Siemens Apache HTTP Server

Act Now9.8ICS-CERT ICSA-22-167-06Jun 14, 2022

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Multiple vulnerabilities in Apache HTTP Server affect Siemens network management and remote access products. The issues include NULL pointer dereferencing, out-of-bounds write, and server-side request forgery (CWE-476, CWE-787, CWE-918). These allow unauthenticated remote code execution via HTTP requests to port 443/TCP. RUGGEDCOM NMS and SINEMA Server V14 have no vendor fixes available and remain vulnerable in all versions. SINEC NMS and SINEMA Remote Connect Server have been patched.

What this means

What could happen

An attacker could execute arbitrary code on the HTTP server embedded in these systems, potentially allowing them to reconfigure network management or remote access functions, disrupt monitoring, or pivot into connected OT networks.

Who's at risk

Network management and remote access administrators responsible for Siemens RUGGEDCOM NMS, SINEC NMS, SINEMA Remote Connect Server, and SINEMA Server systems. These are typically deployed in utilities and industrial facilities to manage distributed equipment and provide remote access to operators. Any site using these products for site-to-site VPN or centralized system monitoring is at risk.

How it could be exploited

An attacker sends a malicious HTTP request to port 443/TCP of an affected device without authentication. The request triggers a NULL pointer dereference, out-of-bounds write, or server-side request forgery in the Apache HTTP Server, allowing remote code execution on the device.

Prerequisites

Network connectivity to port 443/TCP on the affected device
Device must be running an affected version of the management or remote access product
No credentials required

remotely exploitableno authentication requiredlow complexityactively exploited (KEV)high EPSS score (94.4%)no patch available for RUGGEDCOM NMS and SINEMA Server V14

Exploitability

Actively exploited — confirmed by CISA KEV

Affected products (4)

2 with fix2 EOL

ProductAffected VersionsFix Status

SINEC NMS<V1.0.31.0.3

RUGGEDCOM NMSAll versions when using the device firmware upgrade mechanismNo fix (EOL)

SINEMA Remote Connect Server<V3.13.1

SINEMA Server V14All versionsNo fix (EOL)

Remediation & Mitigation

0/6

Do now

0/4

SINEMA Remote Connect Server

HOTFIXUpdate SINEMA Remote Connect Server to v3.1 or later

SINEC NMS

HOTFIXUpdate SINEC NMS to v1.0.3 or later

RUGGEDCOM NMS

HARDENINGFor RUGGEDCOM NMS and SINEMA Server V14 (no fixes available), isolate affected devices from the Internet and restrict network access to trusted engineering and management IP addresses

All products

WORKAROUNDRestrict access to port 443/TCP on affected devices to trusted IP addresses only via firewall rules

Mitigations - no patch available

0/2

The following products have reached End of Life with no planned fix: RUGGEDCOM NMS, SINEMA Server V14. Apply the following compensating controls:

HARDENINGSegment management and remote access servers from business networks and control system networks using firewalls

HARDENINGUse secure VPN tunnels for any required remote access to these systems

CVEs (3)

CVE-2021-34798 CVE-2021-39275 CVE-2021-40438

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/ef89e0b0-d79e-406c-9e0e-1cd742d507e6