } ], "title": "CVE-2024-33499" }, { "cve": "CVE-2024-33583", "cwe": { "id": "CWE-912", "name": "Hidden Functionality" }, "notes": [ { "category": "summary", "text": "Affected application contains a hidden configuration item to enable debug functionality. This could allow an authenticated local attacker to gain insight into the internal configuration of the deployment.", "title": "Summary" } ], "product_status": { "known_affected": [ "1", "2", "3", "4", "5", "6", "7" ] }, "remediations": [ { "category": "mitigation", "details": "Install required RTLS Locating Manager components on a single host computer where possible and ensure only trusted persons have access to the system", "product_ids": [ "1", "2", "3", "4", "5", "6", "7" ] }, { "category": "mitigation", "details": "Secure the Windows Server, where the RTLS Locating Manager is installed on, with a firewall and make sure no ports are accessible from untrusted networks", "product_ids": [ "1", "2", "3", "4", "5", "6", "7" ] }, { "category": "mitigation", "details": "Apply security hardening of the Windows Server, where the RTLS Locating Manager is installed on, in accordance with your corporate security policies or up-to-date hardening guidelines", "product_ids": [ "1", "2", "3", "4", "5", "6", "7" ] }, { "category": "vendor_fix", "details": "Update to V3.0.1.1 or later version\nThe update is available from Siemens Online Software Delivery (OSD).", "product_ids": [ "1", "2", "3", "4", "5", "6", "7" ] } ], "scores": [ { "cvss_v3": { "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "1", "2", "3", "4", "5", "6", "7" ] } ], "title": "CVE-2024-33583" } ] }
gsd-2023-33953
Vulnerability from gsd
Modified
2023-12-13 01:20
Details
gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/ Three vectors were found that allow the following DOS attacks:
- Unbounded memory buffering in the HPACK parser
- Unbounded CPU consumption in the HPACK parser
The unbounded CPU consumption is down to a copy that occurred per-input-block in the parser, and because that could be unbounded due to the memory copy bug we end up with an O(n^2) parsing loop, with n selected by the client.
The unbounded memory buffering bugs:
- The header size limit check was behind the string reading code, so we needed to first buffer up to a 4 gigabyte string before rejecting it as longer than 8 or 16kb.
- HPACK varints have an encoding quirk whereby an infinite number of 0’s can be added at the start of an integer. gRPC’s hpack parser needed to read all of them before concluding a parse.
- gRPC’s metadata overflow check was performed per frame, so that the following sequence of frames could cause infinite buffering: HEADERS: containing a: 1 CONTINUATION: containing a: 2 CONTINUATION: containing a: 3 etc…
Aliases
Aliases
{ "GSD": { "alias": "CVE-2023-33953", "id": "GSD-2023-33953" }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2023-33953" ], "details": "gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/\u00a0Three vectors were found that allow the following DOS attacks:\n\n- Unbounded memory buffering in the HPACK parser\n- Unbounded CPU consumption in the HPACK parser\n\nThe unbounded CPU consumption is down to a copy that occurred per-input-block in the parser, and because that could be unbounded due to the memory copy bug we end up with an O(n^2) parsing loop, with n selected by the client.\n\nThe unbounded memory buffering bugs:\n\n- The header size limit check was behind the string reading code, so we needed to first buffer up to a 4 gigabyte string before rejecting it as longer than 8 or 16kb.\n- HPACK varints have an encoding quirk whereby an infinite number of 0\u2019s can be added at the start of an integer. gRPC\u2019s hpack parser needed to read all of them before concluding a parse.\n- gRPC\u2019s metadata overflow check was performed per frame, so that the following sequence of frames could cause infinite buffering: HEADERS: containing a: 1 CONTINUATION: containing a: 2 CONTINUATION: containing a: 3 etc\u2026", "id": "GSD-2023-33953", "modified": "2023-12-13T01:20:36.593954Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "security@google.com", "ID": "CVE-2023-33953", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "gRPC", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "0", "version_value": "1.56.1" } ] } } ] }, "vendor_name": "Google" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/\u00a0Three vectors were found that allow the following DOS attacks:\n\n- Unbounded memory buffering in the HPACK parser\n- Unbounded CPU consumption in the HPACK parser\n\nThe unbounded CPU consumption is down to a copy that occurred per-input-block in the parser, and because that could be unbounded due to the memory copy bug we end up with an O(n^2) parsing loop, with n selected by the client.\n\nThe unbounded memory buffering bugs:\n\n- The header size limit check was behind the string reading code, so we needed to first buffer up to a 4 gigabyte string before rejecting it as longer than 8 or 16kb.\n- HPACK varints have an encoding quirk whereby an infinite number of 0\u2019s can be added at the start of an integer. gRPC\u2019s hpack parser needed to read all of them before concluding a parse.\n- gRPC\u2019s metadata overflow check was performed per frame, so that the following sequence of frames could cause infinite buffering: HEADERS: containing a: 1 CONTINUATION: containing a: 2 CONTINUATION: containing a: 3 etc\u2026" } ] }, "generator": { "engine": "Vulnogram 0.1.0-dev" }, "impact": { "cvss": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "cweId": "CWE-834", "lang": "eng", "value": "CWE-834 Excessive Iteration" } ] }, { "description": [ { "cweId": "CWE-789", "lang": "eng", "value": "CWE-789 Memory Allocation with Excessive Size Value" } ] } ] }, "references": { "reference_data": [ { "name": "https://cloud.google.com/support/bulletins#gcp-2023-022", "refsource": "MISC", "url": "https://cloud.google.com/support/bulletins#gcp-2023-022" } ] }, "source": { "discovery": "UNKNOWN" } }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:grpc:grpc:*:*:*:*:*:-:*:*", "cpe_name": [], "versionEndExcluding": "1.56.2", "versionStartIncluding": "1.56.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:grpc:grpc:*:*:*:*:*:-:*:*", "cpe_name": [], "versionEndExcluding": "1.55.2", "versionStartIncluding": "1.55.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:grpc:grpc:*:*:*:*:*:-:*:*", "cpe_name": [], "versionEndExcluding": "1.54.3", "versionStartIncluding": "1.54.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:grpc:grpc:*:*:*:*:*:-:*:*", "cpe_name": [], "versionEndExcluding": "1.53.2", "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "security@google.com", "ID": "CVE-2023-33953" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/\u00a0Three vectors were found that allow the following DOS attacks:\n\n- Unbounded memory buffering in the HPACK parser\n- Unbounded CPU consumption in the HPACK parser\n\nThe unbounded CPU consumption is down to a copy that occurred per-input-block in the parser, and because that could be unbounded due to the memory copy bug we end up with an O(n^2) parsing loop, with n selected by the client.\n\nThe unbounded memory buffering bugs:\n\n- The header size limit check was behind the string reading code, so we needed to first buffer up to a 4 gigabyte string before rejecting it as longer than 8 or 16kb.\n- HPACK varints have an encoding quirk whereby an infinite number of 0\u2019s can be added at the start of an integer. gRPC\u2019s hpack parser needed to read all of them before concluding a parse.\n- gRPC\u2019s metadata overflow check was performed per frame, so that the following sequence of frames could cause infinite buffering: HEADERS: containing a: 1 CONTINUATION: containing a: 2 CONTINUATION: containing a: 3 etc\u2026" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-770" }, { "lang": "en", "value": "CWE-834" } ] } ] }, "references": { "reference_data": [ { "name": "https://cloud.google.com/support/bulletins#gcp-2023-022", "refsource": "MISC", "tags": [ "Vendor Advisory" ], "url": "https://cloud.google.com/support/bulletins#gcp-2023-022" } ] } }, "impact": { "baseMetricV3": { "cvssV3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6 } }, "lastModifiedDate": "2023-08-17T14:15Z", "publishedDate": "2023-08-09T13:15Z" } } }
