More than a dozen flaws found in Siemens industrial network management system


Cybersecurity researchers have released details about 15 security flaws in the Siemens SINEC network management system (NMS), some of which could be chained by an attacker to cause remote code execution on affected systems.

“If exploited, the vulnerabilities pose a number of risks to Siemens devices on the network, including denial-of-service attacks, credentials leaks and remote code execution under certain circumstances,” said industrial security firm Claroty. said in a new report.

The deficiencies in question — tracked from CVE-2021-33722 through CVE-2021-33736 — were addressed by Siemens in version V1.0 SP2 Update 1 as part of updates shipped on October 12, 2021.

“The most serious could allow a verified remote attacker to execute arbitrary code on the system under certain conditions, with system privileges,” Siemens said. noted at the time in an opinion.

Chief among the weaknesses is CVE-2021-33723 (CVSS score: 8.8), which allows escalation of privileges to an administrator account and can be combined with CVE-2021-33722 (CVSS score: 7.2), an error in path traffic, to execute arbitrary code remotely.

Another notable flaw relates to a case of SQL injection (CVE-2021-33729, CVSS score: 8.8) that could be exploited by an authenticated attacker to execute arbitrary commands in the local database.

“SINEC has a powerful central position within the network topology as it requires access to the credentials, cryptographic keys and other secrets that grant it administrator access to manage devices on the network,” said Claroty’s Noam Moshe.

“From the perspective of an attacker conducting a live-of-the-land attack that misuses legitimate credentials and network tools to perform malicious activity, access, and control, SINEC places an attacker in a prime position to: reconnoitre, lateral movement and escalation of privileges.”