As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
1. EXECUTIVE SUMMARY
- CVSS v4 9.4
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: SINEC NMS
- Vulnerabilities: Use After Free, Improper Input Validation, Deserialization of Untrusted Data, Improper Restriction of Operations within the Bounds of a Memory Buffer, Uncontrolled Resource Consumption, Out-of-bounds Read, Improper Restriction of Recursive Entity References in DTDs (‘XML Entity Expansion’), Privilege Dropping / Lowering Errors, Allocation of Resources Without Limits or Throttling, Execution with Unnecessary Privileges, Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’), Incorrect Authorization
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to affect confidentiality, integrity, and availability of affected devices
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following products of Siemens, are affected:
- SINEC NMS: versions prior to V3.0
3.2 Vulnerability Overview
3.2.1 USE AFTER FREE CWE-416
A use-after-free flaw was found in mm/mempolicy.c in the memory management subsystem in the Linux Kernel. This issue is caused by a race between mbind() and VMA-locked page fault, and may allow a local attacker to crash the system or lead to a kernel information leak.