Siemens SINEMA Remote Connect (ICSA-19-099-04) – Products Used in the Water and Wastewater and Energy Sectors

The NCCIC has published an advisory on incorrect calculation of buffer size, out-of-bounds read, stack-based buffer overflow, and improper handling of insufficient permissions vulnerabilities in Siemens SINEMA Remote Connect. For SINEMA Remote Connect Client, all versions prior to v2.0 HF1 are affected. For SINEMA Remote Connect Server, all versions prior to 2.0 are affected. Successful exploitation of these vulnerabilities could allow an attacker to circumvent the system authorization for certain functionalities, and to execute privileged functions. Siemens has updates for the affected products and also recommends users apply specific workarounds and mitigations to reduce risk. The NCCIC has also provided a series of measures for mitigating the vulnerabilities. Read the advisory at NCCIC/ICS-CERT.