Siemens this week released nine new security advisories describing vulnerabilities affecting the company’s products.
The biggest advisory covers 21 security holes affecting JT2Go, a 3D viewing tool for JT data (ISO-standardized 3D data format), and Teamcenter Visualization, which provides organizations visualization solutions for documents, 2D drawings, and 3D models. These products are made by Siemens Digital Industries Software, which specializes in product lifecycle management (PLM) solutions.
All of these vulnerabilities are related to how certain types of files are parsed by these products. An attacker can exploit them for arbitrary code execution, data extraction, and DoS attacks if they can trick the targeted user into opening a malicious file. Many of the issues affect the Siemens products due to their use of the Open Design Alliance (ODA) Drawings SDK. The ODA has published its own advisory for the flaws.
Last month, Siemens informed customers about 18 similar file parsing vulnerabilities in JT2Go and Teamcenter Visualization.
Will Dormann from the CERT Coordination Center (CERT/CC) at Carnegie Mellon University informed Siemens about a serious privilege escalation issue affecting the Totally Integrated Administrator (TIA) portal. An advisory for this vulnerability has also been published on the CERT/CC website.
A high-severity privilege escalation vulnerability was also discovered in DIGSI 4, the operation and configuration software for SIPROTEC 4 and SIPROTEC Compact protection devices.
The German industrial giant also informed customers about a high-severity “Zip-Slip” vulnerability affecting SINEC and SINEMA network management products. The flaw allows an authenticated attacker to upload files or modify existing ones and possibly achieve arbitrary code execution.
Customers were also informed about six medium- and high-severity DoS issues affecting RUGGEDCOM products. The flaws are related to IPsec and they impact the Network Security Services (NSS) and Libreswan components.
Siemens also issued an advisory for CVE-2020-28388, one of the nine TCP/IP stack vulnerabilities disclosed this week by cybersecurity firm Forescout. The flaws, tracked collectively as NUMBER:JACK, allow attackers to hijack or spoof TCP connections.
Patches from Schneider Electric
Schneider Electric only released one new advisory this Patch Tuesday to inform customers about the existence of three vulnerabilities affecting some of its PowerLogic power metering products.
Two of the vulnerabilities rated high severity, can allow a man-in-the-middle attacker to obtain credentials when intercepting Telnet and HTTP traffic between a user and a device. The third issue is a medium-severity CSRF bug that can be exploited to perform actions on behalf of a legitimate user.
The company has started releasing firmware updates for the impacted products.