Siemens SINEMA Remote Connect Client

Plan Patch7.6ICS-CERT ICSA-24-074-04Mar 12, 2024

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionRequired

Summary

SINEMA Remote Connect Client versions before 3.1 SP1 contain an information disclosure vulnerability (CWE-538) that allows users with valid credentials to access sensitive data in log files, including VPN credentials and configuration information. The vulnerability requires valid user credentials and user interaction to exploit, but poses a risk if credentials are compromised or if users inadvertently expose the logs.

What this means

What could happen

An attacker with login access to the SINEMA Remote Connect Client could read sensitive information stored in log files, including configuration data and potentially VPN credentials. This could expose details about your remote access infrastructure and enable lateral movement into your network.

Who's at risk

Organizations using Siemens SINEMA Remote Connect Client for remote VPN access to industrial networks should be aware of this issue. This affects system administrators and remote workers who use SINEMA for secure remote connections to Siemens-based control systems and engineering workstations.

How it could be exploited

An attacker with valid credentials for SINEMA Remote Connect Client (or who intercepts weak credentials) can access the application and read unencrypted or insufficiently protected log files that contain sensitive data. The log files are stored locally on the system where the client is installed.

Prerequisites

Valid user credentials for SINEMA Remote Connect Client
Access to the system where the client is installed or its file system
User interaction (UI:R indicates user action required, likely opening/viewing logs)

Information disclosureSensitive data exposure (credentials and configuration)Requires valid credentialsLow exploitation complexity

Exploitability

Low exploit probability (EPSS 0.4%)

Affected products (1)

ProductAffected VersionsFix Status

SINEMA Remote Connect Client<V3.1 SP13.1 SP1

Remediation & Mitigation

0/5

Do now

0/2

WORKAROUNDAfter patching, backup and clear all log files from the client installation

HARDENINGChange all VPN credentials used by SINEMA Remote Connect Client accounts

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate SINEMA Remote Connect Client to version 3.1 SP1 or later

Long-term hardening

0/2

HARDENINGRestrict network access to SINEMA Remote Connect Client systems using firewalls and access controls

HARDENINGImplement defense-in-depth controls and follow Siemens operational security guidelines for your industrial environment

CVEs (1)

CVE-2024-22045

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/787d2304-f4f2-4e16-ab51-5fb0c347614b