icsa-24-137-07
Vulnerability from csaf_cisa
Published
2024-05-14 00:00
Modified
2024-05-14 00:00
Summary
Siemens SIMATIC RTLS Locating Manager
Notes
Summary
Siemens has released a new version for SIMATIC RTLS Locating Manager and recommends to update to the latest version.
General Recommendations
As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download:
https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use
Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Advisory Conversion Disclaimer
This CISA CSAF advisory was converted from Siemens ProductCERT's CSAF advisory.
Critical infrastructure sectors
Multiple
Countries/areas deployed
Worldwide
Company headquarters location
Germany
Recommended Practices
CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.
Recommended Practices
Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.
Recommended Practices
Locate control system networks and remote devices behind firewalls and isolate them from business networks.
Recommended Practices
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.
Recommended Practices
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
{ "document": { "acknowledgments": [ { "organization": "Siemens", "summary": "reporting these vulnerabilities to CISA." } ], "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Disclosure is not limited", "tlp": { "label": "WHITE", "url": "https://us-cert.cisa.gov/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Siemens has released a new version for SIMATIC RTLS Locating Manager and recommends to update to the latest version.", "title": "Summary" }, { "category": "general", "text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "title": "General Recommendations" }, { "category": "general", "text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories", "title": "Additional Resources" }, { "category": "legal_disclaimer", "text": "Siemens Security Advisories are subject to the terms and conditions contained in Siemens\u0027 underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens\u0027 Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.", "title": "Terms of Use" }, { "category": "legal_disclaimer", "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.", "title": "Legal Notice" }, { "category": "other", "text": "This CISA CSAF advisory was converted from Siemens ProductCERT\u0027s CSAF advisory.", "title": "Advisory Conversion Disclaimer" }, { "category": "other", "text": "Multiple", "title": "Critical infrastructure sectors" }, { "category": "other", "text": "Worldwide", "title": "Countries/areas deployed" }, { "category": "other", "text": "Germany", "title": "Company headquarters location" }, { "category": "general", "text": "CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.", "title": "Recommended Practices" }, { "category": "general", "text": "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.", "title": "Recommended Practices" }, { "category": "general", "text": "Locate control system networks and remote devices behind firewalls and isolate them from business networks.", "title": "Recommended Practices" }, { "category": "general", "text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.", "title": "Recommended Practices" }, { "category": "general", "text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.", "title": "Recommended Practices" }, { "category": "general", "text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.", "title": "Recommended Practices" }, { "category": "general", "text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.", "title": "Recommended Practices" }, { "category": "general", "text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.", "title": "Recommended Practices" } ], "publisher": { "category": "other", "contact_details": "central@cisa.dhs.gov", "name": "CISA", "namespace": "https://www.cisa.gov/" }, "references": [ { "category": "self", "summary": "SSA-093430: Multiple Vulnerabilities in SIMATIC RTLS Locating Manager before V3.0 - CSAF Version", "url": "https://cert-portal.siemens.com/productcert/csaf/ssa-093430.json" }, { "category": "self", "summary": "SSA-093430: Multiple Vulnerabilities in SIMATIC RTLS Locating Manager before V3.0 - HTML Version", "url": "https://cert-portal.siemens.com/productcert/html/ssa-093430.html" }, { "category": "self", "summary": "SSA-093430: Multiple Vulnerabilities in SIMATIC RTLS Locating Manager before V3.0 - PDF Version", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-093430.pdf" }, { "category": "self", "summary": "SSA-093430: Multiple Vulnerabilities in SIMATIC RTLS Locating Manager before V3.0 - TXT Version", "url": "https://cert-portal.siemens.com/productcert/txt/ssa-093430.txt" }, { "category": "self", "summary": "ICS Advisory ICSA-24-137-07 JSON", "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2024/icsa-24-137-07.json" }, { "category": "self", "summary": "ICS Advisory ICSA-24-137-07 - Web Version", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-137-07" }, { "category": "external", "summary": "Recommended Practices", "url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01" }, { "category": "external", "summary": "Recommended Practices", "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices" }, { "category": "external", "summary": "Recommended Practices", "url": "https://www.cisa.gov/topics/industrial-control-systems" }, { "category": "external", "summary": "Recommended Practices", "url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf" }, { "category": "external", "summary": "Recommended Practices", "url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf" }, { "category": "external", "summary": "Recommended Practices", "url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B" } ], "title": "Siemens SIMATIC RTLS Locating Manager", "tracking": { "current_release_date": "2024-05-14T00:00:00.000000Z", "generator": { "engine": { "name": "CISA CSAF Generator", "version": "1" } }, "id": "ICSA-24-137-07", "initial_release_date": "2024-05-14T00:00:00.000000Z", "revision_history": [ { "date": "2024-05-14T00:00:00.000000Z", "legacy_version": "1.0", "number": "1", "summary": "Publication Date" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version_range", "name": "\u003cV3.0.1.1", "product": { "name": "SIMATIC RTLS Locating Manager (6GT2780-0DA00)", "product_id": "CSAFPID-0001", "product_identification_helper": { "model_numbers": [ "6GT2780-0DA00" ] } } } ], "category": "product_name", "name": "SIMATIC RTLS Locating Manager (6GT2780-0DA00)" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV3.0.1.1", "product": { "name": "SIMATIC RTLS Locating Manager (6GT2780-0DA10)", "product_id": "CSAFPID-0002", "product_identification_helper": { "model_numbers": [ "6GT2780-0DA10" ] } } } ], "category": "product_name", "name": "SIMATIC RTLS Locating Manager (6GT2780-0DA10)" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV3.0.1.1", "product": { "name": "SIMATIC RTLS Locating Manager (6GT2780-0DA20)", "product_id": "CSAFPID-0003", "product_identification_helper": { "model_numbers": [ "6GT2780-0DA20" ] } } } ], "category": "product_name", "name": "SIMATIC RTLS Locating Manager (6GT2780-0DA20)" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV3.0.1.1", "product": { "name": "SIMATIC RTLS Locating Manager (6GT2780-0DA30)", "product_id": "CSAFPID-0004", "product_identification_helper": { "model_numbers": [ "6GT2780-0DA30" ] } } } ], "category": "product_name", "name": "SIMATIC RTLS Locating Manager (6GT2780-0DA30)" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV3.0.1.1", "product": { "name": "SIMATIC RTLS Locating Manager (6GT2780-1EA10)", "product_id": "CSAFPID-0005", "product_identification_helper": { "model_numbers": [ "6GT2780-1EA10" ] } } } ], "category": "product_name", "name": "SIMATIC RTLS Locating Manager (6GT2780-1EA10)" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV3.0.1.1", "product": { "name": "SIMATIC RTLS Locating Manager (6GT2780-1EA20)", "product_id": "CSAFPID-0006", "product_identification_helper": { "model_numbers": [ "6GT2780-1EA20" ] } } } ], "category": "product_name", "name": "SIMATIC RTLS Locating Manager (6GT2780-1EA20)" }, { "branches": [ { "category": "product_version_range", "name": "\u003cV3.0.1.1", "product": { "name": "SIMATIC RTLS Locating Manager (6GT2780-1EA30)", "product_id": "CSAFPID-0007", "product_identification_helper": { "model_numbers": [ "6GT2780-1EA30" ] } } } ], "category": "product_name", "name": "SIMATIC RTLS Locating Manager (6GT2780-1EA30)" } ], "category": "vendor", "name": "Siemens" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-4807", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "summary", "text": "Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications on the Windows 64 platform when running on newer X86_64 processors supporting the AVX512-IFMA instructions. Impact summary: If in an application that uses the OpenSSL library an attacker can influence whether the POLY1305 MAC algorithm is used, the application state might be corrupted with various application dependent consequences. The POLY1305 MAC (message authentication code) implementation in OpenSSL does not save the contents of non-volatile XMM registers on Windows 64 platform when calculating the MAC of data larger than 64 bytes. Before returning to the caller all the XMM registers are set to zero rather than restoring their previous content. The vulnerable code is used only on newer x86_64 processors supporting the AVX512-IFMA instructions. The consequences of this kind of internal application state corruption can be various - from no consequences, if the calling application does not depend on the contents of non-volatile XMM registers at all, to the worst consequences, where the attacker could get complete control of the application process. However given the contents of the registers are just zeroized so the attacker cannot put arbitrary values inside, the most likely consequence, if any, would be an incorrect result of some application dependent calculations or a crash leading to a denial of service. The POLY1305 MAC algorithm is most frequently used as part of the CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) algorithm. The most common usage of this AEAD cipher is with TLS protocol versions 1.2 and 1.3 and a malicious client can influence whether this AEAD cipher is used by the server. This implies that server applications using OpenSSL can be potentially impacted. However we are currently not aware of any concrete application that would be affected by this issue therefore we consider this a Low severity security issue. As a workaround the AVX512-IFMA instructions support can be disabled at runtime by setting the environment variable OPENSSL_ia32cap: OPENSSL_ia32cap=:~0x200000 The FIPS provider is not affected by this issue.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] }, "remediations": [ { "category": "mitigation", "details": "Install required RTLS Locating Manager components on a single host computer where possible and ensure only trusted persons have access to the system", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] }, { "category": "mitigation", "details": "Secure the Windows Server, where the RTLS Locating Manager is installed on, with a firewall and make sure no ports are accessible from untrusted networks", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] }, { "category": "mitigation", "details": "Apply security hardening of the Windows Server, where the RTLS Locating Manager is installed on, in accordance with your corporate security policies or up-to-date hardening guidelines", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] }, { "category": "vendor_fix", "details": "Update to V3.0.1.1 or later version\nThe update is available from Siemens Online Software Delivery (OSD).", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] } ], "title": "CVE-2023-4807" }, { "cve": "CVE-2023-5363", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "summary", "text": "Issue summary: A bug has been identified in the processing of key and initialisation vector (IV) lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers.\r\n\r\nImpact summary: A truncation in the IV can result in non-uniqueness, which could result in loss of confidentiality for some cipher modes.\r\n\r\nWhen calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or EVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after the key and IV have been established. Any alterations to the key length, via the \"keylen\" parameter or the IV length, via the \"ivlen\" parameter, within the OSSL_PARAM array will not take effect as intended, potentially causing truncation or overreading of these values. The following ciphers and cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.\r\n\r\nFor the CCM, GCM and OCB cipher modes, truncation of the IV can result in loss of confidentiality. For example, when following NIST\u0027s SP 800-38D section 8.2.1 guidance for constructing a deterministic IV for AES in GCM mode, truncation of the counter portion could lead to IV reuse.\r\n\r\nBoth truncations and overruns of the key and overruns of the IV will produce incorrect results and could, in some cases, trigger a memory exception. However, these issues are not currently assessed as security critical.\r\n\r\nChanging the key and/or IV lengths is not considered to be a common operation and the vulnerable API was recently introduced. Furthermore it is likely that application developers will have spotted this problem during testing since decryption would fail unless both peers in the communication were similarly vulnerable. For these reasons we expect the probability of an application being vulnerable to this to be quite low. However if an application is vulnerable then this issue is considered very serious. For these reasons we have assessed this issue as Moderate severity overall.\r\n\r\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\r\n\r\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this because the issue lies outside of the FIPS provider boundary.\r\n\r\nOpenSSL 3.1 and 3.0 are vulnerable to this issue.