Siemens XHQ

Monitor6.5ICS-CERT ICSA-17-173-02Jun 22, 2017

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

XHQ contains an access control vulnerability (CWE-284) that allows authenticated users to view sensitive information beyond their assigned permissions. The vulnerability exists in XHQ 4 (all versions before 4.7.1.3) and XHQ 5 (all versions before 5.0.0.2). The flaw enables privilege escalation within the application—users with lower-privilege roles can access data restricted to higher-privilege roles through improper authorization checks.

What this means

What could happen

An attacker with valid XHQ credentials could view sensitive configuration and operational data without authorization, potentially revealing process details, setpoints, or operational logic.

Who's at risk

Operators and engineers using Siemens XHQ for monitoring and control of industrial processes, including wastewater treatment facilities, electric substations, and distributed control systems that rely on XHQ for HMI/SCADA functionality.

How it could be exploited

An attacker with network access to the XHQ interface and valid user credentials could authenticate to the system and access sensitive information that they should not have permission to view based on their assigned role.

Prerequisites

Network access to XHQ interface (TCP port typically 80 or 443)
Valid user credentials for XHQ login
Insufficient role-based access controls in the target XHQ deployment

remotely exploitablelow complexityrequires valid credentialsinsufficient access control enforcement

Exploitability

Low exploit probability (EPSS 0.2%)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

XHQ 4: All< 4.7.1.34.7.1.3

XHQ 5: All< 5.0.0.25.0.0.2

Remediation & Mitigation

0/5

Do now

0/1

WORKAROUNDRestrict network access to XHQ using firewall rules and network segmentation—allow access only from authorized engineering workstations and control networks

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade XHQ 4 to version 4.7.1.3 or later

HOTFIXUpgrade XHQ 5 to version 5.0.0.2 or later

Long-term hardening

0/2

HARDENINGDisable or restrict XHQ access for users who do not require it

HARDENINGApply Siemens Operational Guidelines for Industrial Security to your XHQ deployment

CVEs (1)

CVE-2017-6866

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/886edd63-f47d-49b0-9566-d00f471b3564