Full Report
Location Intelligence before V4.3 is affected by a Use of Hard-coded Credentials vulnerability that could allow an attacker to obtain full administrative access to the application. Siemens has released new versions for the affected products and recommends to update to the latest versions.
Analysis Summary
# Vulnerability: Hard-coded Credentials in Siemens Location Intelligence
## CVE Details
- **CVE ID:** CVE-2024-23816
- **CVSS Score:**
- CVSS v3.1: 9.8 (Critical)
- CVSS v4.0: 9.3 (Critical)
- **CWE:** CWE-798: Use of Hard-coded Credentials
## Affected Systems
- **Products:** Siemens Location Intelligence (Perpetual and SUS variants)
- **Versions:** All versions prior to V4.3
- **Configurations:** All standard installations of the affected product versions are vulnerable as the flaw exists within the core computation logic for authentication.
## Vulnerability Description
Affected products utilize a hard-coded secret value for the computation of a Keyed-Hash Message Authentication Code (HMAC). Because this secret is static and embedded within the software, an attacker can use it to forge authentication tokens or bypass security checks. This flaw allows an unauthenticated user to elevate privileges and gain full administrative control over the web-based application.
## Exploitation
- **Status:** PoC available (Based on CVSS Exploit Code Maturity "P")
- **Complexity:** Low
- **Attack Vector:** Network (Remote)
## Impact
- **Confidentiality:** High (Full access to production and logistics data)
- **Integrity:** High (Ability to modify application settings and position data)
- **Availability:** High (Potential to disrupt production and logistics processes)
## Remediation
### Patches
Siemens recommends updating all affected installations to **V4.3 or later**. The update is available via the Siemens Online Software Delivery (OSD) platform.
Affected product lines requiring the update include:
- Location Intelligence Perpetual (Small, Medium, Large, Non-Prod)
- Location Intelligence SUS (Small, Medium, Large, Non-Prod)
### Workarounds
No specific software workarounds are provided. Siemens recommends the following general mitigations:
- Protect network access to devices with appropriate firewalls and segmentation.
- Follow the Siemens operational guidelines for Industrial Security.
## Detection
- **Indicators of Compromise:** Monitor for unauthorized administrative logins or unusual configuration changes within the Location Intelligence web interface.
- **Detection methods and tools:** Audit application logs for suspicious HMAC-based authentication requests originating from unexpected IP addresses. Utilize network intrusion detection systems (IDS) to monitor traffic to the Location Intelligence application port.
## References
- **Vendor Advisory:** hxxps://cert-portal.siemens[.]com/productcert/html/ssa-580228.html
- **Siemens Industrial Security Guidelines:** hxxps://www.siemens[.]com/cert/operational-guidelines-industrial-security
- **Siemens ProductCERT:** hxxps://www.siemens[.]com/cert/advisories