More than a dozen flaws discovered in Siemens industrial network management system

Cybersecurity researchers have revealed details of 15 security flaws in the Siemens SINEC network management system (NMS), some of which could be chained together by an attacker to achieve remote code execution on affected systems.
“The vulnerabilities, if exploited, pose a number of risks to Siemens devices on the network, including denial of service attacks, credential leaks, and remote code execution under certain circumstances. “said industrial security firm Claroty in a new report.

The shortcomings in question – followed by CVE-2021-33722 through CVE-2021-33736 – were fixed by Siemens in version V1.0 SP2 Update 1 as part of updates shipped on October 12, 2021.
“The most severe could allow an authenticated remote attacker to execute arbitrary code on the system, with system privileges, under certain conditions,” Siemens noted in an advisory at the time.

The main weakness is CVE-2021-33723 (CVSS score: 8.8), which allows elevation of privileges to an administrator account and could be combined with CVE-2021-33722 (CVSS score: 7.2), a flaw path traversal, to execute arbitrary code remotely.
Another notable flaw involves a SQL injection case (CVE-2021-33729, CVSS score: 8.8) which could be exploited by an authenticated attacker to execute arbitrary commands in the local database.

“SINEC occupies a powerful central position within the network topology as it requires access to credentials, cryptographic keys and other secrets granting it administrator access in order to manage network devices,” said said Noam Moshe of Claroty.
“From the perspective of an attacker performing an off-the-ground living-type attack where legitimate credentials and network tools are abused to conduct malicious activity, access and control, SINEC places an attacker in a prime position to : recognition, lateral movement and escalation of privileges.