Siemens Security Snafu: Patch Now to Prevent Potential Chaos in Your NMS!

Siemens SINEC NMS users, it’s time to update or risk a cyber headache! CISA waves goodbye to updates, leaving you to fend off vulnerabilities with a snazzy V2.0 SP2 patch. Don’t dawdle—secure your systems before hackers RSVP to this vulnerability party.

Hot Take:

Here we go again, folks! Another day, another set of vulnerabilities – this time in Siemens’ SINEC NMS. It’s like a never-ending game of whack-a-mole, but instead of moles, it’s bugs, and instead of a carnival, it’s critical infrastructure. Thanks, Siemens, for keeping our cybersecurity reflexes sharp!

Key Points:

  • Exploitable remotely? Check. Low attack complexity? Double-check. Siemens’ SINEC NMS has vulnerabilities with a CVSS v4 score of 7.2.
  • Attackers could potentially have a field day with the confidentiality, integrity, and availability of the affected systems.
  • Affected products include all versions of SINEC NMS prior to V2.0 SP2. It’s update time, folks!
  • Siemens has thrown in the mitigation towel by recommending an update to V2.0 SP2 or later. Also, protect your network like it’s a newborn kitten.
  • CISA chimes in with advice: minimize network exposure, isolate and firewall your control systems, and maybe don’t click on that sketchy email link, Karen.
Title: Excessive time spent checking DH q parameter value
Cve id: CVE-2023-3817
Cve state: PUBLISHED
Cve assigner short name: openssl
Cve date updated: 07/31/2023
Cve description: Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs various checks on DH parameters. After fixing CVE-2023-3446 it was discovered that a large q parameter value can also trigger an overly long computation during some of these checks. A correct q value, if present, cannot be larger than the modulus p parameter, thus it is unnecessary to perform these checks if q is larger than p. An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. The function DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check(). Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the "-check" option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

Cve id: CVE-2024-31978
Cve state: PUBLISHED
Cve assigner short name: siemens
Cve date updated: 04/09/2024
Cve description: A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP2). Affected devices allow authenticated users to export monitoring data. The corresponding API endpoint is susceptible to path traversal and could allow an authenticated attacker to download files from the file system. Under certain circumstances the downloaded files are deleted from the file system.

Title: Excessive time spent in DH check / generation with large Q parameter value
Cve id: CVE-2023-5678
Cve state: PUBLISHED
Cve assigner short name: openssl
Cve date updated: 11/07/2023
Cve description: Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_generate_key() to generate an X9.42 DH key may experience long delays. Likewise, applications that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check() to check an X9.42 DH key or X9.42 DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. While DH_check() performs all the necessary checks (as of CVE-2023-3817), DH_check_pub_key() doesn't make any of these checks, and is therefore vulnerable for excessively large P and Q parameters. Likewise, while DH_generate_key() performs a check for an excessively large P, it doesn't check for an excessively large Q. An application that calls DH_generate_key() or DH_check_pub_key() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. DH_generate_key() and DH_check_pub_key() are also called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate(). Also vulnerable are the OpenSSL pkey command line application when using the "-pubcheck" option, as well as the OpenSSL genpkey command line application. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

Need to know more?

DH Key Extravaganza

Imagine a lock so complex, it takes an eternity to open. Now imagine a digital version of that lock, but instead of keeping your secrets safe, it grinds your system to a halt. That's what we've got with the DH key issues in the OpenSSL vulnerabilities. It's like having a bouncer that's so thorough, no one gets into the club—ever. If you're into slow-motion denial-of-service attacks, this is your jam!

Worldwide Woes

These vulnerabilities aren't just chilling in a corner; they've got a passport and are traveling—worldwide! With Siemens' gear spread far and wide, it's like a bug buffet, and everyone's invited. So, if you're part of the critical manufacturing sector, it's time to roll up your sleeves and get patching.

Who Ya Gonna Call? Mitigators!

Alright, if you're using Siemens' SINEC NMS, don't panic—but maybe hurry a little. The magic fix is to update to V2.0 SP2 or later. And while you're at it, give your network the fortress treatment. Siemens suggests treating your network access like a VIP list at an exclusive party—no name, no entry.

It's Not Paranoid if They're Really After You

CISA's stepping in as the cybersecurity Dr. Phil, offering advice on how to not get digitally bamboozled. Keep your systems behind a firewall and use VPNs like they're going out of style (just make sure they're up-to-date). And remember, if something looks phishy, it probably is. Don't take the bait!

No Free Hacks Today

For now, it seems like these vulnerabilities are like an unopened can of worms—no one's officially reported exploitation yet. But in the cyber world, today's "no known exploits" can turn into tomorrow's "Oops, we've been hacked." So, let's stay vigilant and keep our digital doors locked, shall we?

Tags: Critical Infrastructure Protection, Denial of Service Attack, Industrial Security Guidelines, Network Security, OpenSSL Vulnerabilities, Siemens SINEC NMS, vulnerability management