Siemens SINEMA reports multiple vulnerabilities, two critical
Take action: If you are using SINEMA Remote Connect Client make sure running on systems isolated from the internet and accessible only from trusted networks. Then apply the relevant patches.
Learn More
Siemens has addressed multiple security vulnerabilities affecting their SINEMA Remote Connect Client product. These vulnerabilities potentially impact multiple critical infrastructure sectors worldwide.
Vulnerabilities summary
- CVE-2024-1305 (CVSS score 9.3): Integer Overflow or Wraparound - The tap-windows6 driver version 9.26 and earlier doesn't properly check incoming write operation sizes, potentially allowing arbitrary code execution in kernel space.
- CVE-2024-27903 (CVSS score 9.3): Unrestricted Upload of File with Dangerous Type - OpenVPN plug-ins on Windows with OpenVPN 2.6.9 and earlier could be loaded from any directory, enabling arbitrary plug-in loading.
- CVE-2024-24974 (CVSS score 8.7): Improper Communication Channel Restriction - The interactive service in OpenVPN 2.6.9 and earlier allows remote access to the OpenVPN service pipe, enabling interaction with the privileged service.
- CVE-2024-27459 (CVSS score 8.5): Stack-Based Buffer Overflow - The interactive service in OpenVPN 2.6.9 and earlier is vulnerable to stack overflow attacks, potentially allowing code execution with elevated privileges.
- CVE-2024-28882 (CVSS score 7.1): Missing Release of Resource - OpenVPN from 2.6.0 through 2.6.10 in server mode accepts multiple exit notifications from authenticated clients, extending closing session validity.
- CVE-2024-4877 (CVSS score 6.9): Unprotected Alternate Channel - Attackers with SeImeprsonatePrivilege could create a named pipe server to impersonate users running the UI.
The following Siemens products are affected:
- SINEMA Remote Connect Client: All versions below V3.2 SP3
Siemens has released updated versions of the affected software. Users are encouraged to update to SINEMA Remote Connect Client V3.2 SP3 or later. As general security measures, Siemens recommends:
- Protecting network access to devices with appropriate mechanisms
- Operating devices in a protected IT environment configured according to Siemens' operational guidelines for industrial security
- Following recommendations in the product manuals
No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.
