Siemens has released a security advisory concerning vulnerabilities in the SINEMA Remote Connect Server, which allows for remote access to industrial control systems. These vulnerabilities, identified as command injection flaws, can be exploited remotely with low attack complexity. The flaws stem from improper neutralization of special elements in command inputs, which could enable an attacker to execute arbitrary code with root privileges. Siemens recommends users update to version V3.2 HF1 or later to mitigate the risks.
The vulnerabilities affect all versions of the SINEMA Remote Connect Server, specifically when handling VxLAN and SNMP configurations. Attackers with proper access can exploit these weaknesses, leading to a complete compromise of the system, allowing them to take control of the server and execute unauthorized commands. CVE-2024-39570 and CVE-2024-39571 have been assigned to these issues, with a CVSS v4 score of 8.7, indicating a high level of severity.
Siemens emphasizes the importance of securing network access to the affected devices and recommends applying best practices for operating in a protected IT environment. These include restricting remote access, using secure methods such as VPNs, and ensuring firewalls isolate critical systems from business networks. Siemens also encourages users to follow the security guidelines outlined in their product manuals for further protection.
CISA, the U.S. Cybersecurity and Infrastructure Security Agency, has echoed these recommendations and advises organizations to take proactive defensive measures. By implementing Siemens’ security updates and reducing network exposure, users can significantly reduce the risk of exploitation. No known public exploits for these vulnerabilities have been reported at this time.