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] }, "remediations": [ { "category": "mitigation", "details": "Install required RTLS Locating Manager components on a single host computer where possible and ensure only trusted persons have access to the system", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] }, { "category": "mitigation", "details": "Secure the Windows Server, where the RTLS Locating Manager is installed on, with a firewall and make sure no ports are accessible from untrusted networks", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] }, { "category": "mitigation", "details": "Apply security hardening of the Windows Server, where the RTLS Locating Manager is installed on, in accordance with your corporate security policies or up-to-date hardening guidelines", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] }, { "category": "vendor_fix", "details": "Update to V3.0.1.1 or later version\nThe update is available from Siemens Online Software Delivery (OSD).", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] } ], "title": "CVE-2023-5363" }, { "cve": "CVE-2023-5678", "cwe": { "id": "CWE-754", "name": "Improper Check for Unusual or Exceptional Conditions" }, "notes": [ { "category": "summary", "text": "Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_generate_key() to generate an X9.42 DH key may experience long delays. Likewise, applications that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check() to check an X9.42 DH key or X9.42 DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. While DH_check() performs all the necessary checks (as of CVE-2023-3817), DH_check_pub_key() doesn\u0027t make any of these checks, and is therefore vulnerable for excessively large P and Q parameters. Likewise, while DH_generate_key() performs a check for an excessively large P, it doesn\u0027t check for an excessively large Q. An application that calls DH_generate_key() or DH_check_pub_key() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. DH_generate_key() and DH_check_pub_key() are also called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate(). Also vulnerable are the OpenSSL pkey command line application when using the \"-pubcheck\" option, as well as the OpenSSL genpkey command line application. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] }, "remediations": [ { "category": "mitigation", "details": "Install required RTLS Locating Manager components on a single host computer where possible and ensure only trusted persons have access to the system", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] }, { "category": "mitigation", "details": "Secure the Windows Server, where the RTLS Locating Manager is installed on, with a firewall and make sure no ports are accessible from untrusted networks", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] }, { "category": "mitigation", "details": "Apply security hardening of the Windows Server, where the RTLS Locating Manager is installed on, in accordance with your corporate security policies or up-to-date hardening guidelines", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] }, { "category": "vendor_fix", "details": "Update to V3.0.1.1 or later version\nThe update is available from Siemens Online Software Delivery (OSD).", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] } ], "title": "CVE-2023-5678" }, { "cve": "CVE-2023-29409", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "notes": [ { "category": "summary", "text": "Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to \u003c= 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three certificates in circulation with keys larger than this, and all three appear to be test certificates that are not actively deployed. It is possible there are larger keys in use in private PKIs, but we target the web PKI, so causing breakage here in the interests of increasing the default safety of users of crypto/tls seems reasonable.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] }, "remediations": [ { "category": "mitigation", "details": "Install required RTLS Locating Manager components on a single host computer where possible and ensure only trusted persons have access to the system", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] }, { "category": "mitigation", "details": "Secure the Windows Server, where the RTLS Locating Manager is installed on, with a firewall and make sure no ports are accessible from untrusted networks", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] }, { "category": "mitigation", "details": "Apply security hardening of the Windows Server, where the RTLS Locating Manager is installed on, in accordance with your corporate security policies or up-to-date hardening guidelines", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] }, { "category": "vendor_fix", "details": "Update to V3.0.1.1 or later version\nThe update is available from Siemens Online Software Delivery (OSD).", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] } ], "title": "CVE-2023-29409" }, { "cve": "CVE-2023-33953", "cwe": { "id": "CWE-834", "name": "Excessive Iteration" }, "notes": [ { "category": "summary", "text": "PC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases. Three vectors were found that allow the following DOS attacks: - Unbounded memory buffering in the HPACK parser - Unbounded CPU consumption in the HPACK parser The unbounded CPU consumption is down to a copy that occurred per-input-block in the parser, and because that could be unbounded due to the memory copy bug we end up with a parsing loop, with n selected by the client. The unbounded memory buffering bugs: - The header size limit check was behind the string reading code, so we needed to first buffer up to a 4 gigabyte string before rejecting it as longer than 8 or 16kb. - HPACK varints have an encoding quirk whereby an infinite number of 0\u2019s can be added at the start of an integer. gRPC\u2019s hpack parser needed to read all of them before concluding a parse. - gRPC\u2019s metadata overflow check was performed per frame, so that the following sequence of frames could cause infinite buffering: HEADERS: containing a: 1 CONTINUATION: containing a: 2 CONTINUATION: containing a: 3 etc\u2026\r\n- Unbounded memory buffering in the HPACK parser\r\n- Unbounded CPU consumption in the HPACK parser\r\n\r\nThe unbounded CPU consumption is down to a copy that occurred per-input-block in the parser, and because that could be unbounded due to the memory copy bug we end up with an parsing loop, with n selected by the client.\r\n\r\nThe unbounded memory buffering bugs:\r\n\r\n- The header size limit check was behind the string reading code, so we needed to first buffer up to a 4 gigabyte string before rejecting it as longer than 8 or 16kb.\r\n- HPACK varints have an encoding quirk whereby an infinite number of 0\u2019s can be added at the start of an integer. gRPC\u2019s hpack parser needed to read all of them before concluding a parse.\r\n- gRPC\u2019s metadata overflow check was performed per frame, so that the following sequence of frames could cause infinite buffering: HEADERS: containing a: 1 CONTINUATION: containing a: 2 CONTINUATION: containing a: 3 etc\u2026", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] }, "remediations": [ { "category": "mitigation", "details": "Install required RTLS Locating Manager components on a single host computer where possible and ensure only trusted persons have access to the system", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] }, { "category": "mitigation", "details": "Secure the Windows Server, where the RTLS Locating Manager is installed on, with a firewall and make sure no ports are accessible from untrusted networks", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] }, { "category": "mitigation", "details": "Apply security hardening of the Windows Server, where the RTLS Locating Manager is installed on, in accordance with your corporate security policies or up-to-date hardening guidelines", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] }, { "category": "vendor_fix", "details": "Update to V3.0.1.1 or later version\nThe update is available from Siemens Online Software Delivery (OSD).", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] } ], "title": "CVE-2023-33953" }, { "cve": "CVE-2023-38039", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "notes": [ { "category": "summary", "text": "When curl retrieves an HTTP response, it stores the incoming headers so that\nthey can be accessed later via the libcurl headers API.