Full Report
SIDIS Prime before V4.0.400 is affected by multiple vulnerabilities in the components OPC UA and OpenSSL, that could allow an unauthenticated attacker with access to the network where SIDIS Prime is installed to reuse OPC UA client credentials, create a denial of service condition of the SIDIS Prime OPC UA client, or create a denial of service condition of the SIDIS Prime TLS service. Siemens has released a new version of SIDIS Prime and recommends to update to the latest version.
Analysis Summary
# Vulnerability: Multiple Vulnerabilities in Siemens SIDIS Prime (OPC UA and OpenSSL)
## CVE Details
- **CVE IDs:**
- CVE-2019-19135 (OPC UA .NET Standard)
- CVE-2020-1967 (OpenSSL)
- CVE-2020-1971 (OpenSSL)
- CVE-2022-0778 (OpenSSL)
- CVE-2022-29862 (OPC UA .NET Standard)
- **CVSS Score:**
- CVSS v3.1: 7.5 (High)
- CVSS v4.0: 9.1 (Critical)
- **CWE:** CWE-330 (Insufficient Randomness), CWE-476 (NULL Pointer Dereference), CWE-835 (Infinite Loop)
## Affected Systems
- **Products:** SIDIS Prime (Commissioning and test system for vehicle production)
- **Versions:** All versions prior to V4.0.400
- **Configurations:** Systems utilizing OPC UA client components and TLS services for communication.
## Vulnerability Description
SIDIS Prime is affected by several vulnerabilities inherited from third-party components (OPC UA .NET Standard and OpenSSL):
1. **Credential Reuse (CVE-2019-19135):** Insufficiently random values in the OPC UA .NET Standard codebase allow Man-in-the-Middle (MitM) attackers to capture and reuse encrypted user credentials.
2. **Denial of Service (OpenSSL):** Multiple flaws in OpenSSL (CVE-2020-1967, CVE-2020-1971, CVE-2022-0778) allow attackers to cause a crash or an infinite loop by sending specially crafted TLS extensions, X.509 GeneralName types, or certificates with invalid elliptic curve parameters.
3. **Denial of Service (OPC UA):** An infinite loop in the OPC UA .NET Standard stack (CVE-2022-29862) allows a remote attacker to hang the application via a crafted message.
## Exploitation
- **Status:** PoC available for several constituent CVEs (common in OpenSSL/OPC UA libraries), but no reported active exploitation in the wild specifically targeting SIDIS Prime.
- **Complexity:** Low to Medium (MitM for credential reuse requires higher complexity/positioning; DoS is generally low complexity).
- **Attack Vector:** Network (Remote unauthenticated access).
## Impact
- **Confidentiality:** High (Credential theft via MitM).
- **Integrity:** High (Potential unauthorized access via stolen credentials).
- **Availability:** High (System/Service crash or infinite loop leading to DoS).
## Remediation
### Patches
- **Update to SIDIS Prime V4.0.400** or later. This version includes updated components that address these CVEs.
### Workarounds
- **For CVE-2019-19135:** Explicitly enable encrypted communication between the SIDIS Prime OPC UA client and the associated OPC UA server(s).
- **General Mitigation:** Restrict network access to the devices to trusted segments only and follow Siemens' operational guidelines for Industrial Security.
## Detection
- **Indicators of Compromise:** Unexpected crashes of the SIDIS Prime TLS service or OPC UA client; unusual network traffic originating from unauthorized MitM positions; application hangs/high CPU usage (indicating infinite loops).
- **Detection methods:** Use Network Intrusion Detection Systems (NIDS) to monitor for malformed TLS handshakes and anomalous OPC UA traffic.
## References
- Siemens Security Advisory SSA-108696: hxxps://cert-portal.siemens[.]com/productcert/html/ssa-108696.html
- Siemens Industrial Security Guidelines: hxxps://www.siemens[.]com/cert/operational-guidelines-industrial-security