Third-Party Component Vulnerabilities in SINEC NMS before V1.0.3.1

Act Now9.8SSA-892048May 9, 2023

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Multiple vulnerabilities in third-party components libexpat and libcurl bundled with SINEC NMS before V1.0.3.1 could allow an attacker to impact confidentiality, integrity, and availability of the application. The vulnerabilities include issues with memory handling (CWE-121, CWE-416, CWE-415), component configuration (CWE-440, CWE-1286), and insecure communication (CWE-319).

What this means

What could happen

An attacker could remotely execute code on the SINEC NMS server, read sensitive network and device configuration data, modify device settings, or crash the management system, disrupting visibility and control of critical Siemens network infrastructure.

Who's at risk

Operators of Siemens SINEC NMS (network management system for industrial networks) should prioritize this update. This affects any organization using SINEC NMS to manage and monitor Siemens SCADA, PLC, and industrial network devices in water utilities, electric utilities, manufacturing, and critical infrastructure.

How it could be exploited

An attacker with network access to the SINEC NMS application port could send a malicious XML payload (via libexpat) or crafted HTTP request (via libcurl) to trigger memory corruption or other flaws. No authentication or user interaction is required. Successful exploitation results in remote code execution on the NMS server with the privileges of the application process.

Prerequisites

Network access to SINEC NMS application port
SINEC NMS version before V1.0.3.1

remotely exploitableno authentication requiredlow complexityhigh CVSS score (9.8)affects network management/visibility system

Exploitability

Moderate exploit probability (EPSS 2.6%)

Affected products (1)

ProductAffected VersionsFix Status

SINEC NMS< V1.0.3.11.0.3.1

Remediation & Mitigation

0/1

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate SINEC NMS to version 1.0.3.1 or later

CVEs (9)

CVE-2022-32221 CVE-2022-35252 CVE-2022-35260 CVE-2022-40674 CVE-2022-42915 CVE-2022-42916 CVE-2022-43551 CVE-2022-43552 CVE-2022-43680

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/e5078aa1-19c2-442a-8ffa-c59163cc408b