\n\nHowever, curl did not have a limit in how many or how large headers it would\naccept in a response, allowing a malicious server to stream an endless series\nof headers and eventually cause curl to run out of heap memory.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] }, "remediations": [ { "category": "mitigation", "details": "Install required RTLS Locating Manager components on a single host computer where possible and ensure only trusted persons have access to the system", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] }, { "category": "mitigation", "details": "Secure the Windows Server, where the RTLS Locating Manager is installed on, with a firewall and make sure no ports are accessible from untrusted networks", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] }, { "category": "mitigation", "details": "Apply security hardening of the Windows Server, where the RTLS Locating Manager is installed on, in accordance with your corporate security policies or up-to-date hardening guidelines", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] }, { "category": "vendor_fix", "details": "Update to V3.0.1.1 or later version\nThe update is available from Siemens Online Software Delivery (OSD).", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] } ], "title": "CVE-2023-38039" }, { "cve": "CVE-2023-38545", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "notes": [ { "category": "summary", "text": "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake.\r\n\r\nWhen curl is asked to pass along the hostname to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length that hostname can be is 255 bytes.\r\n\r\nIf the hostname is detected to be longer than 255 bytes, curl switches to local name resolving and instead passes on the resolved address only to the proxy. Due to a bug, the local variable that means \"let the host resolve the name\" could get the wrong value during a slow SOCKS5 handshake, and contrary to the intention, copy the too long hostname to the target buffer instead of copying just the resolved address there.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] }, "remediations": [ { "category": "mitigation", "details": "Install required RTLS Locating Manager components on a single host computer where possible and ensure only trusted persons have access to the system", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] }, { "category": "mitigation", "details": "Secure the Windows Server, where the RTLS Locating Manager is installed on, with a firewall and make sure no ports are accessible from untrusted networks", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] }, { "category": "mitigation", "details": "Apply security hardening of the Windows Server, where the RTLS Locating Manager is installed on, in accordance with your corporate security policies or up-to-date hardening guidelines", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] }, { "category": "vendor_fix", "details": "Update to V3.0.1.1 or later version\nThe update is available from Siemens Online Software Delivery (OSD).", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] } ], "scores": [ { "cvss_v3": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] } ], "title": "CVE-2023-38545" }, { "cve": "CVE-2023-38546", "cwe": { "id": "CWE-73", "name": "External Control of File Name or Path" }, "notes": [ { "category": "summary", "text": "This flaw allows an attacker to insert cookies at will into a running program\r\nusing libcurl, if the specific series of conditions are met.\r\n\r\nlibcurl performs transfers. In its API, an application creates \"easy handles\"\r\nthat are the individual handles for single transfers.\r\n\r\nlibcurl provides a function call that duplicates en easy handle called\r\n[curl_easy_duphandle](https://curl.se/libcurl/c/curl_easy_duphandle.html).\r\n\r\nIf a transfer has cookies enabled when the handle is duplicated, the\r\ncookie-enable state is also cloned - but without cloning the actual\r\ncookies. If the source handle did not read any cookies from a specific file on\r\ndisk, the cloned version of the handle would instead store the file name as\r\n`none` (using the four ASCII letters, no quotes).\r\n\r\nSubsequent use of the cloned handle that does not explicitly set a source to\r\nload cookies from would then inadvertently load cookies from a file named\r\n`none` - if such a file exists and is readable in the current directory of the\r\nprogram using libcurl. And if using the correct file format of course.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] }, "remediations": [ { "category": "mitigation", "details": "Install required RTLS Locating Manager components on a single host computer where possible and ensure only trusted persons have access to the system", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] }, { "category": "mitigation", "details": "Secure the Windows Server, where the RTLS Locating Manager is installed on, with a firewall and make sure no ports are accessible from untrusted networks", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] }, { "category": "mitigation", "details": "Apply security hardening of the Windows Server, where the RTLS Locating Manager is installed on, in accordance with your corporate security policies or up-to-date hardening guidelines", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] }, { "category": "vendor_fix", "details": "Update to V3.0.1.1 or later version\nThe update is available from Siemens Online Software Delivery (OSD).", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] } ], "scores": [ { "cvss_v3": { "baseScore": 3.7, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] } ], "title": "CVE-2023-38546" }, { "cve": "CVE-2023-46218", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "summary", "text": "This flaw allows a malicious HTTP server to set \"super cookies\" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this by exploiting a mixed case flaw in curl\u0027s function that verifies a given cookie domain against the Public Suffix List (PSL). For example a cookie could be set with `domain=co.UK` when the URL used a lower case hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] }, "remediations": [ { "category": "mitigation", "details": "Install required RTLS Locating Manager components on a single host computer where possible and ensure only trusted persons have access to the system", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] }, { "category": "mitigation", "details": "Secure the Windows Server, where the RTLS Locating Manager is installed on, with a firewall and make sure no ports are accessible from untrusted networks", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] }, { "category": "mitigation", "details": "Apply security hardening of the Windows Server, where the RTLS Locating Manager is installed on, in accordance with your corporate security policies or up-to-date hardening guidelines", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] }, { "category": "vendor_fix", "details": "Update to V3.0.1.1 or later version\nThe update is available from Siemens Online Software Delivery (OSD).", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] } ], "title": "CVE-2023-46218" }, { "cve": "CVE-2023-46219", "cwe": { "id": "CWE-311", "name": "Missing Encryption of Sensitive Data" }, "notes": [ { "category": "summary", "text": "When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS status they should otherwise use.