Siemens INTRALOG WMS

Plan Patch8ICS-CERT ICSA-24-228-02Aug 13, 2024

Attack VectorAdjacent

Auth RequiredNone

ComplexityHigh

User InteractionNone needed

Summary

INTRALOG WMS before V4 contains vulnerabilities in SQL Client-Server communication (CWE-319) and .NET framework (CWE-122) that could allow an unauthenticated attacker on the INTRALOG WMS network to decrypt and modify client-server communication or potentially execute arbitrary code on application servers.

What this means

What could happen

An attacker on your warehouse network could decrypt messages between the WMS client and server, alter inventory records or material routing commands, or run code that disrupts warehouse operations or causes incorrect shipments.

Who's at risk

Warehouse management operations using INTRALOG WMS (Version 3 and earlier). This affects organizations managing material handling, inventory, and shipping operations in industrial or logistics environments where Siemens INTRALOG WMS controls warehouse equipment and processes.

How it could be exploited

An attacker with network access to the INTRALOG WMS LAN could intercept unencrypted or weakly encrypted SQL traffic between client workstations and the application server, decrypt the communication, inject malicious commands, or leverage .NET framework flaws to execute arbitrary code on the server.

Prerequisites

Network access to INTRALOG WMS LAN (not remotely exploitable from internet)
Ability to observe or intercept network traffic on the local network segment

no authentication required for network-based attacklow attack complexityaffects warehouse control systemunencrypted or weak encryption of client-server communication

Exploitability

Low exploit probability (EPSS 0.9%)

Affected products (1)

ProductAffected VersionsFix Status

INTRALOG WMS<V44 or later version

Remediation & Mitigation

0/4

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate INTRALOG WMS to version 4 or later

Long-term hardening

0/3

HARDENINGIsolate INTRALOG WMS network from business/corporate networks using firewalls and network segmentation

HARDENINGRestrict network access to INTRALOG WMS application servers and client workstations to authorized warehouse systems only

HARDENINGIf remote access to WMS is required, use a VPN with strong encryption and keep VPN software updated

CVEs (2)

CVE-2024-0056 CVE-2024-30045

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/7b8d3367-01c0-472e-a196-a07adcbecec1