Siemens COMOS Privilege Escalation Vulnerability
Low RiskICS-CERT ICSA-13-233-01May 24, 2013
Summary
A privilege escalation vulnerability exists in Siemens COMOS that allows authenticated users with standard privileges to elevate their access rights, potentially bypassing authorization controls within the application. The vulnerability affects COMOS versions prior to 9.1, version 9.1 prior to LyraUpdate458_Update_458, version 9.2 prior to V092_Upd06_Patch037_9.2.0.6.37, and version 10.0 prior to V100_SP03_Patch019_10.0.3.0.19. No vendor patches are available for this vulnerability.
What this means
What could happen
An authenticated user with standard privileges on a COMOS workstation could exploit this vulnerability to gain elevated system privileges, potentially allowing them to modify process configurations, engineering data, or plant models without proper authorization checks.
Who's at risk
This vulnerability affects organizations using Siemens COMOS for process plant engineering and management, particularly those relying on COMOS for chemical, pharmaceutical, oil & gas, or utilities operations. It impacts version 9.0, 9.1, 9.2, and 10.0, affecting engineers and operators who use COMOS workstations for plant configuration and model management.
How it could be exploited
An attacker with valid credentials and local access to a COMOS engineering workstation could exploit a privilege escalation flaw in the application to elevate their account from standard user to administrator-level access, bypassing authorization controls.
Prerequisites
- Valid user credentials on a COMOS workstation
- Local access to or remote desktop connection to the engineering workstation
- COMOS application running on the affected version
requires valid user credentialslocal or local network access requiredaffects engineering workstations not production controllersno patch available
Exploitability
Low exploit probability (EPSS 0.0%)
Affected products (4)
4 EOL
ProductAffected VersionsFix Status
COMOS: <9.1<9.1No fix (EOL)
COMOS 9.1: <LyraUpdate458_Update_458<LyraUpdate458 Update 458No fix (EOL)
COMOS 9.2: <V092_Upd06_Patch037_9.2.0.6.37<V092 Upd06 Patch037 9.2.0.6.37No fix (EOL)
COMOS 10.0: <V100_SP03_Patch019_10.0.3.0.19<V100 SP03 Patch019 10.0.3.0.19No fix (EOL)
Remediation & Mitigation
0/4
Do now
0/2HARDENINGRestrict logical and physical access to COMOS engineering workstations to authorized personnel only
HARDENINGImplement strong access controls and user account management on COMOS systems to limit standard user privileges
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HARDENINGMonitor and audit user activity on COMOS workstations for unauthorized privilege escalation attempts
Mitigations - no patch available
0/1The following products have reached End of Life with no planned fix: COMOS: <9.1, COMOS 9.1: <LyraUpdate458_Update_458, COMOS 9.2: <V092_Upd06_Patch037_9.2.0.6.37, COMOS 10.0: <V100_SP03_Patch019_10.0.3.0.19. Apply the following compensating controls:
HARDENINGSegment COMOS engineering networks from production OT networks using firewalls or air-gap where feasible
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/574f4fd4-df88-4e63-ad11-9b6c6f2ffd6a