ssa-871717
Vulnerability from csaf_siemens
Published
2024-02-13 00:00
Modified
2024-05-14 00:00
Summary
SSA-871717: Multiple Vulnerabilities in Polarion ALM
Notes
Summary
Polarion ALM is affected by incorrect default path permissions in installation path, and improper authentication in the REST API endpoints of DOORS connector. An attacker could exploit the vulnerabilities for unauthenticated access, or privilege escalation.
Siemens has released a new version for Polarion ALM and recommends to update to the latest version.
General Recommendations
As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download:
https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use
Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited. (TLPv2: TLP:CLEAR)",
"tlp": {
"label": "WHITE"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Polarion ALM is affected by incorrect default path permissions in installation path, and improper authentication in the REST API endpoints of DOORS connector. An attacker could exploit the vulnerabilities for unauthenticated access, or privilege escalation. \n\nSiemens has released a new version for Polarion ALM and recommends to update to the latest version.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "Siemens Security Advisories are subject to the terms and conditions contained in Siemens\u0027 underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens\u0027 Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "productcert@siemens.com",
"name": "Siemens ProductCERT",
"namespace": "https://www.siemens.com"
},
"references": [
{
"category": "self",
"summary": "SSA-871717: Multiple Vulnerabilities in Polarion ALM - HTML Version",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-871717.html"
},
{
"category": "self",
"summary": "SSA-871717: Multiple Vulnerabilities in Polarion ALM - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-871717.json"
},
{
"category": "self",
"summary": "SSA-871717: Multiple Vulnerabilities in Polarion ALM - PDF Version",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-871717.pdf"
},
{
"category": "self",
"summary": "SSA-871717: Multiple Vulnerabilities in Polarion ALM - TXT Version",
"url": "https://cert-portal.siemens.com/productcert/txt/ssa-871717.txt"
}
],
"title": "SSA-871717: Multiple Vulnerabilities in Polarion ALM",
"tracking": {
"current_release_date": "2024-05-14T00:00:00Z",
"generator": {
"engine": {
"name": "Siemens ProductCERT CSAF Generator",
"version": "1"
}
},
"id": "SSA-871717",
"initial_release_date": "2024-02-13T00:00:00Z",
"revision_history": [
{
"date": "2024-02-13T00:00:00Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
},
{
"date": "2024-03-12T00:00:00Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Added additional mitigation measures, with detailed description in Additional Information"
},
{
"date": "2024-05-14T00:00:00Z",
"legacy_version": "1.2",
"number": "3",
"summary": "Added fix for Polarion ALM"
}
],
"status": "interim",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV2404.0",
"product": {
"name": "Polarion ALM",
"product_id": "1"
}
}
],
"category": "product_name",
"name": "Polarion ALM"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-50236",
"cwe": {
"id": "CWE-276",
"name": "Incorrect Default Permissions"
},
"notes": [
{
"category": "summary",
"text": "The affected product is vulnerable due to weak file and folder permissions in the installation path. An attacker with local access could exploit this vulnerability to escalate privileges to NT AUTHORITY\\SYSTEM.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "In Polarion Windows installation, restrict permissions of BUILTIN\\Users from accessing the entire Polarion installation folders to prevent data corruption. Please refer to the Additional Information section for further details.",
"product_ids": [
"1"
]
},
{
"category": "mitigation",
"details": "Polarion installations in Linux are not impacted. Hence no actions are required.",
"product_ids": [
"1"
]
},
{
"category": "vendor_fix",
"details": "Update to V2404.0 or later version",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2023-50236"
},
{
"cve": "CVE-2024-23813",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"notes": [
{
"category": "summary",
"text": "The REST API endpoints of doorsconnector of the affected product lacks proper authentication. An unauthenticated attacker could access the endpoints, and potentially execute code.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "If DOORS connector is not used in the environment, it is advised to limit unauthenticated access within the Apache configuration. For further details, please refer to the Additional Information section.",
"product_ids": [
"1"
]
},
{
"category": "mitigation",
"details": "If DOORS connector is used in the environment, restrict access to DOORS connector endpoint to the IP address of the DOORS instance with which Polarion synchronizes its data, which can be done in two ways:\n\n- Firewall rules set by network administrator (preferred and safest method).\n- Configure Apache using guidelines https://httpd.apache.org/docs/2.4/howto/access.html\n\nFor further details, please refer to the Additional Information section.",
"product_ids": [
"1"
]
},
{
"category": "vendor_fix",
"details": "Update to V2404.0 or later version",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-23813"
}
]
}
Loading...