Multiple Vulnerabilities in Apache HTTP Server Affecting Siemens Products

Act Now9.8SSA-685781Jun 14, 2022

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Multiple critical vulnerabilities exist in the Apache HTTP Server used by Siemens network management products. The vulnerabilities include NULL pointer dereferencing (CWE-476), out-of-bounds write (CWE-787), and server-side request forgery (CWE-918). These flaws allow remote attackers to crash services, execute code, or bypass security controls without authentication. Siemens has released patches for SINEC NMS and SINEMA Remote Connect Server, but RUGGEDCOM NMS and SINEMA Server V14 will not receive patches.

What this means

What could happen

An attacker could crash network management servers, bypass security controls, or execute unauthorized commands on RUGGEDCOM and SINEMA servers without any authentication. This could disrupt remote management capabilities, compromise firmware integrity, or allow lateral movement into your industrial network.

Who's at risk

This vulnerability affects Siemens network management and remote access products used by water authorities, electric utilities, and other critical infrastructure operators. Specifically, RUGGEDCOM NMS (used for industrial network management), SINEC NMS (network management), SINEMA Remote Connect Server (remote access for field technicians), and SINEMA Server V14 (centralized management) are at risk.

How it could be exploited

An attacker on the network sends a malicious HTTP request to the Apache server running on the affected device. The request triggers a NULL pointer dereference, buffer overflow, or SSRF condition, allowing code execution or denial of service. No credentials or special device configuration are required.

Prerequisites

Network access to the HTTP/HTTPS port on the affected server (typically 80/443)
No authentication required

remotely exploitableno authentication requiredlow complexityactively exploited (KEV)high EPSS score (94.4%)no patch available for RUGGEDCOM NMS and SINEMA Server V14affects network management and remote access infrastructure

Exploitability

Actively exploited — confirmed by CISA KEV

Affected products (4)

2 with fix2 EOL

ProductAffected VersionsFix Status

SINEC NMS< V1.0.31.0.3

SINEMA Remote Connect Server< V3.13.1

SINEMA Server V14All versionsNo fix (EOL)

RUGGEDCOM NMSAll versions when using the device firmware upgrade mechanismNo fix (EOL)

Remediation & Mitigation

0/5

Do now

0/4

SINEC NMS

HOTFIXUpdate SINEC NMS to version 1.0.3 or later

SINEMA Remote Connect Server

HOTFIXUpdate SINEMA Remote Connect Server to version 3.1 or later

SINEMA Server V14

HARDENINGFor RUGGEDCOM NMS and SINEMA Server V14 (no patches available): Implement network segmentation to restrict HTTP/HTTPS access to management servers. Only allow connections from authorized engineering workstations on a separate management VLAN

All products

HARDENINGDisable direct internet exposure of affected management servers. Place them behind a firewall with restrictive inbound rules

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGMonitor network traffic to management servers for suspicious HTTP requests and implement intrusion detection signatures

CVEs (3)

CVE-2021-34798 CVE-2021-39275 CVE-2021-40438

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/5928451a-d62d-4378-b492-52e44080d929