Siemens COMOS Permissions, Privileges, and Access Controls

Low RiskICS-CERT ICSA-13-169-03Mar 21, 2013

Summary

Siemens COMOS 9.2 and 10.0 contain improper permissions and access control vulnerabilities (CWE-250) that could allow a user to escalate privileges and gain unauthorized access to sensitive engineering functionality. The vulnerability is present in versions before 9.2.0.6.10 (COMOS 9.2) and before 10.0.3.0.4 (COMOS 10.0). No vendor patches are available for these affected versions.

What this means

What could happen

An attacker with local access to a COMOS workstation could gain elevated privileges to modify process designs, control logic, or configuration data, potentially allowing them to alter how the plant operates.

Who's at risk

Engineering and process automation teams at utilities and manufacturing facilities using Siemens COMOS 9.2 or 10.0 for plant design, configuration, and control logic development should be aware of this privilege escalation risk.

How it could be exploited

An attacker with local or network access to a COMOS workstation could exploit improper permission controls to escalate privileges and access sensitive engineering data or modify control logic without proper authorization.

Prerequisites

Local or network access to a COMOS 9.2 or 10.0 workstation
User account on the COMOS system (may not require elevated credentials)

No patch availablePrivilege escalation vulnerabilityAffects engineering workstationsRequires local or internal network access

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (2)

2 EOL

ProductAffected VersionsFix Status

COMOS 9.2: <v092_Upd06_Patch010_9.2.0.6.10<v092 Upd06 Patch010 9.2.0.6.10No fix (EOL)

COMOS 10.0: <V100_SP03_Patch004_10.0.3.0.4<V100 SP03 Patch004 10.0.3.0.4No fix (EOL)

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDRestrict network access to COMOS workstations using firewalls or network segmentation; limit access to authorized engineering personnel only

Mitigations - no patch available

0/3

The following products have reached End of Life with no planned fix: COMOS 9.2: <v092_Upd06_Patch010_9.2.0.6.10, COMOS 10.0: <V100_SP03_Patch004_10.0.3.0.4. Apply the following compensating controls:

HARDENINGImplement strict access controls and role-based permissions within COMOS to limit user abilities to only necessary functions

HARDENINGMonitor and audit user activities and privilege escalations on COMOS systems

HARDENINGEnforce strong password policies and multi-factor authentication for COMOS user accounts

CVEs (1)

CVE-2013-3927

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/e4e8cb98-4e73-4e47-aa85-f07fa9017d5c