Full Report
Simcenter Amesim contains a vulnerable SOAP endpoint that could allow an unauthenticated remote attacker to perform DLL injection and execute arbitrary code in the context of the affected application process. Siemens has released an update for Simcenter Amesim and recommends to update to the latest version.
Analysis Summary
# Vulnerability: Remote Code Execution via Unauthenticated SOAP Endpoint in Simcenter Amesim
## CVE Details
- CVE ID: CVE-2023-43625
- CVSS Score: 9.8 (Critical)
- CWE: CWE-94: Improper Control of Generation of Code ('Code Injection')
## Affected Systems
- Products: Simcenter Amesim
- Versions: All versions prior to V2021.1
- Configurations: Applicable where the affected SOAP endpoint is accessible.
## Vulnerability Description
The affected application contains a vulnerable SOAP endpoint. An unauthenticated remote attacker can exploit this flaw to perform DLL injection against the system, leading to the attacker executing arbitrary code within the context of the affected Simcenter Amesim application process.
## Exploitation
- Status: PoC available (Implied by CVSS Temporal Vector and high severity, stated as E:P - Proof-of-Concept)
- Complexity: Low (AV:N/AC:L/PR:N/UI:N)
- Attack Vector: Network (AV:N)
## Impact
- Confidentiality: High (C:H)
- Integrity: High (I:H)
- Availability: High (A:H)
## Remediation
### Patches
- Update to Simcenter Amesim V2021.1 or later version.
### Workarounds
- Limit network access to ports 40002 through 41000, ensuring they are accessible only from `localhost`.
- Apply general security recommendations provided by Siemens, including protecting network access to devices.
## Detection
- Detection methods and tools were not explicitly listed in the summary but focus should be placed on monitoring unusual network traffic directed at the SOAP endpoint ports (40002-41000) or unexpected process behavior associated with the Amesim application process.
## References
- Vendor Advisories: SSA-386812
- Relevant links:
- htt ps://cert-portal.siemens.com/productcert/html/ssa-386812.html
- htt ps://support.sw.siemens.com/
- htt ps://www.siemens.com/cert/operational-guidelines-industrial-security
- htt ps://www.siemens.com/industrialsecurity
- htt ps://www.siemens.com/cert/advisories