Siemens reports vulnerabilities in SINEC Security Monitor, including two critical
Take action: If you are running SINEC Security Monitor, make sure it's isolated and only accessible from secure networks. Then patch it ASAP - it has some very serious flaws.
Learn More
Siemens has disclosed several critical security vulnerabilities affecting the SINEC Security Monitor, a modular cybersecurity software used in critical infrastructure sectors. The vulnerabilities are exploitable remotely and have low attack complexity.
-
CVE-2024-47553 (CVSS score 9.9) – Argument Injection - This flaw allows an authenticated, low-privileged remote attacker to execute arbitrary code with root privileges by exploiting improper neutralization of argument delimiters in the ssmctl-client command.
-
CVE-2024-47562 (CVSS score 9.3) – Command Injection - This vulnerability permits a low-privileged local attacker to execute privileged commands in the underlying OS by exploiting improper neutralization of special elements in user input.
-
CVE-2024-47563 (CVSS score 6.9) – Path Traversal - An unauthenticated remote attacker can create files in unauthorized directories, compromising the integrity of files by exploiting improper validation of file paths in CSR file creation.
-
CVE-2024-47565 (CVSS score 5.3) – Permissive List of Allowed Inputs - This vulnerability allows an authenticated attacker to compromise the configuration integrity by sending inputs that bypass input validation mechanisms.
The flaws affect all SINEC Security Monitor versions prior to V4.9.0.
Successful exploitation of these vulnerabilities could allow attackers to:
- Execute arbitrary code with elevated privileges.
- Compromise the integrity of system configurations.
- Execute unauthorized privileged commands on the affected application.
Siemens has released version V4.9.0 of SINEC Security Monitor, which addresses these vulnerabilities. Users are advised to update to SINEC Security Monitor V4.9.0 or later to mitigate the risk of exploitation.
