SB2024041510 - Multiple vulnerabilities in the Siemens SIMATIC S7-1500 TM MFP

Description

This security bulletin contains information about 8 secuirty vulnerabilities.

1) Resource management error (CVE-ID: CVE-2023-5678)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within DH_generate_key() and DH_check_pub_key() functions. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.

2) Resource management error (CVE-ID: CVE-2023-3817)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the application when checking the long DH keys. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.

3) Out-of-bounds read (CVE-ID: CVE-2023-6121)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in the NVMe-oF/TCP subsystem in the Linux kernel. A remote attacker can send specially crafted data to the system, trigger an out-of-bounds read error and read contents of memory.

4) Use-after-free (CVE-ID: CVE-2023-6817)

The vulnerability allows a local authenticated user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the netfilter nf_tables component in Linux kernel. A local authenticated user can trigger a use-after-free error and escalate privileges on the system.

5) Out-of-bounds write (CVE-ID: CVE-2023-6931)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in the Linux kernel's Performance Events system component. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.

6) Use-after-free (CVE-ID: CVE-2023-6932)

The vulnerability allows a local authenticated user to execute arbitrary code.

The vulnerability exists due to a use-after-free error within the ipv4 igmp component in Linux kernel. A local authenticated user can trigger a use-after-free error and execute arbitrary code.

7) Use-after-free (CVE-ID: CVE-2023-45898)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in fs/ext4/extents_status.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

8) NULL pointer dereference (CVE-ID: CVE-2024-0727)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error when processing fields in the PKCS12 certificate. A remote attacker can pass specially crafted certificate to the server and perform a denial of service (DoS) attack.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

• https://cert-portal.siemens.com/productcert/txt/ssa-265688.txt