Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2019-19135
Vulnerability from cvelistv5
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T02:09:39.451Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://opcfoundation.org/security-bulletins/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2019-19135.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "In OPC Foundation OPC UA .NET Standard codebase 1.4.357.28, servers do not create sufficiently random numbers in OPCFoundation.NetStandard.Opc.Ua before 1.4.359.31, which allows man in the middle attackers to reuse encrypted user credentials sent over the network.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-03-16T15:47:24", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://opcfoundation.org/security-bulletins/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2019-19135.pdf", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-19135", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In OPC Foundation OPC UA .NET Standard codebase 1.4.357.28, servers do not create sufficiently random numbers in OPCFoundation.NetStandard.Opc.Ua before 1.4.359.31, which allows man in the middle attackers to reuse encrypted user credentials sent over the network.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://opcfoundation.org/security-bulletins/", refsource: "MISC", url: "https://opcfoundation.org/security-bulletins/", }, { name: "https://opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2019-19135.pdf", refsource: "CONFIRM", url: "https://opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2019-19135.pdf", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-19135", datePublished: "2020-03-16T15:47:24", dateReserved: "2019-11-20T00:00:00", dateUpdated: "2024-08-05T02:09:39.451Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { fkie_nvd: { configurations: "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:opcfoundation:netstandard.opc.ua:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.4.359.31\", \"matchCriteriaId\": \"2A04217C-169F-4EAD-B5E9-00BDBC3CB902\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:opcfoundation:ua-.netstandard:1.4.357.28:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A096F383-A1CE-4395-BC11-E9F2E706F4EA\"}]}]}]", descriptions: "[{\"lang\": \"en\", \"value\": \"In OPC Foundation OPC UA .NET Standard codebase 1.4.357.28, servers do not create sufficiently random numbers in OPCFoundation.NetStandard.Opc.Ua before 1.4.359.31, which allows man in the middle attackers to reuse encrypted user credentials sent over the network.\"}, {\"lang\": \"es\", \"value\": \"En las bases del c\\u00f3digo OPC Foundation OPC UA .NET Standard versiones 1.4.357.28, los servidores no crean suficientemente n\\u00fameros aleatorios en OPCFoundation.NetStandard.Opc.Ua versiones anteriores a 1.4.359.31, lo que permite a atacantes de tipo man in the middle reutilizar las credenciales de usuario cifradas enviadas a trav\\u00e9s de la red.\"}]", id: "CVE-2019-19135", lastModified: "2024-11-21T04:34:14.993", metrics: "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\", \"baseScore\": 7.4, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 5.2}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:N\", \"baseScore\": 5.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 4.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}", published: "2020-03-16T16:15:11.937", references: "[{\"url\": \"https://opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2019-19135.pdf\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://opcfoundation.org/security-bulletins/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2019-19135.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://opcfoundation.org/security-bulletins/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]", sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-330\"}]}]", }, nvd: "{\"cve\":{\"id\":\"CVE-2019-19135\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2020-03-16T16:15:11.937\",\"lastModified\":\"2024-11-21T04:34:14.993\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In OPC Foundation OPC UA .NET Standard codebase 1.4.357.28, servers do not create sufficiently random numbers in OPCFoundation.NetStandard.Opc.Ua before 1.4.359.31, which allows man in the middle attackers to reuse encrypted user credentials sent over the network.\"},{\"lang\":\"es\",\"value\":\"En las bases del código OPC Foundation OPC UA .NET Standard versiones 1.4.357.28, los servidores no crean suficientemente números aleatorios en OPCFoundation.NetStandard.Opc.Ua versiones anteriores a 1.4.359.31, lo que permite a atacantes de tipo man in the middle reutilizar las credenciales de usuario cifradas enviadas a través de la red.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":7.4,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":5.2}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:N\",\"baseScore\":5.