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] }, "remediations": [ { "category": "mitigation", "details": "Install required RTLS Locating Manager components on a single host computer where possible and ensure only trusted persons have access to the system", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] }, { "category": "mitigation", "details": "Secure the Windows Server, where the RTLS Locating Manager is installed on, with a firewall and make sure no ports are accessible from untrusted networks", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] }, { "category": "mitigation", "details": "Apply security hardening of the Windows Server, where the RTLS Locating Manager is installed on, in accordance with your corporate security policies or up-to-date hardening guidelines", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] }, { "category": "vendor_fix", "details": "Update to V3.0.1.1 or later version\nThe update is available from Siemens Online Software Delivery (OSD).", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] } ], "title": "CVE-2023-46219" }, { "cve": "CVE-2024-30206", "cwe": { "id": "CWE-494", "name": "Download of Code Without Integrity Check" }, "notes": [ { "category": "summary", "text": "Affected SIMATIC RTLS Locating Manager Clients do not properly check the integrity of update files. This could allow an unauthenticated remote attacker to alter update files in transit and trick an authorized user into installing malicious code. \r\nA successful exploit requires the attacker to be able to modify the communication between server and client on the network.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] }, "remediations": [ { "category": "mitigation", "details": "Install required RTLS Locating Manager components on a single host computer where possible and ensure only trusted persons have access to the system", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] }, { "category": "mitigation", "details": "Secure the Windows Server, where the RTLS Locating Manager is installed on, with a firewall and make sure no ports are accessible from untrusted networks", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] }, { "category": "mitigation", "details": "Apply security hardening of the Windows Server, where the RTLS Locating Manager is installed on, in accordance with your corporate security policies or up-to-date hardening guidelines", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] }, { "category": "vendor_fix", "details": "Update to V3.0.1.1 or later version\nThe update is available from Siemens Online Software Delivery (OSD).", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] } ], "scores": [ { "cvss_v3": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] } ], "title": "CVE-2024-30206" }, { "cve": "CVE-2024-30207", "cwe": { "id": "CWE-321", "name": "Use of Hard-coded Cryptographic Key" }, "notes": [ { "category": "summary", "text": "The affected systems use symmetric cryptography with a hard-coded key to protect the communication between client and server. This could allow an unauthenticated remote attacker to compromise confidentiality and integrity of the communication and, subsequently, availability of the system.\r\nA successful exploit requires the attacker to gain knowledge of the hard-coded key and to be able to intercept the communication between client and server on the network.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] }, "remediations": [ { "category": "mitigation", "details": "Install required RTLS Locating Manager components on a single host computer where possible and ensure only trusted persons have access to the system", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] }, { "category": "mitigation", "details": "Secure the Windows Server, where the RTLS Locating Manager is installed on, with a firewall and make sure no ports are accessible from untrusted networks", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] }, { "category": "mitigation", "details": "Apply security hardening of the Windows Server, where the RTLS Locating Manager is installed on, in accordance with your corporate security policies or up-to-date hardening guidelines", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] }, { "category": "vendor_fix", "details": "Update to V3.0.1.1 or later version\nThe update is available from Siemens Online Software Delivery (OSD).", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] } ], "scores": [ { "cvss_v3": { "baseScore": 10.0, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] } ], "title": "CVE-2024-30207" }, { "cve": "CVE-2024-30208", "cwe": { "id": "CWE-732", "name": "Incorrect Permission Assignment for Critical Resource" }, "notes": [ { "category": "summary", "text": "The \"DBTest\" tool of SIMATIC RTLS Locating Manager does not properly enforce access restriction. This could allow an authenticated local attacker to extract sensitive information from memory.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] }, "remediations": [ { "category": "mitigation", "details": "Install required RTLS Locating Manager components on a single host computer where possible and ensure only trusted persons have access to the system", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] }, { "category": "mitigation", "details": "Secure the Windows Server, where the RTLS Locating Manager is installed on, with a firewall and make sure no ports are accessible from untrusted networks", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] }, { "category": "mitigation", "details": "Apply security hardening of the Windows Server, where the RTLS Locating Manager is installed on, in accordance with your corporate security policies or up-to-date hardening guidelines", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] }, { "category": "vendor_fix", "details": "Update to V3.0.1.1 or later version\nThe update is available from Siemens Online Software Delivery (OSD).", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] } ], "title": "CVE-2024-30208" }, { "cve": "CVE-2024-30209", "cwe": { "id": "CWE-319", "name": "Cleartext Transmission of Sensitive Information" }, "notes": [ { "category": "summary", "text": "Affected systems transmit client-side resources without proper cryptographic protection. This could allow an attacker to eavesdrop on and modify resources in transit. A successful exploit requires an attacker to be in the network path between the RTLS Locating Manager server and a client (MitM).", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] }, "remediations": [ { "category": "mitigation", "details": "Install required RTLS Locating Manager components on a single host computer where possible and ensure only trusted persons have access to the system", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] }, { "category": "mitigation", "details": "Secure the Windows Server, where the RTLS Locating Manager is installed on, with a firewall and make sure no ports are accessible from untrusted networks", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] }, { "category": "mitigation", "details": "Apply security hardening of the Windows Server, where the RTLS Locating Manager is installed on, in accordance with your corporate security policies or up-to-date hardening guidelines", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] }, { "category": "vendor_fix", "details": "Update to V3.0.1.1 or later version\nThe update is available from Siemens Online Software Delivery (OSD).", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] } ], "scores": [ { "cvss_v3": { "baseScore": 9.6, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] } ], "title": "CVE-2024-30209" }, { "cve": "CVE-2024-33494", "cwe": { "id": "CWE-345", "name": "Insufficient Verification of Data Authenticity" }, "notes": [ { "category": "summary", "text": "Affected components do not properly authenticate heartbeat messages. This could allow an unauthenticated remote attacker to affected the availability of secondary RTLS systems configured using a TeeRevProxy service and potentially cause loss of data generated during the time the attack is ongoing.