Siemens Security Advisory by Siemens ProductCERT – 9th Nov 2021

Preface: Directory traversal (path traversal) happens when the attacker is able to read files on the web server outside of the directory of the website. Directory traversal is only possible if the website developer makes mistakes.

Background: SIMATIC PCS 7 Web can be used to operate and monitor a
plant via Intranet or Internet. Extensive configuration options enable individualized and secure online access to the operator control and monitoring level of the production plant. This enables remote control room concepts to be realized. The new version expands the integration of mobile devices for plant monitoring even further.

Vulnerability details:

CVE-2021-40364
The affected systems store sensitive information in log files. An attacker with access to the log files could publicly expose the information or reuse it to develop further attacks on the system.

CVE-2021-40359
When downloading files, the affected systems do not properly neutralize special elements within the pathname. An attacker could then cause the pathname to resolve to a location outside of the restricted directory on the server and read unexpected critical files.

CVE-2021-40358
Legitimate file operations of the affected systems do not properly neutralize special elements within the pathname. An attacker could then cause the pathname to resolve to a location outside of the restricted directory on the server and read, write or delete unexpected critical files.

Official announcement: https://cve.report/CVE-2021-40364/e6b9d41.pdf

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.