PatchSiren cyber security CVE debrief
CVE-2023-50868 Siemens CVE debrief
CVE-2023-50868 is a HIGH severity (CVSS 7.5) denial-of-service vulnerability affecting Siemens SINEC INS. The issue stems from the Closest Encloser Proof mechanism in DNSSEC NSEC3 (RFC 5155) when RFC 9276 guidance is not followed. Remote attackers can exploit this via DNSSEC responses in a random subdomain attack, forcing the target to perform thousands of SHA-1 hash iterations and causing excessive CPU consumption. The vulnerability was published on November 12, 2024, with Siemens providing a vendor fix in V1.0 SP2 Update 3 or later. This is not a KEV-listed vulnerability and has no known ransomware campaign use.
- Vendor
- Siemens
- Product
- SINEC INS
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-11-12
- Original CVE updated
- 2024-11-12
- Advisory published
- 2024-11-12
- Advisory updated
- 2024-11-12
Who should care
Organizations running Siemens SINEC INS for industrial network management, OT security teams managing DNSSEC infrastructure, and defenders responsible for DNS availability in industrial control environments.
Technical summary
The vulnerability exists in the DNS protocol's NSEC3 implementation when RFC 9276 guidance is skipped. The Closest Encloser Proof algorithm in RFC 5155 requires iterative hash computations that can be exploited through malicious DNSSEC responses. Attackers using random subdomain attacks can force targets to perform thousands of SHA-1 iterations, resulting in CPU exhaustion and denial of service. This affects Siemens SINEC INS industrial network management software.
Defensive priority
HIGH
Recommended defensive actions
- Update Siemens SINEC INS to V1.0 SP2 Update 3 or later version per vendor guidance
- Monitor DNS query patterns for signs of random subdomain attacks targeting DNSSEC infrastructure
- Apply network segmentation for industrial control systems per CISA ICS recommended practices
- Review DNSSEC configuration to ensure RFC 9276 guidance is implemented where applicable
Evidence notes
CVE published 2024-11-12. CISA CSAF advisory ICSA-24-319-08 confirms Siemens SINEC INS affected. Vendor fix available in V1.0 SP2 Update 3.
Official resources
-
CVE-2023-50868 CVE record
CVE.org
-
CVE-2023-50868 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-11-12