CVE-2023-32736:Input Validation Vulnerability in Siemens TIA Portal and Related Products Allows Remote Code Execution

splash
Back

Description Preview

A critical vulnerability (CVE-2023-32736) affects multiple Siemens automation software products including SIMATIC S7-PLCSIM, STEP 7, WinCC, SIMOCODE ES, SIMOTION SCOUT TIA, SINAMICS Startdrive, SIRIUS Safety ES, and TIA Portal Cloud across various versions. The vulnerability stems from improper sanitization of user-controllable input when parsing user settings, which can lead to type confusion and potentially allow attackers to execute arbitrary code within the affected applications.

Overview

This vulnerability affects a wide range of Siemens industrial automation software products that are commonly used in manufacturing environments and critical infrastructure. The core issue is an input validation flaw where user-controllable data is not properly sanitized when the applications parse user settings. An attacker could exploit this vulnerability by providing specially crafted input that triggers a type confusion condition, ultimately allowing for arbitrary code execution within the context of the vulnerable application. This could potentially give attackers control over industrial systems, enabling them to disrupt operations or compromise the integrity of industrial processes. The vulnerability affects multiple versions of Siemens' automation software portfolio, with newer versions prior to specific updates being vulnerable.

Remediation

Users should update to the following patched versions as applicable:

  • SIMATIC STEP 7 Safety V17: Update to V17 Update 8 or later
  • SIMATIC STEP 7 Safety V18: Update to V18 Update 5 or later
  • SIMATIC STEP 7 V17: Update to V17 Update 8 or later
  • SIMATIC STEP 7 V18: Update to V18 Update 5 or later
  • SIMATIC WinCC Unified V17: Update to V17 Update 8 or later
  • SIMATIC WinCC Unified V18: Update to V18 SP5 or later
  • SIMATIC WinCC V17: Update to V17 Update 8 or later
  • SIMATIC WinCC V18: Update to V18 SP5 or later
  • SIMOCODE ES V17: Update to V17 Update 8 or later
  • SIRIUS Safety ES V17: Update to V17 Update 8 or later
  • SIRIUS Soft Starter ES V17: Update to V17 Update 8 or later
  • TIA Portal Cloud V17: Update to V4.6.0.1 or later
  • TIA Portal Cloud V18: Update to V4.6.1.0 or later

For products without available updates, consider implementing the following mitigations:

  • Restrict access to the affected software to trusted users only
  • Use the principle of least privilege when configuring user accounts
  • Implement network segmentation to isolate engineering workstations
  • Be cautious when opening project files from untrusted sources
  • Monitor systems for suspicious activities

References

  1. Siemens Security Advisory: https://cert-portal.siemens.com/productcert/html/ssa-871035.html
  2. MITRE CVE Entry: CVE-2023-32736
  3. Siemens ProductCERT Portal: https://cert-portal.siemens.com/

Industry ExposureMost to least
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.

  1. Accommodation & Food Services
    Accommodation & Food Services
  2. Administrative, Support, Waste Management & Remediation Services
    Administrative, Support, Waste Management & Remediation Services
  3. Agriculture, Forestry Fishing & Hunting
    Agriculture, Forestry Fishing & Hunting
  4. Arts, Entertainment & Recreation
    Arts, Entertainment & Recreation
  5. Construction
    Construction
  6. Educational Services
    Educational Services
  7. Finance and Insurance
    Finance and Insurance
  8. Health Care & Social Assistance
    Health Care & Social Assistance
  9. Information
    Information
  10. Management of Companies & Enterprises
    Management of Companies & Enterprises
  11. Manufacturing
    Manufacturing
  12. Mining
    Mining
  13. Other Services (except Public Administration)
    Other Services (except Public Administration)
  14. Professional, Scientific, & Technical Services
    Professional, Scientific, & Technical Services
  15. Public Administration
    Public Administration
  16. Real Estate Rental & Leasing
    Real Estate Rental & Leasing
  17. Retail Trade
    Retail Trade
  18. Transportation & Warehousing
    Transportation & Warehousing
  19. Utilities
    Utilities
  20. Wholesale Trade
    Wholesale Trade

Focus on What Matters

  1. See Everything.
  2. Identify True Risk.
  3. Proactively Mitigate Threats.

Let's talk!

background