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-330\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:opcfoundation:netstandard.opc.ua:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.4.359.31\",\"matchCriteriaId\":\"2A04217C-169F-4EAD-B5E9-00BDBC3CB902\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:opcfoundation:ua-.netstandard:1.4.357.28:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A096F383-A1CE-4395-BC11-E9F2E706F4EA\"}]}]}],\"references\":[{\"url\":\"https://opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2019-19135.pdf\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://opcfoundation.org/security-bulletins/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2019-19135.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://opcfoundation.org/security-bulletins/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}", }, }
ssa-108696
Vulnerability from csaf_siemens
Notes
{ document: { category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Disclosure is not limited. (TLPv2: TLP:CLEAR)", tlp: { label: "WHITE", }, }, lang: "en", notes: [ { category: "summary", text: "SIDIS Prime before V4.0.400 is affected by multiple vulnerabilities in the components OPC UA and OpenSSL, that could allow an unauthenticated attacker with access to the network where SIDIS Prime is installed to reuse OPC UA client credentials, create a denial of service condition of the SIDIS Prime OPC UA client, or create a denial of service condition of the SIDIS Prime TLS service.\n\nSiemens has released a new version of SIDIS Prime and recommends to update to the latest version.", title: "Summary", }, { category: "general", text: "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", title: "General Recommendations", }, { category: "general", text: "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories", title: "Additional Resources", }, { category: "legal_disclaimer", text: "Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "productcert@siemens.com", name: "Siemens ProductCERT", namespace: "https://www.siemens.com", }, references: [ { category: "self", summary: "SSA-108696: Multiple Vulnerabilities in SIDIS Prime before V4.0.400 - HTML Version", url: "https://cert-portal.siemens.com/productcert/html/ssa-108696.html", }, { category: "self", summary: "SSA-108696: Multiple Vulnerabilities in SIDIS Prime before V4.0.400 - CSAF Version", url: "https://cert-portal.siemens.com/productcert/csaf/ssa-108696.json", }, { category: "self", summary: "SSA-108696: Multiple Vulnerabilities in SIDIS Prime before V4.0.400 - PDF Version", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-108696.pdf", }, { category: "self", summary: "SSA-108696: Multiple Vulnerabilities in SIDIS Prime before V4.0.400 - TXT Version", url: "https://cert-portal.siemens.com/productcert/txt/ssa-108696.txt", }, ], title: "SSA-108696: Multiple Vulnerabilities in SIDIS Prime before V4.0.400", tracking: { current_release_date: "2024-02-13T00:00:00Z", generator: { engine: { name: "Siemens ProductCERT CSAF Generator", version: "1", }, }, id: "SSA-108696", initial_release_date: "2024-02-13T00:00:00Z", revision_history: [ { date: "2024-02-13T00:00:00Z", legacy_version: "1.0", number: "1", summary: "Publication Date", }, ], status: "interim", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version_range", name: "<V4.0.400", product: { name: "SIDIS Prime", product_id: "1", }, }, ], category: "product_name", name: "SIDIS Prime", }, ], category: "vendor", name: "Siemens", }, ], }, vulnerabilities: [ { cve: "CVE-2019-19135", cwe: { id: "CWE-330", name: "Use of Insufficiently Random Values", }, notes: [ { category: "summary", text: "In OPC Foundation OPC UA .NET Standard codebase 1.4.357.28, servers do not create sufficiently random numbers in OPCFoundation.NetStandard.Opc.Ua before 1.4.359.31, which allows man in the middle attackers to reuse encrypted user credentials sent over the network.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "mitigation", details: "CVE-2019-19135: Enable encrypted communication between the affected product (OPC UA client) and the OPC UA server(s)", product_ids: [ "1", ], }, { category: "vendor_fix", details: "Update to V4.0.400 or later version", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.4, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2019-19135", }, { cve: "CVE-2020-1967", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "summary", text: "Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the \"signature_algorithms_cert\" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V4.0.400 or later version", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2020-1967", }, { cve: "CVE-2020-1971", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "summary", text: "The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL's s_server, s_client and verify tools have support for the \"-crl_download\" option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence trigger this attack.