Critical vulnerabilities enable code execution in Siemens products; update now

A Siemens security report revealed that some of its Digital Industries Software solutions for product development have more than 20 vulnerabilities that could be exploited for arbitrary code execution by sending malicious files. These flaws were reported through The Zero Day Initiative (ZDI) and the U.S. Cybersecurity and Infrastructure Security Agency (CISA).

La imagen tiene un atributo ALT vacío; su nombre de archivo es cisa1801202101.jpg

The notice mentions that the affected solutions are Siemens JT2Go, a tool for 3D visualization, and Teamcenter Visualization, for viewing documents, 2D designs, and 3D models. In a second notice, the company revealed six vulnerabilities in Siemens Solid Edge, a suite of 3D design and visualization software tools.

The vast majority of these reports refer to high severity flaws that can lead to arbitrary code execution in vulnerable solution processes. According to CISA, these vulnerabilities are related to incorrect validation of user input when analyzing particular file formats; to complete an attack, threat actors must trick the target user into opening a specially designed file. Hackers could trigger this flaw using formats like JT, CG4, CGM, PDF, RGB, TGA, PAR, ASM, PCX, SGI and DFT.

After receiving the report, Siemens began working on the necessary fixes and publishing alternative solutions for those flaws that have not been corrected up to this point. Finally, Siemens issued a separate notice describing a couple vulnerabilities in SCALANCE X. These security flaws, considered as critical, could trigger Man-in-The-Middle (MiTM) attacks and denial of service (DoS) conditions.

Similar flaws at Schneider Electric

CISA also referred to the finding of at least three vulnerabilities in Schneider Electric products, including a flaw in its Sepam ACE850 communication interface, in the Operator Terminal Expert and Pro-face BLUE solutions. According to the Agency, these flaws would allow arbitrary code to run on vulnerable systems when processing specially designed SSD files.