PatchSiren cyber security CVE debrief

CVE-2023-3817 OpenSSL CVE debrief

CVE-2023-3817 is a Denial of Service (DoS) vulnerability in OpenSSL's Diffie-Hellman (DH) parameter validation functions. The issue stems from the `DH_check()`, `DH_check_ex()`, and `EVP_PKEY_param_check()` functions performing computationally expensive checks when presented with DH keys or parameters containing an excessively large `q` parameter value. Following the remediation of CVE-2023-3446, it was discovered that a large `q` value can trigger prolonged computation during validation checks. Since a mathematically correct `q` cannot exceed the modulus `p` parameter, these checks are unnecessary when `q` is larger than `p`. Applications that validate DH keys or parameters from untrusted sources are vulnerable to DoS attacks through resource exhaustion. The vulnerability also affects OpenSSL command-line utilities `dhparam` and `pkeyparam` when using the `-check` option. Notably, the OpenSSL SSL/TLS implementation and the OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue. Siemens SINEC INS is identified as an affected product, with a vendor fix available.

Vendor: OpenSSL
Product: SINEC INS
CVSS: MEDIUM 5.3
CISA KEV: Not listed in stored evidence
Original CVE published: 2024-02-13
Original CVE updated: 2024-03-12
Advisory published: 2024-02-13
Advisory updated: 2024-03-12

Who should care

Organizations operating Siemens SINEC INS industrial network management systems, developers of applications using OpenSSL for DH parameter validation, operators of services that process externally-provided cryptographic parameters, and security teams responsible for industrial control system infrastructure should prioritize assessment and remediation.

Technical summary

The vulnerability exists in OpenSSL's DH parameter validation logic where the `DH_check()` function and its variants perform unnecessary and computationally expensive checks when the `q` parameter exceeds the modulus `p`. This occurs because the validation routines do not short-circuit checks that are mathematically impossible to satisfy. The affected code paths include `DH_check()`, `DH_check_ex()`, `EVP_PKEY_param_check()`, and downstream consumers including `dhparam` and `pkeyparam` utilities with the `-check` flag. The root cause is a missing bounds check that would skip validation when `q > p`, which is always invalid for correct DH parameters. Attackers can exploit this by supplying crafted DH parameters with artificially inflated `q` values to applications that perform validation on untrusted input, causing excessive CPU consumption and service degradation.

Defensive priority

medium

Recommended defensive actions

Apply vendor-provided updates: Siemens SINEC INS users should update to V1.0 SP2 Update 3 or later version
Review applications utilizing OpenSSL DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions for validation of externally-sourced DH parameters
Implement input validation to reject DH parameters with q values exceeding the modulus p before passing to OpenSSL validation functions
Monitor for anomalous resource consumption patterns in services performing cryptographic parameter validation
Assess exposure of command-line utilities dhparam and pkeyparam with -check option to untrusted input sources
Consider network segmentation to limit exposure of affected services to untrusted networks
Review CISA ICS recommended practices for defense-in-depth strategies applicable to industrial control systems

Evidence notes

The vulnerability description is sourced from CISA CSAF advisory ICSA-24-319-08, which references Siemens security advisory SSA-915275. The issue was discovered as a follow-up to CVE-2023-3446 remediation. The CVSS 3.1 vector indicates network attack vector, low attack complexity, no privileges required, no user interaction, unchanged scope, with low availability impact.

Official resources

2024-11-12