SSA-626968
Vulnerability from csaf_siemens - Published: 2022-05-10 00:00 - Updated: 2022-06-14 00:00Summary
SSA-626968: Multiple Webserver Vulnerabilities in Desigo PXC and DXR Devices
Notes
Summary
Desigo PXC3, PXC4, PXC5 and DXR2 devices contain multiple vulnerabilities in the webserver application that could allow an attacker to potentially intercept unencrypted transmission of sensitive information, cause a denial of service condition, or perform remote code execution.
Siemens has released updates for the affected products and recommends to update to the latest versions.
General Recommendations
As a general security measure Siemens strongly recommends to protect network access to affected products with appropriate mechanisms. It is advised to follow recommended security practices in order to run the devices in a protected IT environment.
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use
Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.
{
"document": {
"acknowledgments": [
{
"names": [
"Andrea Palanca"
],
"organization": "Nozomi Networks",
"summary": "coordinated disclosure"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited.",
"tlp": {
"label": "WHITE"
}
},
"notes": [
{
"category": "summary",
"text": "Desigo PXC3, PXC4, PXC5 and DXR2 devices contain multiple vulnerabilities in the webserver application that could allow an attacker to potentially intercept unencrypted transmission of sensitive information, cause a denial of service condition, or perform remote code execution.\n\nSiemens has released updates for the affected products and recommends to update to the latest versions.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure Siemens strongly recommends to protect network access to affected products with appropriate mechanisms. It is advised to follow recommended security practices in order to run the devices in a protected IT environment.",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "Siemens Security Advisories are subject to the terms and conditions contained in Siemens\u0027 underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens\u0027 Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "productcert@siemens.com",
"name": "Siemens ProductCERT",
"namespace": "https://www.siemens.com"
},
"references": [
{
"category": "self",
"summary": "SSA-626968: Multiple Webserver Vulnerabilities in Desigo PXC and DXR Devices - PDF Version",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf"
},
{
"category": "self",
"summary": "SSA-626968: Multiple Webserver Vulnerabilities in Desigo PXC and DXR Devices - TXT Version",
"url": "https://cert-portal.siemens.com/productcert/txt/ssa-626968.txt"
},
{
"category": "self",
"summary": "SSA-626968: Multiple Webserver Vulnerabilities in Desigo PXC and DXR Devices - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-626968.json"
}
],
"title": "SSA-626968: Multiple Webserver Vulnerabilities in Desigo PXC and DXR Devices",
"tracking": {
"current_release_date": "2022-06-14T00:00:00Z",
"generator": {
"engine": {
"name": "Siemens ProductCERT CSAF Generator",
"version": "1"
}
},
"id": "SSA-626968",
"initial_release_date": "2022-05-10T00:00:00Z",
"revision_history": [
{
"date": "2022-05-10T00:00:00Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
},
{
"date": "2022-06-14T00:00:00Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Added steps to contact local Siemens office for obtaining update"
}
],
"status": "interim",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c V01.21.142.5-22",
"product": {
"name": "Desigo DXR2",
"product_id": "1"
}
}
],
"category": "product_name",
"name": "Desigo DXR2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c V01.21.142.4-18",
"product": {
"name": "Desigo PXC3",
"product_id": "2"
}
}
],
"category": "product_name",
"name": "Desigo PXC3"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c V02.20.142.10-10884",
"product": {
"name": "Desigo PXC4",
"product_id": "3"
}
}
],
"category": "product_name",
"name": "Desigo PXC4"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c V02.20.142.10-10884",
"product": {
"name": "Desigo PXC5",
"product_id": "4"
}
}
],
"category": "product_name",
"name": "Desigo PXC5"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-24039",
"cwe": {
"id": "CWE-75",
"name": "Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)"
},
"notes": [
{
"category": "summary",
"text": "The \u201caddCell\u201d JavaScript function fails to properly sanitize user-controllable input before including it into the generated XML body of the XLS report document, such that it is possible to inject arbitrary content (e.g., XML tags) into the generated file.\n\nAn attacker with restricted privileges, by poisoning any of the content used to generate XLS reports, could be able to leverage the application to deliver malicious files against higher-privileged users and obtain Remote Code Execution (RCE) against the administrator\u2019s workstation.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"3",
"4"
]
},
"references": [
{
"summary": "CVE-2022-24039 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2022-24039.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V02.20.142.10-10884 or later version. Please contact your local Siemens office for additional support in obtaining the update.",
"product_ids": [
"3",
"4"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"3",
"4"
]
}
],
"title": "CVE-2022-24039"
},
{
"cve": "CVE-2022-24040",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "The web application fails to enforce an upper bound to the cost factor of the PBKDF2 derived key during the creation or update of an account.\n\nAn attacker with the user profile access privilege could cause a denial of service (DoS) condition through CPU consumption by setting a PBKDF2 derived key with a remarkably high cost effort and then attempting a login to the so-modified account.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4"
]
},
"references": [
{
"summary": "CVE-2022-24040 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2022-24040.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V01.21.142.5-22 or later version. Please contact your local Siemens office for additional support in obtaining the update.",
"product_ids": [
"1"
]
},
{
"category": "vendor_fix",
"details": "Update to V01.21.142.4-18 or later version. Please contact your local Siemens office for additional support in obtaining the update.",
"product_ids": [
"2"
]
},
{
"category": "vendor_fix",
"details": "Update to V02.20.142.10-10884 or later version. Please contact your local Siemens office for additional support in obtaining the update.",
"product_ids": [
"3",
"4"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4"
]
}
],
"title": "CVE-2022-24040"
},
{
"cve": "CVE-2022-24041",
"cwe": {
"id": "CWE-916",
