The Cybersecurity and Infrastructure Security Agency (CISA) has issued ten critical advisories, highlighting vulnerabilities across Siemens’ industrial products.
Released on December 12, 2024, these advisories expose multiple flaws in Siemens’ hardware and software platforms critical to industrial control systems (ICS).
These vulnerabilities, if exploited, could lead to unauthorized access, code execution, denial-of-service, and other severe risks, making it imperative for organizations to strengthen their cybersecurity posture.
Below is a comprehensive summary of the advisories and associated Common Vulnerabilities and Exposures (CVEs), complete with links to additional information for each vulnerability.
2024 MITRE ATT&CK Evaluation Results for SMEs & MSPs -> Download Free Guide
ICSA-24-347-01: Siemens CPCI85 Central Processing/Communication
CVE-2024-53832: Insufficiently Protected Credentials
The vulnerability affects Siemens CPCI85 products due to an unencrypted SPI bus connection. Attackers with physical access could observe authentication passwords and decrypt firmware files. While this vulnerability poses a moderate risk, it could compromise operational integrity in industrial environments.
ICSA-24-347-02: Siemens Engineering Platforms
CVE-2024-52051: Improper Input Validation
This vulnerability stems from improper input validation, allowing attackers to execute arbitrary commands locally. An exploit could disrupt engineering operations by manipulating user-controllable input.
ICSA-24-347-03: Siemens RUGGEDCOM ROX II
CVE-2020-28398: Cross-Site Request Forgery (CSRF)
The CSRF vulnerability affects the CLI web interface, enabling attackers to modify device configurations by tricking authenticated users into clicking malicious links. Exploitation could lead to unauthorized administrative actions.
ICSA-24-347-04: Siemens Parasolid
CVE-2024-54091: Out-of-Bounds Write
Siemens Parasolid is vulnerable to an out-of-bounds write flaw that occurs during the parsing of specially crafted PAR files. This issue could allow attackers to execute arbitrary code within the current process.
ICSA-24-347-05: Siemens Engineering Platforms
CVE-2024-49849: Deserialization of Untrusted Data
Untrusted data deserialization flaws in Siemens Engineering Platforms could lead to type confusion and arbitrary code execution. Exploitation might occur during the parsing of user-controlled log files.
ICSA-24-347-06: Siemens Simcenter Femap
CVE-2024-41981: Heap-Based Buffer Overflow
This vulnerability affects Simcenter Femap during the parsing of specially crafted BDF files, enabling attackers to cause memory corruption and execute arbitrary code.
CVE-2024-47046: Improper Restriction of Operations
Improper memory restrictions could allow attackers to execute malicious code. Exploitation arises from parsing specially crafted input.
ICSA-24-347-07: Siemens Solid Edge SE2024
CVE-2024-54093: Heap-Based Buffer Overflow
This vulnerability can be triggered while parsing specially crafted ASM files, leading to arbitrary code execution.
CVE-2024-54095: Integer Underflow
The integer underflow flaw could allow attackers to execute malicious code during the parsing of PAR files, compromising the operational integrity of industrial applications.
ICSA-24-347-08: Siemens COMOS
CVE-2024-49704: XML External Entity Reference
When parsing XML input, Siemens COMOS components are vulnerable to attacks that allow arbitrary file extraction. This flaw could enable attackers to access confidential system files.
CVE-2024-54005: XML External Entity Reference
By injecting malicious XML data, attackers can exploit communication channels between systems, leading to data leakage.
ICSA-24-347-09: Siemens Teamcenter Visualization
CVE-2024-45463: Out-of-Bounds Read
A flaw in the WRL file parsing mechanism allows attackers to read beyond allocated memory, potentially executing malicious code.
CVE-2024-52565: Out-of-Bounds Write
The vulnerability allows attackers to write beyond allocated memory during WRL file parsing, leading to code execution risks.
CVE-2024-53041: Stack-Based Buffer Overflow
This vulnerability involves stack memory overflow, which attackers could exploit to execute arbitrary code in the system.
ICSA-24-347-10: Siemens SENTRON Powercenter 1000
CVE-2024-6657: Incorrect Synchronization
A denial-of-service condition can occur during BLE pairing due to an incorrect synchronization flaw. This vulnerability is exploitable within a three-minute window after device restarts, potentially disrupting operations.
The vulnerabilities reported in CISA’s advisories underscore the critical nature of securing industrial systems. Siemens has released patches and mitigation recommendations for all affected products.
Organizations using Siemens industrial solutions are urged to promptly apply updates, enforce strict access controls, and monitor their systems for any signs of exploitation.
Collaboration between vendors, regulatory agencies, and end-users is vital to safeguarding ICS environments from these growing cyber threats.
Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free
 has issued ten critical advisories, highlighting vulnerabilities across Siemens’ industrial products.){kind=link}