As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
1. EXECUTIVE SUMMARY
- CVSS v3 9.1
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: Third-Party Components in SINEC OS
- Vulnerabilities: Improper Input Validation, Use After Free, Out-of-bounds Read, Incorrect Check of Function Return Value, Incorrect Comparison, Improper Control of Resource Identifiers (‘Resource Injection’), Concurrent Execution using Shared Resource with Improper Synchronization (‘Race Condition’), NULL Pointer Dereference, Excessive Platform Resource Consumption within a Loop, Allocation of Resources Without Limits or Throttling, Improper Restriction of Operations within the Bounds of a Memory Buffer, Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’), Improper Resource Shutdown or Release, Transmission of Private Resources into a New Sphere (‘Resource Leak’), Return of Wrong Status Code, Integer Overflow or Wraparound, Double Free, Buffer Access with Incorrect Length Value, Use of Uninitialized Variable, Missing Release of Memory after Effective Lifetime, Improper Locking, Improper Handling of Values, Use of Uninitialized Resource, Uncontrolled Resource Consumption, Improper Resource Locking, Buffer Underwrite (‘Buffer Underflow’), Out-of-bounds Write, Expired Pointer Dereference, Improper Control of a Resource Through its Lifetime, Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’), Incomplete Cleanup, Access of Resource Using Incompatible Type (‘Type Confusion’), Divide By Zero, Improper Validation of Array Index, Access of Uninitialized Pointer, Operation on a Resource after Expiration or Release, Sensitive Information in Resource Not Removed Before Reuse, Improper Handling of Exceptional Conditions, Deadlock, Improper Initialization, Detection of Error Condition Wi
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.This article has been indexed from All CISA AdvisoriesRead the original article: