On July 11, 2024, Siemens released an advisory concerning vulnerabilities in the SINEMA Remote Connect Server. The identified vulnerabilities involve command injection issues that could allow an authenticated local attacker to execute arbitrary code with system privileges. The vulnerabilities affect versions of SINEMA Remote Connect Client prior to V3.2 HF1, making it essential for users to update to the latest version to mitigate risks.
The vulnerabilities stem from improper neutralization of special elements used in commands, as described in CWE-77. This flaw permits unauthorized code execution due to insufficient input sanitation when handling VPN and proxy configurations. Three specific vulnerabilities were reported, each assigned CVEs and CVSS scores reflecting their severity. For instance, CVE-2024-39567 and CVE-2024-39568 have CVSS v4 scores of 8.5, while CVE-2024-39569 has a score of 7.5.
Siemens has responded by releasing updates to address these issues, advising users to upgrade to SINEMA Remote Connect Client version V3.2 HF1 or later. The company also underscores the importance of securing network access and adhering to its operational guidelines for industrial security. Detailed information and mitigation strategies are available on Siemens’ industrial security webpage.
The Cybersecurity and Infrastructure Security Agency (CISA) also provides recommendations for minimizing the risk of exploitation. CISA urges organizations to conduct thorough impact analyses and implement defensive measures as outlined in their security advisories. While no public exploitation of these vulnerabilities has been reported, CISA advises vigilance and prompt action to protect critical infrastructure sectors affected by these vulnerabilities.