CISA Issues 10 New Advisories on Industrial Control System Vulnerabilities

The Cybersecurity and Infrastructure Security Agency (CISA) has issued ten critical advisories, highlighting vulnerabilities across Siemens’ industrial products.

Released on December 12, 2024, these advisories expose multiple flaws in Siemens’ hardware and software platforms critical to industrial control systems (ICS).

These vulnerabilities, if exploited, could lead to unauthorized access, code execution, denial-of-service, and other severe risks, making it imperative for organizations to strengthen their cybersecurity posture.

Below is a comprehensive summary of the advisories and associated Common Vulnerabilities and Exposures (CVEs), complete with links to additional information for each vulnerability.

2024 MITRE ATT&CK Evaluation Results for SMEs & MSPs -> Download Free Guide

ICSA-24-347-01: Siemens CPCI85 Central Processing/Communication

CVE-2024-53832: Insufficiently Protected Credentials

The vulnerability affects Siemens CPCI85 products due to an unencrypted SPI bus connection. Attackers with physical access could observe authentication passwords and decrypt firmware files. While this vulnerability poses a moderate risk, it could compromise operational integrity in industrial environments.

ICSA-24-347-02: Siemens Engineering Platforms

CVE-2024-52051: Improper Input Validation

This vulnerability stems from improper input validation, allowing attackers to execute arbitrary commands locally. An exploit could disrupt engineering operations by manipulating user-controllable input.

ICSA-24-347-03: Siemens RUGGEDCOM ROX II

CVE-2020-28398: Cross-Site Request Forgery (CSRF)

The CSRF vulnerability affects the CLI web interface, enabling attackers to modify device configurations by tricking authenticated users into clicking malicious links. Exploitation could lead to unauthorized administrative actions.

ICSA-24-347-04: Siemens Parasolid

CVE-2024-54091: Out-of-Bounds Write

Siemens Parasolid is vulnerable to an out-of-bounds write flaw that occurs during the parsing of specially crafted PAR files. This issue could allow attackers to execute arbitrary code within the current process.

ICSA-24-347-05: Siemens Engineering Platforms

CVE-2024-49849: Deserialization of Untrusted Data

Untrusted data deserialization flaws in Siemens Engineering Platforms could lead to type confusion and arbitrary code execution. Exploitation might occur during the parsing of user-controlled log files.

ICSA-24-347-06: Siemens Simcenter Femap

CVE-2024-41981: Heap-Based Buffer Overflow

This vulnerability affects Simcenter Femap during the parsing of specially crafted BDF files, enabling attackers to cause memory corruption and execute arbitrary code.

CVE-2024-47046: Improper Restriction of Operations

Improper memory restrictions could allow attackers to execute malicious code. Exploitation arises from parsing specially crafted input.

ICSA-24-347-07: Siemens Solid Edge SE2024

CVE-2024-54093: Heap-Based Buffer Overflow

This vulnerability can be triggered while parsing specially crafted ASM files, leading to arbitrary code execution.

CVE-2024-54095: Integer Underflow

The integer underflow flaw could allow attackers to execute malicious code during the parsing of PAR files, compromising the operational integrity of industrial applications.

ICSA-24-347-08: Siemens COMOS

CVE-2024-49704: XML External Entity Reference

When parsing XML input, Siemens COMOS components are vulnerable to attacks that allow arbitrary file extraction. This flaw could enable attackers to access confidential system files.

CVE-2024-54005: XML External Entity Reference

By injecting malicious XML data, attackers can exploit communication channels between systems, leading to data leakage.

ICSA-24-347-09: Siemens Teamcenter Visualization

CVE-2024-45463: Out-of-Bounds Read

A flaw in the WRL file parsing mechanism allows attackers to read beyond allocated memory, potentially executing malicious code.

CVE-2024-52565: Out-of-Bounds Write

The vulnerability allows attackers to write beyond allocated memory during WRL file parsing, leading to code execution risks.

CVE-2024-53041: Stack-Based Buffer Overflow

This vulnerability involves stack memory overflow, which attackers could exploit to execute arbitrary code in the system.

ICSA-24-347-10: Siemens SENTRON Powercenter 1000

CVE-2024-6657: Incorrect Synchronization

A denial-of-service condition can occur during BLE pairing due to an incorrect synchronization flaw. This vulnerability is exploitable within a three-minute window after device restarts, potentially disrupting operations.

The vulnerabilities reported in CISA’s advisories underscore the critical nature of securing industrial systems. Siemens has released patches and mitigation recommendations for all affected products.

Organizations using Siemens industrial solutions are urged to promptly apply updates, enforce strict access controls, and monitor their systems for any signs of exploitation.

Collaboration between vendors, regulatory agencies, and end-users is vital to safeguarding ICS environments from these growing cyber threats.

Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free