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V4.0.400 or later version", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2020-1971", }, { cve: "CVE-2022-0778", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, notes: [ { category: "summary", text: "The BN_mod_sqrt() function in openSSL, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V4.0.400 or later version", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-0778", }, { cve: "CVE-2022-29862", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, notes: [ { category: "summary", text: "An infinite loop in OPC UA .NET Standard Stack 1.04.368 allows a remote attackers to cause the application to hang via a crafted message.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V4.0.400 or later version", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-29862", }, ], }
SSA-108696
Vulnerability from csaf_siemens
Notes
{ document: { category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Disclosure is not limited. (TLPv2: TLP:CLEAR)", tlp: { label: "WHITE", }, }, lang: "en", notes: [ { category: "summary", text: "SIDIS Prime before V4.0.400 is affected by multiple vulnerabilities in the components OPC UA and OpenSSL, that could allow an unauthenticated attacker with access to the network where SIDIS Prime is installed to reuse OPC UA client credentials, create a denial of service condition of the SIDIS Prime OPC UA client, or create a denial of service condition of the SIDIS Prime TLS service.\n\nSiemens has released a new version of SIDIS Prime and recommends to update to the latest version.", title: "Summary", }, { category: "general", text: "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", title: "General Recommendations", }, { category: "general", text: "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories", title: "Additional Resources", }, { category: "legal_disclaimer", text: "Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "productcert@siemens.com", name: "Siemens ProductCERT", namespace: "https://www.siemens.com", }, references: [ { category: "self", summary: "SSA-108696: Multiple Vulnerabilities in SIDIS Prime before V4.0.400 - HTML Version", url: "https://cert-portal.siemens.com/productcert/html/ssa-108696.html", }, { category: "self", summary: "SSA-108696: Multiple Vulnerabilities in SIDIS Prime before V4.0.400 - CSAF Version", url: "https://cert-portal.siemens.com/productcert/csaf/ssa-108696.json", }, { category: "self", summary: "SSA-108696: Multiple Vulnerabilities in SIDIS Prime before V4.0.400 - PDF Version", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-108696.pdf", }, { category: "self", summary: "SSA-108696: Multiple Vulnerabilities in SIDIS Prime before V4.0.400 - TXT Version", url: "https://cert-portal.siemens.com/productcert/txt/ssa-108696.txt", }, ], title: "SSA-108696: Multiple Vulnerabilities in SIDIS Prime before V4.0.400", tracking: { current_release_date: "2024-02-13T00:00:00Z", generator: { engine: { name: "Siemens ProductCERT CSAF Generator", version: "1", }, }, id: "SSA-108696", initial_release_date: "2024-02-13T00:00:00Z", revision_history: [ { date: "2024-02-13T00:00:00Z", legacy_version: "1.0", number: "1", summary: "Publication Date", }, ], status: "interim", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version_range", name: "<V4.0.400", product: { name: "SIDIS Prime", product_id: "1", }, }, ], category: "product_name", name: "SIDIS Prime", }, ], category: "vendor", name: "Siemens", }, ], }, vulnerabilities: [ { cve: "CVE-2019-19135", cwe: { id: "CWE-330", name: "Use of Insufficiently Random Values", }, notes: [ { category: "summary", text: "In OPC Foundation OPC UA .NET Standard codebase 1.4.357.28, servers do not create sufficiently random numbers in OPCFoundation.NetStandard.Opc.Ua before 1.4.359.31, which allows man in the middle attackers to reuse encrypted user credentials sent over the network.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "mitigation", details: "CVE-2019-19135: Enable encrypted communication between the affected product (OPC UA client) and the OPC UA server(s)", product_ids: [ "1", ], }, { category: "vendor_fix", details: "Update to V4.0.400 or later version", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.4, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2019-19135", }, { cve: "CVE-2020-1967", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "summary", text: "Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the \"signature_algorithms_cert\" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V4.0.400 or later version", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2020-1967", }, { cve: "CVE-2020-1971", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "summary", text: "The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL's s_server, s_client and verify tools have support for the \"-crl_download\" option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence trigger this attack.