Siemens reports vulnerabilities in SINEMA Remote Connect Client, including critical

Siemens has identified multiple security vulnerabilities in its SINEMA Remote Connect Client, which could potentially allow attackers to bypass multi-factor authentication or compromise user configuration data. These vulnerabilities affect all versions of the SINEMA Remote Connect Client prior to V3.2 SP2.

https://www.cisa.gov/news-events/ics-advisories/icsa-24-256-10

Key Vulnerabilities:

1. CVE-2023-46850 (CVSS score 9.8) - Use After Free - This vulnerability in OpenVPN versions 2.6.0 to 2.6.6 can lead to memory leaks or remote code execution.

2. CVE-2024-2004 (CVSS score 5.3) - Improper Input Validation - A flaw in protocol selection allows unintended plaintext protocol use.

3. CVE-2024-2379 (CVSS score 4.3) - Improper Certificate Validation - In specific conditions, libcurl skips certificate verification for QUIC connections.

4. CVE-2024-2398 (CVSS score 7.5) - Missing Release of Resource After Effective Lifetime - Memory leak due to incomplete release of HTTP/2 server push resources in libcurl.

5. CVE-2024-2466 (CVSS score 7.1) - Improper Validation of Certificate with Host Mismatch - libcurl does not validate certificates for TLS connections made to hosts specified as IP addresses.

6. CVE-2024-32006 (CVSS score 5.3) - Insufficient Session Expiration - Sessions do not expire on reboot without logout, allowing MFA bypass.

7. CVE-2024-42344 (CVSS score 4.8) - Insertion of Sensitive Information into Log File - Sensitive data is logged in files accessible to authenticated users.

Exploitation of these vulnerabilities could allow attackers to bypass security measures like multi-factor authentication or gain unauthorized access to sensitive data, potentially compromising the confidentiality and integrity of the system.

Siemens recommends updating the SINEMA Remote Connect Client to V3.2 SP2 or a later version. For vulnerabilities like CVE-2024-32006, it is suggested to use a login with a Smartcard/User certificate instead of TOTP-based two-factor authentication.