OTPulse
FeedAboutContact

Siemens COMOS Privilege Escalation

Low RiskICS-CERT ICSA-13-347-01Sep 15, 2013
Summary

Siemens COMOS contains a privilege escalation vulnerability that allows a local attacker with user-level access to gain elevated privileges and control of the application.

What this means
What could happen
An attacker with local access to a COMOS workstation could escalate privileges to administrative level, gaining full control over process engineering data and potentially modifying plant configurations, process logic, or operating parameters.
Who's at risk
Process engineering teams and plant configuration managers using Siemens COMOS (versions 9.2, 10.0, or 10.1) for design, engineering, and automation project management. This affects any organization using COMOS for plant engineering and process documentation.
How it could be exploited
An attacker with a standard user account on a COMOS engineering workstation exploits a privilege escalation flaw to execute code with administrative rights, enabling unauthorized modification of process designs, documentation, or system settings.
Prerequisites
  • Local access to a COMOS engineering workstation
  • Valid non-administrative user credentials on the COMOS system
  • COMOS versions 9.2, 10.0, or 10.1 running
Local exploitation requiredRequires valid user credentialsPrivilege escalation to administrative levelAffects engineering and configuration systems
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (4)
3 with fix1 pending
ProductAffected VersionsFix Status
COMOS: <9.2<9.2No fix yet
COMOS 9.2: <V092_Upd08_Patch001_9.2.0.8.1<V092 Upd08 Patch001 9.2.0.8.1V092_Upd08_Patch001_9.2.0.8.1
COMOS 10.1: <V101_Patch002_10.1.0.0.2<V101 Patch002 10.1.0.0.2V101_Patch002_10.1.0.0.2
COMOS 10.0: <V100_SP03_Upd01_Patch040_10.0.3.1.40<V100 SP03 Upd01 Patch040 10.0.3.1.40V100_SP03_Upd01_Patch040_10.0.3.1.40
Remediation & Mitigation
0/4
Do now
0/1
HARDENINGRestrict COMOS workstation access to authorized engineering personnel only through OS-level access controls and group policies
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate COMOS to the latest patched version available for your release line (9.2.0.8.1, 10.0.3.1.40, or 10.1.0.0.2 or later)
Long-term hardening
0/2
HARDENINGEnforce strong password policies and multi-factor authentication for COMOS user accounts
HARDENINGMonitor COMOS logs for unauthorized privilege escalation attempts and account activity changes
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/f55912a9-25af-45dd-aabe-81d5f6ab8980
Siemens COMOS Privilege Escalation - OTPulse