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V4.0.400 or later version", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2020-1971", }, { cve: "CVE-2022-0778", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, notes: [ { category: "summary", text: "The BN_mod_sqrt() function in openSSL, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V4.0.400 or later version", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-0778", }, { cve: "CVE-2022-29862", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, notes: [ { category: "summary", text: "An infinite loop in OPC UA .NET Standard Stack 1.04.368 allows a remote attackers to cause the application to hang via a crafted message.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V4.0.400 or later version", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-29862", }, ], }
icsa-24-046-02
Vulnerability from csaf_cisa
Notes
{ document: { acknowledgments: [ { organization: "Siemens ProductCERT", summary: "reporting these vulnerabilities to CISA.", }, ], category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Disclosure is not limited", tlp: { label: "WHITE", url: "https://us-cert.cisa.gov/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "SIDIS Prime before V4.0.400 is affected by multiple vulnerabilities in the components OPC UA and OpenSSL, that could allow an unauthenticated attacker with access to the network where SIDIS Prime is installed to reuse OPC UA client credentials, create a denial of service condition of the SIDIS Prime OPC UA client, or create a denial of service condition of the SIDIS Prime TLS service.\n\nSiemens has released a new version of SIDIS Prime and recommends to update to the latest version.", title: "Summary", }, { category: "general", text: "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", title: "General Recommendations", }, { category: "general", text: "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories", title: "Additional Resources", }, { category: "legal_disclaimer", text: "Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.", title: "Terms of Use", }, { category: "legal_disclaimer", text: "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.", title: "Legal Notice", }, { category: "other", text: "This CISA CSAF advisory was converted from Siemens ProductCERT's CSAF advisory.", title: "Advisory Conversion Disclaimer", }, { category: "other", text: "Multiple", title: "Critical infrastructure sectors", }, { category: "other", text: "Worldwide", title: "Countries/areas deployed", }, { category: "other", text: "Germany", title: "Company headquarters location", }, { category: "general", text: "CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.", title: "Recommended Practices", }, { category: "general", text: "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.", title: "Recommended Practices", }, { category: "general", text: "Locate control system networks and remote devices behind firewalls and isolate them from business networks.", title: "Recommended Practices", }, { category: "general", text: "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.", title: "Recommended Practices", }, { category: "general", text: "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.", title: "Recommended Practices", }, { category: "general", text: "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.", title: "Recommended Practices", }, { category: "general", text: "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.", title: "Recommended Practices", }, { category: "general", text: "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.", title: "Recommended Practices", }, ], publisher: { category: "other", contact_details: "central@cisa.dhs.gov", name: "CISA", namespace: "https://www.cisa.gov/", }, references: [ { category: "self", summary: "SSA-108696: Multiple Vulnerabilities in SIDIS Prime before V4.0.400 - CSAF Version", url: "https://cert-portal.siemens.com/productcert/csaf/ssa-108696.json", }, { category: "self", summary: "SSA-108696: Multiple Vulnerabilities in SIDIS Prime before V4.0.400 - HTML Version", url: "https://cert-portal.siemens.com/productcert/html/ssa-108696.html", }, { category: "self", summary: "SSA-108696: Multiple Vulnerabilities in SIDIS Prime before V4.0.400 - PDF Version", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-108696.pdf", }, { category: "self", summary: "SSA-108696: Multiple Vulnerabilities in SIDIS Prime before V4.0.400 - TXT Version", url: "https://cert-portal.siemens.com/productcert/txt/ssa-108696.txt", }, { category: "self", summary: "ICS Advisory ICSA-24-046-02 JSON", url: "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2024/icsa-24-046-02.json", }, { category: "self", summary: "ICS Advisory ICSA-24-046-02 - Web Version", url: "https://www.cisa.gov/news-events/ics-advisories/icsa-24-046-02", }, { category: "external", summary: "Recommended Practices", url: "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01", }, { category: "external", summary: "Recommended Practices", url: "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices", }, { category: "external", summary: "Recommended Practices", url: "https://www.cisa.gov/topics/industrial-control-systems", }, { category: "external", summary: "Recommended Practices", url: "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf", }, { category: "external", summary: "Recommended Practices", url: "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf", }, { category: "external", summary: "Recommended Practices", url: "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B", }, ], title: "Siemens SIDIS Prime", tracking: { current_release_date: "2024-02-13T00:00:00.000000Z", generator: { engine: { name: "CISA CSAF Generator", version: "1", }, }, id: "ICSA-24-046-02", initial_release_date: "2024-02-13T00:00:00.000000Z", revision_history: [ { date: "2024-02-13T00:00:00.000000Z", legacy_version: "1.0", number: "1", summary: "Publication Date", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version_range", name: "<V4.0.400", product: { name: "SIDIS Prime", product_id: "CSAFPID-0001", }, }, ], category: "product_name", name: "SIDIS Prime", }, ], category: "vendor", name: "Siemens", }, ], }, vulnerabilities: [ { cve: "CVE-2019-19135", cwe: { id: "CWE-330", name: "Use of Insufficiently Random Values", }, notes: [ { category: "summary", text: "In OPC Foundation OPC UA .NET Standard codebase 1.4.357.28, servers do not create sufficiently random numbers in OPCFoundation.NetStandard.Opc.Ua before 1.4.359.31, which allows man in the middle attackers to reuse encrypted user credentials sent over the network.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "mitigation", details: "CVE-2019-19135: Enable encrypted communication between the affected product (OPC UA client) and the OPC UA server(s)", product_ids: [ "CSAFPID-0001", ], }, { category: "vendor_fix", details: "Update to V4.0.400 or later version", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 7.4, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2019-19135", }, { cve: "CVE-2020-1967", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "summary", text: "Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the \"signature_algorithms_cert\" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V4.0.400 or later version", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2020-1967", }, { cve: "CVE-2020-1971", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "summary", text: "The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL's s_server, s_client and verify tools have support for the \"-crl_download\" option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence trigger this attack.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V4.0.400 or later version", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2020-1971", }, { cve: "CVE-2022-0778", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, notes: [ { category: "summary", text: "The BN_mod_sqrt() function in openSSL, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V4.0.400 or later version", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-0778", }, { cve: "CVE-2022-29862", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, notes: [ { category: "summary", text: "An infinite loop in OPC UA .NET Standard Stack 1.04.368 allows a remote attackers to cause the application to hang via a crafted message.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V4.0.400 or later version", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-29862", }, ], }
ICSA-24-046-02
Vulnerability from csaf_cisa
Notes
{ document: { acknowledgments: [ { organization: "Siemens ProductCERT", summary: "reporting these vulnerabilities to CISA.", }, ], category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Disclosure is not limited", tlp: { label: "WHITE", url: "https://us-cert.cisa.gov/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "SIDIS Prime before V4.0.400 is affected by multiple vulnerabilities in the components OPC UA and OpenSSL, that could allow an unauthenticated attacker with access to the network where SIDIS Prime is installed to reuse OPC UA client credentials, create a denial of service condition of the SIDIS Prime OPC UA client, or create a denial of service condition of the SIDIS Prime TLS service.