SB2022031012 - Multiple vulnerabilities in Siemens RUGGEDCOM ROS

Description

This security bulletin contains information about 6 secuirty vulnerabilities.

1) Cross-site scripting (CVE-ID: CVE-2021-37208)

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

2) Information Exposure Through Timing Discrepancy (CVE-ID: CVE-2021-42016)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the an exploitable timing discrepancy issue. A remote attacker can disclose sensitive information on the target system.

3) Improperly implemented security check for standard (CVE-ID: CVE-2021-42017)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the implementation flaws of the CBC encryption mode. A remote attacker can perform a man-in-the-middle attack and eavesdrop on encrypted communications.

4) Heap-based buffer overflow (CVE-ID: CVE-2021-42018)

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. A remote administrator can pass specially crafted data to the application, trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

5) Integer overflow (CVE-ID: CVE-2021-42019)

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow. A remote administrator can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

6) Improper Check for Unusual or Exceptional Conditions (CVE-ID: CVE-2021-42020)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to third-party component in its TFTP functionality fails to check for null terminations in file names. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://cert-portal.siemens.com/productcert/pdf/ssa-256353.pdf