OTPulse
FeedAboutContact

Siemens COMOS Database Privilege Escalation Vulnerability

Low RiskICS-CERT ICSA-12-227-01May 18, 2012
Summary

Siemens COMOS contains a privilege escalation vulnerability in the database layer that allows users with limited database access to escalate to administrative privileges. An attacker with local access to a COMOS workstation or valid database credentials could exploit insufficient privilege controls to gain unauthorized administrative access to the engineering database, potentially enabling unauthorized modifications to process designs and configuration.

What this means
What could happen
A user with local or database access to COMOS could escalate privileges to perform unauthorized administrative actions, potentially allowing them to modify process designs, safety parameters, or disable critical process controls.
Who's at risk
Engineering teams using Siemens COMOS for plant design, process configuration, and asset management. This affects utilities with COMOS-based process design systems, particularly those managing refining, chemical, power generation, or water treatment facilities where unauthorized process changes could impact safety and operations.
How it could be exploited
An attacker with local access to a COMOS workstation or valid database credentials could exploit insufficient privilege controls in the database layer to gain administrative-level access. This could allow modification of engineering data without proper authorization logging.
Prerequisites
  • Local access to a COMOS engineering workstation or database server
  • Valid database user credentials (non-administrator account)
  • Access to the COMOS database interface
No patch availableAffects engineering systems with access to critical process parametersPrivilege escalation vulnerability
Exploitability
Low exploit probability (EPSS 0.3%)
Affected products (4)
4 EOL
ProductAffected VersionsFix Status
COMOS: <9.1<9.1No fix (EOL)
COMOS≤ Patch 412No fix (EOL)
COMOS≤ Update 3 Patch 022No fix (EOL)
COMOS≤ Patch 004No fix (EOL)
Remediation & Mitigation
0/4
Do now
0/3
COMOS
HARDENINGRestrict local and database access to COMOS workstations and servers to authorized engineering personnel only
HARDENINGImplement role-based access controls (RBAC) in COMOS database with least-privilege user accounts
All products
HARDENINGEnable and monitor all database audit logs for unauthorized privilege escalation attempts
Mitigations - no patch available
0/1
The following products have reached End of Life with no planned fix: COMOS: <9.1, COMOS, COMOS, COMOS. Apply the following compensating controls:
HARDENINGImplement network segmentation to isolate COMOS engineering workstations and database servers from general corporate network
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/c9899962-54a0-45f9-a7e2-4c4dea376c0d