\n\nSiemens has released a new version of SIDIS Prime and recommends to update to the latest version.", title: "Summary", }, { category: "general", text: "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", title: "General Recommendations", }, { category: "general", text: "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories", title: "Additional Resources", }, { category: "legal_disclaimer", text: "Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.", title: "Terms of Use", }, { category: "legal_disclaimer", text: "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.", title: "Legal Notice", }, { category: "other", text: "This CISA CSAF advisory was converted from Siemens ProductCERT's CSAF advisory.", title: "Advisory Conversion Disclaimer", }, { category: "other", text: "Multiple", title: "Critical infrastructure sectors", }, { category: "other", text: "Worldwide", title: "Countries/areas deployed", }, { category: "other", text: "Germany", title: "Company headquarters location", }, { category: "general", text: "CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.", title: "Recommended Practices", }, { category: "general", text: "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.", title: "Recommended Practices", }, { category: "general", text: "Locate control system networks and remote devices behind firewalls and isolate them from business networks.", title: "Recommended Practices", }, { category: "general", text: "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.", title: "Recommended Practices", }, { category: "general", text: "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.", title: "Recommended Practices", }, { category: "general", text: "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.", title: "Recommended Practices", }, { category: "general", text: "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.", title: "Recommended Practices", }, { category: "general", text: "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.", title: "Recommended Practices", }, ], publisher: { category: "other", contact_details: "central@cisa.dhs.gov", name: "CISA", namespace: "https://www.cisa.gov/", }, references: [ { category: "self", summary: "SSA-108696: Multiple Vulnerabilities in SIDIS Prime before V4.0.400 - CSAF Version", url: "https://cert-portal.siemens.com/productcert/csaf/ssa-108696.json", }, { category: "self", summary: "SSA-108696: Multiple Vulnerabilities in SIDIS Prime before V4.0.400 - HTML Version", url: "https://cert-portal.siemens.com/productcert/html/ssa-108696.html", }, { category: "self", summary: "SSA-108696: Multiple Vulnerabilities in SIDIS Prime before V4.0.400 - PDF Version", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-108696.pdf", }, { category: "self", summary: "SSA-108696: Multiple Vulnerabilities in SIDIS Prime before V4.0.400 - TXT Version", url: "https://cert-portal.siemens.com/productcert/txt/ssa-108696.txt", }, { category: "self", summary: "ICS Advisory ICSA-24-046-02 JSON", url: "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2024/icsa-24-046-02.json", }, { category: "self", summary: "ICS Advisory ICSA-24-046-02 - Web Version", url: "https://www.cisa.gov/news-events/ics-advisories/icsa-24-046-02", }, { category: "external", summary: "Recommended Practices", url: "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01", }, { category: "external", summary: "Recommended Practices", url: "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices", }, { category: "external", summary: "Recommended Practices", url: "https://www.cisa.gov/topics/industrial-control-systems", }, { category: "external", summary: "Recommended Practices", url: "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf", }, { category: "external", summary: "Recommended Practices", url: "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf", }, { category: "external", summary: "Recommended Practices", url: "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B", }, ], title: "Siemens SIDIS Prime", tracking: { current_release_date: "2024-02-13T00:00:00.000000Z", generator: { engine: { name: "CISA CSAF Generator", version: "1", }, }, id: "ICSA-24-046-02", initial_release_date: "2024-02-13T00:00:00.000000Z", revision_history: [ { date: "2024-02-13T00:00:00.000000Z", legacy_version: "1.0", number: "1", summary: "Publication Date", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version_range", name: "<V4.0.400", product: { name: "SIDIS Prime", product_id: "CSAFPID-0001", }, }, ], category: "product_name", name: "SIDIS Prime", }, ], category: "vendor", name: "Siemens", }, ], }, vulnerabilities: [ { cve: "CVE-2019-19135", cwe: { id: "CWE-330", name: "Use of Insufficiently Random Values", }, notes: [ { category: "summary", text: "In OPC Foundation OPC UA .NET Standard codebase 1.4.357.28, servers do not create sufficiently random numbers in OPCFoundation.NetStandard.Opc.Ua before 1.4.359.31, which allows man in the middle attackers to reuse encrypted user credentials sent over the network.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "mitigation", details: "CVE-2019-19135: Enable encrypted communication between the affected product (OPC UA client) and the OPC UA server(s)", product_ids: [ "CSAFPID-0001", ], }, { category: "vendor_fix", details: "Update to V4.0.400 or later version", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 7.4, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2019-19135", }, { cve: "CVE-2020-1967", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "summary", text: "Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the \"signature_algorithms_cert\" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V4.0.400 or later version", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2020-1967", }, { cve: "CVE-2020-1971", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "summary", text: "The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL's s_server, s_client and verify tools have support for the \"-crl_download\" option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence trigger this attack.