CVE-2023-33919

CVE-2023-33919 is a significant vulnerability in the Siemens SICAM WEB interface, identified as an Authenticated Command Injection flaw. Due to inadequate server-side input sanitation, any user with access to the interface can execute arbitrary commands as the "root" user on the device. This vulnerability is triggered by setting malicious parameters and initiating an Ethernet packet capture. The payload must be set in the “LAN port group” field on the SICAM WEB page “Monitoring & Simulation” -> “Ethernet Packet Capture” section “Capture configuration”. Other fields may also be affected. Siemens released an advisory regarding this vulnerability on June 13, 2023, along with advisories for two other vulnerabilities (CVE-2023-33920 and CVE-2023-33921). This followed an earlier advisory released on April 11, 2023, for an unauthenticated Remote Code Execution (RCE) vulnerability (CVE-2023-28489). All of these vulnerabilities represent serious security issues, with potential for unauthorized access and control over affected systems. On June 21, 2023, Siemens provided additional feedback concerning the content of the advisory, likely including mitigation strategies and patches to address the identified vulnerabilities. It is essential that all users of the Siemens SICAM WEB interface promptly apply these updates to protect their systems from potential exploitation. The existence of these vulnerabilities underscores the importance of robust security practices, including regular system updates, strong password policies, and comprehensive input validation.