"name": "Use of Password Hash With Insufficient Computational Effort"
},
"notes": [
{
"category": "summary",
"text": "The web application stores the PBKDF2 derived key of users passwords with a low iteration count.\n\nAn attacker with user profile access privilege can retrieve the stored password hashes of other accounts and then successfully perform an offline cracking attack and recover the plaintext passwords of other users.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4"
]
},
"references": [
{
"summary": "CVE-2022-24041 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2022-24041.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V01.21.142.5-22 or later version. Please contact your local Siemens office for additional support in obtaining the update.",
"product_ids": [
"1"
]
},
{
"category": "vendor_fix",
"details": "Update to V01.21.142.4-18 or later version. Please contact your local Siemens office for additional support in obtaining the update.",
"product_ids": [
"2"
]
},
{
"category": "vendor_fix",
"details": "Update to V02.20.142.10-10884 or later version. Please contact your local Siemens office for additional support in obtaining the update.",
"product_ids": [
"3",
"4"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4"
]
}
],
"title": "CVE-2022-24041"
},
{
"cve": "CVE-2022-24042",
"cwe": {
"id": "CWE-613",
"name": "Insufficient Session Expiration"
},
"notes": [
{
"category": "summary",
"text": "The web application returns an AuthToken that does not expire at the defined auto logoff delay timeout.\n\nAn attacker could be able to capture this token and re-use old session credentials or session IDs for authorization.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4"
]
},
"references": [
{
"summary": "CVE-2022-24042 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2022-24042.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V01.21.142.5-22 or later version. Please contact your local Siemens office for additional support in obtaining the update.",
"product_ids": [
"1"
]
},
{
"category": "vendor_fix",
"details": "Update to V01.21.142.4-18 or later version. Please contact your local Siemens office for additional support in obtaining the update.",
"product_ids": [
"2"
]
},
{
"category": "vendor_fix",
"details": "Update to V02.20.142.10-10884 or later version. Please contact your local Siemens office for additional support in obtaining the update.",
"product_ids": [
"3",
"4"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4"
]
}
],
"title": "CVE-2022-24042"
},
{
"cve": "CVE-2022-24043",
"cwe": {
"id": "CWE-203",
"name": "Observable Discrepancy"
},
"notes": [
{
"category": "summary",
"text": "The login functionality of the application fails to normalize the response times of login attempts performed with wrong usernames with the ones executed with correct usernames.\n\nA remote unauthenticated attacker could exploit this side-channel information to perform a username enumeration attack and identify valid usernames.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4"
]
},
"references": [
{
"summary": "CVE-2022-24043 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2022-24043.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V01.21.142.5-22 or later version. Please contact your local Siemens office for additional support in obtaining the update.",
"product_ids": [
"1"
]
},
{
"category": "vendor_fix",
"details": "Update to V01.21.142.4-18 or later version. Please contact your local Siemens office for additional support in obtaining the update.",
"product_ids": [
"2"
]
},
{
"category": "vendor_fix",
"details": "Update to V02.20.142.10-10884 or later version. Please contact your local Siemens office for additional support in obtaining the update.",
"product_ids": [
"3",
"4"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4"
]
}
],
"title": "CVE-2022-24043"
},
{
"cve": "CVE-2022-24044",
"cwe": {
"id": "CWE-307",
"name": "Improper Restriction of Excessive Authentication Attempts"
},
"notes": [
{
"category": "summary",
"text": "The login functionality of the application does not employ any countermeasures against Password Spraying attacks or Credential Stuffing attacks.\n\nAn attacker could obtain a list of valid usernames on the device by exploiting the issue and then perform a precise Password Spraying or Credential Stuffing attack in order to obtain access to at least one account.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4"
]
},
"references": [
{
"summary": "CVE-2022-24044 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2022-24044.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V01.21.142.5-22 or later version. Please contact your local Siemens office for additional support in obtaining the update.",
"product_ids": [
"1"
]
},
{
"category": "vendor_fix",
"details": "Update to V01.21.142.4-18 or later version. Please contact your local Siemens office for additional support in obtaining the update.",
"product_ids": [
"2"
]
},
{
"category": "vendor_fix",
"details": "Update to V02.20.142.10-10884 or later version. Please contact your local Siemens office for additional support in obtaining the update.",
"product_ids": [
"3",
"4"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4"
]
}
],
"title": "CVE-2022-24044"
},
{
"cve": "CVE-2022-24045",
"cwe": {
"id": "CWE-614",
"name": "Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute"
},
"notes": [
{
"category": "summary",
"text": "The application, after a successful login, sets the session cookie on the browser via client-side JavaScript code, without applying any security attributes (such as \u201cSecure\u201d, \u201cHttpOnly\u201d, or \u201cSameSite\u201d).\n\nAny attempts to browse the application via unencrypted HTTP protocol would lead to the transmission of all his/her session cookies in plaintext through the network. An attacker could then be able to sniff the network and capture sensitive information.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4"
]
},
"references": [
{
"summary": "CVE-2022-24045 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2022-24045.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V01.21.142.5-22 or later version. Please contact your local Siemens office for additional support in obtaining the update.",
"product_ids": [
"1"
]
},
{
"category": "vendor_fix",
"details": "Update to V01.21.142.4-18 or later version. Please contact your local Siemens office for additional support in obtaining the update.",
"product_ids": [
"2"
]
},
{
"category": "vendor_fix",
"details": "Update to V02.20.142.10-10884 or later version. Please contact your local Siemens office for additional support in obtaining the update.",
"product_ids": [
"3",
"4"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4"
]
}
],
"title": "CVE-2022-24045"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…