SafeLogic Designer vulnerabilities
BOSCH-SA-463993
Advisory Information
- Advisory ID: BOSCH-SA-463993
- CVE Numbers and CVSS v3.1 Scores:
- CVE-2022-27579
- Base Score: 7.8 (High)
- CVE-2022-27580
- Base Score: 7.8 (High)
- CVE-2022-27579
- Published: 11 Aug 2022
- Last Updated: 11 Aug 2022
Summary
The SafeLogic Designer from Bosch Rexroth contains technology from SICK AG. The manufacturer has published a security bulletin regarding a vulnerability in the .NET framework. [1]
A vulnerability in a .NET framework class used by SafeLogic Designer allows an attacker to craft malicious project files. Opening/importing such a malicious project file would execute arbitrary code with the privileges of the current user when opened or imported by a SafeLogic Designer. This compromises confidentiality, integrity and availability.
For the attack to succeed, a user must manually open a malicious project file.
All versions of SafeLogic Designer prior to 1.8.0.763_SP1 are affected by the vulnerability.
Affected Products
- Bosch Rexroth AG SafeLogic Designer < 1.8.0.763_SP1
Solution and Mitigations
Solution
The recommended solution is to update SafeLogic Designer to the latest version as soon as possible.
Mitigation
If you cannot update to an unaffected version, please make sure that you:
-
Only open/import project files from trusted sources
-
Do not run SafeLogic Designer under a windows account with elevated privileges
Compensatory Measures
Compensatory measures are recommended which mitigate the risk. Always define such compensatory measures individually, in the context of the operational environment. Some measures are described in the “Security Guideline Electric Drives and Controls”, for example the network segmentation. In general, it is mandatory to implement the measures described in the “Security Guideline Electric Drives and Controls”. [2]
Vulnerability Details
CVE-2022-27579
CVE description: A deserialization vulnerability in a .NET framework class used and not properly checked by Flexi Soft Designer in all versions up to and including 1.9.4 SP1 allows an attacker to craft malicious project files. Opening/importing such a malicious project file would execute arbitrary code with the privileges of the current user when opened or imported by the Flexi Soft Designer. This compromises confidentiality integrity and availability. For the attack to succeed a user must manually open a malicious project file.
- Problem Type:
- CVSS Vector String: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Base Score: 7.8 (High)
CVE-2022-27580
CVE description: A deserialization vulnerability in a .NET framework class used and not properly checked by Safety Designer all versions up to and including 1.11.0 allows an attacker to craft malicious project files. Opening/importing such a malicious project file would execute arbitrary code with the privileges of the current user when opened or imported by the Safety Designer. This compromises confidentiality integrity and availability. For the attack to succeed a user must manually open a malicious project file.
- Problem Type:
- CVSS Vector String: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Base Score: 7.8 (High)
Remarks
Security Update Information
With respect to Directive (EU) 2019/770 and Directive (EU) 2019/771 and their national transposition laws, please note:
It is your responsibility to download and/or install any security updates provided by us, for example to maintain product or data security. If you fail to install a security update provided to you within a reasonable period of time, we will not be liable for any product defect solely due to the absence of such security update.
Alternatively, we are entitled to directly download and/or install security updates regardless of your settings. In these cases, we will provide you with the relevant information, e.g. in this security advisory.
CVSS Scoring
Vulnerability classification has been performed using the CVSS v3.1 scoring system . The CVSS environmental score is specific to each customer’s environment and should be defined by the customer to attain a final scoring.
Additional Resources
- [1] SICK Advisory SCA-2022-0010: https://www.sick.com/medias/sca-2022-0010.pdf?context=bWFzdGVyfGNvbnRlbnR8OTU3OTh8YXBwbGljYXRpb24vcGRmfGNvbnRlbnQvaDI2L2g5My8xMjgzMTU0NDU0MTIxNC5wZGZ8ZDJmZGZkOGQ3NzFlYTNiODA3NDUxMWJiOTkyNjhiYTExMmZlN2E2ZjJiNWJlODk0N2I4NmFmODFkOWI3YTc1OQ
- [2] Bosch Rexroth Security Guideline Electric Drives and Controls: https://www.boschrexroth.com/various/utilities/mediadirectory/download/index.jsp?object_nr=R911342562
Please contact the Bosch PSIRT if you have feedback, comments, or additional information about this vulnerability at: psirt@bosch.com .
Revision History
- 11 Aug 2022: Initial Publication