Siemens’ Industrial Network Management System has more than a dozen flaws. Researchers discovered 15 security issues in the Siemens SINEC network management system (NMS), some of which might be exploited by an attacker to gain remote code execution on affected computers.
In a new research, industrial security firm Claroty stated that “the vulnerabilities, if exploited, offer a number of threats to Siemens devices on the network, including denial-of-service attacks, credential leaks, and remote code execution in some circumstances.”
Siemens resolved the flaws in question, which were tracked from CVE-2021-33722 to CVE-2021-33736, in version V1.0 SP2 Update 1 as part of updates released on October 12, 2021.
“Under some scenarios, the most severe might allow an authenticated remote attacker to execute arbitrary code on the system with system rights,” Siemens warned at the time.
CVE-2021-33723 (CVSS score: 8.8) is the most serious problem, as it enables for privilege escalation to an administrator account and can be combined with CVE-2021-33722 (CVSS score: 7.2), a path traversal flaw, to remotely execute arbitrary code.
Another major problem is a SQL injection vulnerability (CVE-2021-33729, CVSS score: 8.8) that could allow an authorized attacker to execute arbitrary instructions in the local database.
“SINEC occupies a powerful central position inside the network topology since it requires access to the credentials, cryptographic keys, and other secrets providing it administrator access in order to administer network devices,” according to Claroty’s Noam Moshe.
“From an attacker’s standpoint, access to and control of SINEC puts an attacker in perfect position for reconnaissance, lateral movement, and privilege escalation in a living-off-the-land type of attack where legitimate credentials and network tools are misused to carry out malicious activity.”
Have you enjoyed reading this article? To read more exclusive material from LEZR, follow us on Facebook.