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V4.0.400 or later version", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2020-1971", }, { cve: "CVE-2022-0778", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, notes: [ { category: "summary", text: "The BN_mod_sqrt() function in openSSL, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V4.0.400 or later version", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-0778", }, { cve: "CVE-2022-29862", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, notes: [ { category: "summary", text: "An infinite loop in OPC UA .NET Standard Stack 1.04.368 allows a remote attackers to cause the application to hang via a crafted message.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V4.0.400 or later version", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-29862", }, ], }
gsd-2019-19135
Vulnerability from gsd
{ GSD: { alias: "CVE-2019-19135", description: "In OPC Foundation OPC UA .NET Standard codebase 1.4.357.28, servers do not create sufficiently random numbers in OPCFoundation.NetStandard.Opc.Ua before 1.4.359.31, which allows man in the middle attackers to reuse encrypted user credentials sent over the network.", id: "GSD-2019-19135", }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2019-19135", ], details: "In OPC Foundation OPC UA .NET Standard codebase 1.4.357.28, servers do not create sufficiently random numbers in OPCFoundation.NetStandard.Opc.Ua before 1.4.359.31, which allows man in the middle attackers to reuse encrypted user credentials sent over the network.", id: "GSD-2019-19135", modified: "2023-12-13T01:23:53.792388Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-19135", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In OPC Foundation OPC UA .NET Standard codebase 1.4.357.28, servers do not create sufficiently random numbers in OPCFoundation.NetStandard.Opc.Ua before 1.4.359.31, which allows man in the middle attackers to reuse encrypted user credentials sent over the network.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://opcfoundation.org/security-bulletins/", refsource: "MISC", url: "https://opcfoundation.org/security-bulletins/", }, { name: "https://opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2019-19135.pdf", refsource: "CONFIRM", url: "https://opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2019-19135.pdf", }, ], }, }, "gitlab.com": { advisories: [ { affected_range: "(,0.3.4]", affected_versions: "All versions up to 0.3.4", cvss_v2: "AV:N/AC:M/Au:N/C:P/I:P/A:N", cvss_v3: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", cwe_ids: [ "CWE-1035", "CWE-330", "CWE-937", ], date: "2021-07-28", description: "In OPC Foundation OPC UA .NET Standard codebase 1.4.357.28, servers do not create sufficiently random numbers in OPCFoundation.NetStandard.Opc.Ua before 1.4.359.31, which allows man in the middle attackers to reuse encrypted user credentials sent over the network.", fixed_versions: [ "0.3.6", ], identifier: "CVE-2019-19135", identifiers: [ "GHSA-pq4w-qm9g-qx68", "CVE-2019-19135", ], not_impacted: "All versions after 0.3.4", package_slug: "maven/org.eclipse.milo/sdk-client", pubdate: "2020-03-16", solution: "Upgrade to version 0.3.6 or above.", title: "Use of Insufficiently Random Values", urls: [ "https://github.com/eclipse/milo/security/advisories/GHSA-pq4w-qm9g-qx68", "https://github.com/eclipse/milo/commit/cac0e710bf2b8bed9c602fc597e9de1d8903abed", "https://nvd.nist.gov/vuln/detail/CVE-2019-19135", "https://github.com/advisories/GHSA-pq4w-qm9g-qx68", ], uuid: "0b03d2fb-6b1d-4c1a-819a-bc7c53234c2d", }, { affected_range: "[1.4.357.28,1.4.359.31)", affected_versions: "All versions starting from 1.4.357.28 before 1.4.359.31", cvss_v2: "AV:N/AC:M/Au:N/C:P/I:P/A:N", cvss_v3: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", cwe_ids: [ "CWE-1035", "CWE-330", "CWE-937", ], date: "2021-07-21", description: "In OPC Foundation OPC UA .NET Standard codebase, servers do not create sufficiently random numbers in OPCFoundation.NetStandard.Opc.Ua, which allows man in the middle attackers to reuse encrypted user credentials sent over the network.", fixed_versions: [], identifier: "CVE-2019-19135", identifiers: [ "CVE-2019-19135", ], not_impacted: "", package_slug: "nuget/OPCFoundation.NetStandard.Opc.Ua", pubdate: "2020-03-16", solution: "Unfortunately, there is no solution available yet.", title: "Use of Insufficiently Random