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] }, "remediations": [ { "category": "mitigation", "details": "Install required RTLS Locating Manager components on a single host computer where possible and ensure only trusted persons have access to the system", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] }, { "category": "mitigation", "details": "Secure the Windows Server, where the RTLS Locating Manager is installed on, with a firewall and make sure no ports are accessible from untrusted networks", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] }, { "category": "mitigation", "details": "Apply security hardening of the Windows Server, where the RTLS Locating Manager is installed on, in accordance with your corporate security policies or up-to-date hardening guidelines", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] }, { "category": "vendor_fix", "details": "Update to V3.0.1.1 or later version\nThe update is available from Siemens Online Software Delivery (OSD).", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] } ], "title": "CVE-2024-33494" }, { "cve": "CVE-2024-33495", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "notes": [ { "category": "summary", "text": "The affected application does not properly limit the size of specific logs. This could allow an unauthenticated remote attacker to exhaust system resources by creating a great number of log entries which could potentially lead to a denial of service condition. A successful exploitation requires the attacker to have access to specific SIMATIC RTLS Locating Manager Clients in the deployment.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] }, "remediations": [ { "category": "mitigation", "details": "Install required RTLS Locating Manager components on a single host computer where possible and ensure only trusted persons have access to the system", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] }, { "category": "mitigation", "details": "Secure the Windows Server, where the RTLS Locating Manager is installed on, with a firewall and make sure no ports are accessible from untrusted networks", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] }, { "category": "mitigation", "details": "Apply security hardening of the Windows Server, where the RTLS Locating Manager is installed on, in accordance with your corporate security policies or up-to-date hardening guidelines", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] }, { "category": "vendor_fix", "details": "Update to V3.0.1.1 or later version\nThe update is available from Siemens Online Software Delivery (OSD).", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] } ], "title": "CVE-2024-33495" }, { "cve": "CVE-2024-33496", "cwe": { "id": "CWE-522", "name": "Insufficiently Protected Credentials" }, "notes": [ { "category": "summary", "text": "Affected SIMATIC RTLS Locating Manager Report Clients do not properly protect credentials that are used to authenticate to the server. This could allow an authenticated local attacker to extract the credentials and use them to escalate their access rights from the Manager to the Systemadministrator role.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] }, "remediations": [ { "category": "mitigation", "details": "Install required RTLS Locating Manager components on a single host computer where possible and ensure only trusted persons have access to the system", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] }, { "category": "mitigation", "details": "Secure the Windows Server, where the RTLS Locating Manager is installed on, with a firewall and make sure no ports are accessible from untrusted networks", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] }, { "category": "mitigation", "details": "Apply security hardening of the Windows Server, where the RTLS Locating Manager is installed on, in accordance with your corporate security policies or up-to-date hardening guidelines", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] }, { "category": "vendor_fix", "details": "Update to V3.0.1.1 or later version\nThe update is available from Siemens Online Software Delivery (OSD).", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] } ], "title": "CVE-2024-33496" }, { "cve": "CVE-2024-33497", "cwe": { "id": "CWE-522", "name": "Insufficiently Protected Credentials" }, "notes": [ { "category": "summary", "text": "Affected SIMATIC RTLS Locating Manager Track Viewer Client do not properly protect credentials that are used to authenticate to the server. This could allow an authenticated local attacker to extract the credentials and use them to escalate their access rights from the Manager to the Systemadministrator role.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] }, "remediations": [ { "category": "mitigation", "details": "Install required RTLS Locating Manager components on a single host computer where possible and ensure only trusted persons have access to the system", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] }, { "category": "mitigation", "details": "Secure the Windows Server, where the RTLS Locating Manager is installed on, with a firewall and make sure no ports are accessible from untrusted networks", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] }, { "category": "mitigation", "details": "Apply security hardening of the Windows Server, where the RTLS Locating Manager is installed on, in accordance with your corporate security policies or up-to-date hardening guidelines", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] }, { "category": "vendor_fix", "details": "Update to V3.0.1.1 or later version\nThe update is available from Siemens Online Software Delivery (OSD).", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] } ], "title": "CVE-2024-33497" }, { "cve": "CVE-2024-33498", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "notes": [ { "category": "summary", "text": "Affected applications do not properly release memory that is allocated when handling specifically crafted incoming packets. This could allow an unauthenticated remote attacker to cause a denial of service condition by crashing the service when it runs out of memory. The service is restarted automatically after a short time.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] }, "remediations": [ { "category": "mitigation", "details": "Install required RTLS Locating Manager components on a single host computer where possible and ensure only trusted persons have access to the system", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] }, { "category": "mitigation", "details": "Secure the Windows Server, where the RTLS Locating Manager is installed on, with a firewall and make sure no ports are accessible from untrusted networks", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] }, { "category": "mitigation", "details": "Apply security hardening of the Windows Server, where the RTLS Locating Manager is installed on, in accordance with your corporate security policies or up-to-date hardening guidelines", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] }, { "category": "vendor_fix", "details": "Update to V3.0.1.1 or later version\nThe update is available from Siemens Online Software Delivery (OSD).", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] } ], "title": "CVE-2024-33498" }, { "cve": "CVE-2024-33499", "cwe": { "id": "CWE-732", "name": "Incorrect Permission Assignment for Critical Resource" }, "notes": [ { "category": "summary", "text": "The affected application assigns incorrect permissions to a user management component. This could allow a privileged attacker to escalate their privileges from the Administrators group to the Systemadministrator group.