Operating System:

[Win]

Published:

22 April 2014

Protect yourself against future threats.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2014.0055
 A number of vulnerabilities have been identified in Siemens SINEMA Server
                               22 April 2014

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Siemens SINEMA Server
Operating System:     Windows XP
                      Windows 7
                      Windows Server 2003
Impact/Access:        Execute Arbitrary Code/Commands -- Remote/Unauthenticated
                      Denial of Service               -- Remote/Unauthenticated
                      Unauthorised Access             -- Remote/Unauthenticated
Resolution:           Patch/Upgrade
CVE Names:            CVE-2014-2733 CVE-2014-2732 CVE-2014-2731
Member content until: Thursday, May 22 2014

OVERVIEW

        A number of vulnerabilities have been identified in Siemens SINEMA
        Server prior to V12 SP1. [1]


IMPACT

        The vendor has provided the following details regarding these 
        vulnerabilities:
        
        "Vulnerability 1 (CVE-2014-2731) The integrated web server at port 
        4999/tcp and port 80/tcp could allow unauthenticated remote code 
        execution, if an attacker has network access to the server.
        
        CVSS Base Score 9.3
        CVSS Temporal Score 7.3
        CVSS Overall Score 7.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C)
        
        Vulnerability 2 (CVE-2014-2732) The integrated web server at port 
        4999/tcp and port 80/tcp could allow unauthenticated directory 
        traversal on the server based on the applications file system 
        permissions if an attacker has network access to the server.
        
        CVSS Base Score 5.0
        CVSS Temporal Score 3.9
        CVSS Overall Score 3.9 (AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:OF/RC:C)
        
        Vulnerability 3 (CVE-2014-2733) An attacker could cause a Denial of
        Service of the SINEMA web interfaces at port 4999/tcp and port 
        80/tcp if specially crafted HTTP requests are sent to these ports. 
        To recover the web interfaces, the SINEMA server has to be restarted
        via the SINEMAserver-Monitor.
        
        CVSS Base Score 5.0
        CVSS Temporal Score 3.9
        CVSS Overall Score 3.9 (AV:N/AC:L/Au:N/C:N/I:N/A:P/E:POC/RL:OF/RC:C)" 
        [1]


MITIGATION

        The vendor recommends applying V12 SP1 to correct these 
        vulnerabilities. [1]


REFERENCES

        [1] SSA-364879: Vulnerabilities in SINEMA Server
            http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-364879.pdf

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBU1X7nBLndAQH1ShLAQJXgg/7BW67sRQttF3JRKBwWmtQhdD/0RBiTwQk
I4vU9/vQYviFXZ1ponvg3oOIM3qAz1iL7z9qk3KNqs5t42spzbOieCPpF42SGI6b
FycAXLSXgUr/UllfUXkNQ53932vrkMwRgQEzrhyLiLdCri1v8HLrBcsv8No4s9U4
H9IadD9BAWcTvI9IImTsI1fqrYCinOEtGVHY+7RmpUaTwai6cwp4L2xZvOl5CsXL
qgeeQ00YsVzduo74QCCrdFzhyPljxKesxNiprdzBXVC833DIa7q69/G0jbnINSQE
a2GrkD+y2tNYDwORJgwn5bhPebP2wUL0ofFs+C3R/7aML4473gwz+CMvgs98lA2G
oH4YYxqRpF5fv3QxSUjqkk/+BuS3nSnwwuGjMn8LbVJ98CiyzP8XYOXRhhmtUUtg
kbRNGXQf8/H2TIJzUVx036hWuEbwwgt0Y2u5bjFs0wt0L/+SDSGIBTETmaVZ3CAS
awiZ1lmVyFEi0NC8jj67mbhBa7bxVD9iBld1/bfPpvKPZrMw3X6BWUuAEXPRlJqN
2rGeHddCYmsevagsy7JHhtJY3WEiuoqk0LOTzrOLlb3O1DfS9EYobCIWb1mWDa11
1BYATli5Uz7QYx+Iad32H6QGm2rTGt71dIUqZ1LLnehdob4c2Q5Q2bpmYMtfTbdT
0lCC8N2YVTs=
=mAVn
-----END PGP SIGNATURE-----