Values", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2019-19135", "https://opcfoundation.org/security-bulletins/", "https://opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2019-19135.pdf", ], uuid: "18a80717-1ede-4025-ba34-fd70ad97e5e0", }, ], }, "nvd.nist.gov": { configurations: { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:opcfoundation:netstandard.opc.ua:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.4.359.31", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:opcfoundation:ua-.netstandard:1.4.357.28:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, cve: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-19135", }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "en", value: "In OPC Foundation OPC UA .NET Standard codebase 1.4.357.28, servers do not create sufficiently random numbers in OPCFoundation.NetStandard.Opc.Ua before 1.4.359.31, which allows man in the middle attackers to reuse encrypted user credentials sent over the network.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "en", value: "CWE-330", }, ], }, ], }, references: { reference_data: [ { name: "https://opcfoundation.org/security-bulletins/", refsource: "MISC", tags: [ "Vendor Advisory", ], url: "https://opcfoundation.org/security-bulletins/", }, { name: "https://opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2019-19135.pdf", refsource: "CONFIRM", tags: [ "Patch", "Vendor Advisory", ], url: "https://opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2019-19135.pdf", }, ], }, }, impact: { baseMetricV2: { acInsufInfo: false, cvssV2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", userInteractionRequired: false, }, baseMetricV3: { cvssV3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 5.2, }, }, lastModifiedDate: "2021-07-21T11:39Z", publishedDate: "2020-03-16T16:15Z", }, }, }
ghsa-pq4w-qm9g-qx68
Vulnerability from github
Impact
Credential replay affecting those connected to a server when all 3 of the following conditions are met:
- SecurityPolicy
is None
- using username/password or X509-based authentication
- the server has a defect causing it to send null/empty or zeroed nonces
Patches
The problem has been patched in version 0.3.6
. A more relaxed treatment of validation as agreed upon by the OPC UA Security Working Group is implemented in version 0.3.7
.
Workarounds
Do not use username/password or X509-based authentication with SecurityPolicy
of None
.
References
https://opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2019-19135.pdf
For more information
If you have any questions or comments about this advisory: * Open an issue at https://github.com/eclipse/milo/issues * Email the mailing list
{ affected: [ { database_specific: { last_known_affected_version_range: "<= 0.3.4", }, package: { ecosystem: "Maven", name: "org.eclipse.milo:sdk-client", }, ranges: [ { events: [ { introduced: "0", }, { fixed: "0.3.6", }, ], type: "ECOSYSTEM", }, ], }, ], aliases: [ "CVE-2019-19135", ], database_specific: { cwe_ids: [ "CWE-330", "CWE-522", ], github_reviewed: true, github_reviewed_at: "2020-03-16T20:59:53Z", nvd_published_at: "2020-03-16T16:15:00Z", severity: "HIGH", }, details: "### Impact\nCredential replay affecting those connected to a server when *all 3* of the following conditions are met:\n- `SecurityPolicy` is `None`\n- using username/password or X509-based authentication\n- the server has a defect causing it to send null/empty or zeroed nonces \n\n### Patches\nThe problem has been patched in version `0.3.6`. A more relaxed treatment of validation as agreed upon by the OPC UA Security Working Group is implemented in version `0.3.7`.\n\n### Workarounds\nDo not use username/password or X509-based authentication with `SecurityPolicy` of `None`.\n\n### References\nhttps://opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2019-19135.pdf\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue at [https://github.com/eclipse/milo/issues](https://github.com/eclipse/milo/issues)\n* Email [the mailing list](mailto:milo-dev@eclipse.org)", id: "GHSA-pq4w-qm9g-qx68", modified: "2021-07-28T18:54:53Z", published: "2020-03-16T22:46:50Z", references: [ { type: "WEB", url: "https://github.com/eclipse/milo/security/advisories/GHSA-pq4w-qm9g-qx68", }, { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-19135", }, { type: "WEB", url: "https://github.com/eclipse/milo/commit/cac0e710bf2b8bed9c602fc597e9de1d8903abed", }, { type: "WEB", url: "https://opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2019-19135.pdf", }, { type: "WEB", url: "https://opcfoundation.org/security-bulletins", }, ], schema_version: "1.4.0", severity: [ { score: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", type: "CVSS_V3", }, ], summary: "Insufficient Nonce Validation in Eclipse Milo Client", }
Log in or create an account to share your comment.
This schema specifies the format of a comment related to a security advisory.
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.