Siemens SINEC NMS < V2.0 SP1 Multiple Vulnerabilities

critical Nessus Plugin ID 191429

Synopsis

Siemens SINEC NMS Server installed on the remote host is affected by multiple vulnerabilities.

Description

The version of Siemens SINEC NMS installed on the remote host is prior to 2.0.1.0. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA-943925 advisory.

- coreruleset (aka OWASP ModSecurity Core Rule Set) through 3.3.4 does not detect multiple Content-Type request headers on some platforms. This might allow attackers to bypass a WAF with a crafted payload, aka Content-Type confusion between the WAF and the backend application. This occurs when the web application relies on only the last Content-Type header. Other platforms may reject the additional Content-Type header or merge conflicting headers, leading to detection as a malformed header.
(CVE-2023-38199)

- Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target (URL) data and is then re-inserted into the proxied request-target using variable substitution. For example, something like: RewriteEngine on RewriteRule ^/here/(.*) http://example.com:8080/elsewhere?$1; [P] ProxyPassReverse /here/ http://example.com:8080/ Request splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended URLs to existing origin servers, and cache poisoning. Users are recommended to update to at least version 2.4.56 of Apache HTTP Server. (CVE-2023-25690)

- The use of `Module._load()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js. (CVE-2023-32002)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Siemens SINEC NMS Server version 2 Service Pack 1 or later.

See Also

http://www.nessus.org/u?f6bd043b

https://www.cisa.gov/news-events/ics-advisories/icsa-24-046-15

Plugin Details

Severity: Critical

ID: 191429

File Name: siemens_sinec_nms_2_sp1.nasl

Version: 1.2

Type: local

Agent: windows

Family: Windows

Published: 2/29/2024

Updated: 3/1/2024

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2023-38545

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:siemens:sinec_nms

Required KB Items: installed_sw/SINEC NMS

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 1/3/2024

Vulnerability Publication Date: 2/13/2024

Reference Information

CVE: CVE-2022-4203, CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0216, CVE-2023-0217, CVE-2023-0286, CVE-2023-0401, CVE-2023-1255, CVE-2023-2454, CVE-2023-2455, CVE-2023-25690, CVE-2023-2650, CVE-2023-27522, CVE-2023-27533, CVE-2023-27534, CVE-2023-27535, CVE-2023-27536, CVE-2023-27537, CVE-2023-27538, CVE-2023-28319, CVE-2023-28320, CVE-2023-28321, CVE-2023-28322, CVE-2023-28709, CVE-2023-2975, CVE-2023-30581, CVE-2023-30582, CVE-2023-30583, CVE-2023-30584, CVE-2023-30585, CVE-2023-30586, CVE-2023-30587, CVE-2023-30588, CVE-2023-30589, CVE-2023-30590, CVE-2023-31124, CVE-2023-31130, CVE-2023-31147, CVE-2023-32002, CVE-2023-32003, CVE-2023-32004, CVE-2023-32005, CVE-2023-32006, CVE-2023-32067, CVE-2023-32558, CVE-2023-32559, CVE-2023-34035, CVE-2023-3446, CVE-2023-35945, CVE-2023-38039, CVE-2023-3817, CVE-2023-38199, CVE-2023-38545, CVE-2023-38546, CVE-2023-39417, CVE-2023-39418, CVE-2023-41080, CVE-2023-46120, CVE-2024-23810, CVE-2024-23811, CVE-2024-23812

ICSA: 24-046-15