Siemens OpenSSL Affecting Industrial Products
Act Now9.8ICS-CERT ICSA-22-167-17Jun 14, 2022
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
SINEMA Remote Connect Server contains multiple critical vulnerabilities including command injection in file upload (CVE-2022-32262), authentication bypass and privilege escalation flaws (CVE-2022-32251 through -32261), cross-site scripting (CVE-2022-29034), and multiple library vulnerabilities in curl and libexpat. These flaws affect versions prior to 3.1 and could allow remote attackers to execute commands, bypass access controls, crash the server, or inject malicious content. Siemens has released version 3.1 with fixes for all identified issues.
What this means
What could happen
An attacker could inject commands into file uploads, bypass authentication, escalate privileges, inject malicious scripts into web pages served to users, or crash the server by exploiting XML parsing flaws. This could allow unauthorized remote access to the SINEMA Remote Connect Server and control over connected industrial devices and networks.
Who's at risk
Siemens SINEMA Remote Connect Server administrators and organizations that use this product for remote access management of industrial devices. This primarily affects manufacturing facilities, utilities, and any industrial site that uses Siemens remote connectivity solutions. The server acts as a gateway to critical control systems, making compromise a serious risk.
How it could be exploited
An attacker with network access to the SINEMA Remote Connect Server can exploit command injection in the file upload service to run arbitrary commands with server privileges. Alternatively, they can bypass authentication mechanisms or escalate from a low-privilege user account to gain full server control. Cross-site scripting can be used to steal credentials from users interacting with the web interface.
Prerequisites
- Network access to the SINEMA Remote Connect Server web interface (typically port 443)
- For some vulnerabilities, ability to upload files to the server
- For privilege escalation paths, a valid unprivileged user account on the server
remotely exploitableno authentication required (for some vulnerabilities)low complexityhigh EPSS score (13.3%)affects remote access to critical systemsmultiple vulnerability types including code execution
Exploitability
High exploit probability (EPSS 13.3%)
Affected products (1)
ProductAffected VersionsFix Status
SINEMA Remote Connect Server<V3.13.1
Remediation & Mitigation
0/4
Do now
0/1WORKAROUNDRestrict network access to the SINEMA Remote Connect Server to authorized management networks only using firewall rules
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXUpdate SINEMA Remote Connect Server to version 3.1 or later
Long-term hardening
0/2HARDENINGIsolate the SINEMA Remote Connect Server behind a firewall and separate from internet-facing business networks
HARDENINGUse a VPN for any required remote access to the SINEMA Remote Connect Server, keeping VPN software updated
CVEs (29)
CVE-2021-22924CVE-2021-22925CVE-2021-45960CVE-2021-46143CVE-2022-22822CVE-2022-22823CVE-2022-22824CVE-2022-22825CVE-2022-22826CVE-2022-22827CVE-2022-23852CVE-2022-23990CVE-2022-25235CVE-2022-25236CVE-2022-25313CVE-2022-25314CVE-2022-25315CVE-2022-27221CVE-2022-29034CVE-2022-32251CVE-2022-32252CVE-2022-32253CVE-2022-32254CVE-2022-32255CVE-2022-32256CVE-2022-32258CVE-2022-32259CVE-2022-32261CVE-2022-32262
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/42d142ec-5f28-4428-8ddf-ab9ad1231958