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] }, "remediations": [ { "category": "mitigation", "details": "Install required RTLS Locating Manager components on a single host computer where possible and ensure only trusted persons have access to the system", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] }, { "category": "mitigation", "details": "Secure the Windows Server, where the RTLS Locating Manager is installed on, with a firewall and make sure no ports are accessible from untrusted networks", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] }, { "category": "mitigation", "details": "Apply security hardening of the Windows Server, where the RTLS Locating Manager is installed on, in accordance with your corporate security policies or up-to-date hardening guidelines", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] }, { "category": "vendor_fix", "details": "Update to V3.0.1.1 or later version\nThe update is available from Siemens Online Software Delivery (OSD).", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] } ], "scores": [ { "cvss_v3": { "baseScore": 9.1, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] } ], "title": "CVE-2024-33499" }, { "cve": "CVE-2024-33583", "cwe": { "id": "CWE-912", "name": "Hidden Functionality" }, "notes": [ { "category": "summary", "text": "Affected application contains a hidden configuration item to enable debug functionality. This could allow an authenticated local attacker to gain insight into the internal configuration of the deployment.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] }, "remediations": [ { "category": "mitigation", "details": "Install required RTLS Locating Manager components on a single host computer where possible and ensure only trusted persons have access to the system", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] }, { "category": "mitigation", "details": "Secure the Windows Server, where the RTLS Locating Manager is installed on, with a firewall and make sure no ports are accessible from untrusted networks", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] }, { "category": "mitigation", "details": "Apply security hardening of the Windows Server, where the RTLS Locating Manager is installed on, in accordance with your corporate security policies or up-to-date hardening guidelines", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] }, { "category": "vendor_fix", "details": "Update to V3.0.1.1 or later version\nThe update is available from Siemens Online Software Delivery (OSD).", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] } ], "scores": [ { "cvss_v3": { "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007" ] } ], "title": "CVE-2024-33583" } ] }
ghsa-496j-2rq6-j6cc
Vulnerability from github
Published
2023-08-09 15:30
Modified
2024-07-30 21:37
Severity ?
Summary
Excessive Iteration in gRPC
Details
gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/ Three vectors were found that allow the following DOS attacks:
- Unbounded memory buffering in the HPACK parser
- Unbounded CPU consumption in the HPACK parser
The unbounded CPU consumption is down to a copy that occurred per-input-block in the parser, and because that could be unbounded due to the memory copy bug we end up with an O(n^2) parsing loop, with n selected by the client.
The unbounded memory buffering bugs:
- The header size limit check was behind the string reading code, so we needed to first buffer up to a 4 gigabyte string before rejecting it as longer than 8 or 16kb.
- HPACK varints have an encoding quirk whereby an infinite number of 0’s can be added at the start of an integer. gRPC’s hpack parser needed to read all of them before concluding a parse.
- gRPC’s metadata overflow check was performed per frame, so that the following sequence of frames could cause infinite buffering: HEADERS: containing a: 1 CONTINUATION: containing a: 2 CONTINUATION: containing a: 3 etc…
{ "affected": [ { "package": { "ecosystem": "PyPI", "name": "grpcio" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "1.53.2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "PyPI", "name": "grpcio" }, "ranges": [ { "events": [ { "introduced": "1.54.0" }, { "fixed": "1.54.3" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "PyPI", "name": "grpcio" }, "ranges": [ { "events": [ { "introduced": "1.55.0" }, { "fixed": "1.55.2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "PyPI", "name": "grpcio" }, "ranges": [ { "events": [ { "introduced": "1.56.0" }, { "fixed": "1.56.2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "RubyGems", "name": "grpc" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "1.53.2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "RubyGems", "name": "grpc" }, "ranges": [ { "events": [ { "introduced": "1.54.0" }, { "fixed": "1.54.3" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "RubyGems", "name": "grpc" }, "ranges": [ { "events": [ { "introduced": "1.55.0" }, { "fixed": "1.55.2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "RubyGems", "name": "grpc" }, "ranges": [ { "events": [ { "introduced": "1.56.0" }, { "fixed": "1.56.2" } ], "type": "ECOSYSTEM" } ] } ], "aliases": [ "CVE-2023-33953" ], "database_specific": { "cwe_ids": [ "CWE-770", "CWE-789" ], "github_reviewed": true, "github_reviewed_at": "2024-07-30T10:26:43Z", "nvd_published_at": "2023-08-09T13:15:09Z", "severity": "HIGH" }, "details": "gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/\u00a0Three vectors were found that allow the following DOS attacks:\n\n- Unbounded memory buffering in the HPACK parser\n- Unbounded CPU consumption in the HPACK parser\n\nThe unbounded CPU consumption is down to a copy that occurred per-input-block in the parser, and because that could be unbounded due to the memory copy bug we end up with an O(n^2) parsing loop, with n selected by the client.\n\nThe unbounded memory buffering bugs:\n\n- The header size limit check was behind the string reading code, so we needed to first buffer up to a 4 gigabyte string before rejecting it as longer than 8 or 16kb.\n- HPACK varints have an encoding quirk whereby an infinite number of 0\u2019s can be added at the start of an integer. gRPC\u2019s hpack parser needed to read all of them before concluding a parse.\n- gRPC\u2019s metadata overflow check was performed per frame, so that the following sequence of frames could cause infinite buffering: HEADERS: containing a: 1 CONTINUATION: containing a: 2 CONTINUATION: containing a: 3 etc\u2026", "id": "GHSA-496j-2rq6-j6cc", "modified": "2024-07-30T21:37:50Z", "published": "2023-08-09T15:30:15Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33953" }, { "type": "WEB", "url": "https://cloud.google.com/support/bulletins#gcp-2023-022" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-496j-2rq6-j6cc" }, { "type": "WEB", "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/grpc/CVE-2023-33953.yml" }, { "type": "WEB", "url": "https://security.snyk.io/vuln/SNYK-RUBY-GRPC-5834442" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "type": "CVSS_V3" } ], "summary": "Excessive Iteration in gRPC" }
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.