OTPulse
FeedAboutContact

ICSA-18-254-03 Siemens TD Keypad Designer

Monitor7.3ICS-CERT ICSA-18-254-03Sep 11, 2018
Attack VectorLocal
Auth RequiredLow
ComplexityLow
User InteractionRequired
Summary

TD Keypad Designer contains a file handling vulnerability (CWE-427) that allows local code execution when a user opens a malicious TD project file. The vulnerability requires local access to an engineering workstation and user interaction to exploit. No public exploits are known, and the vulnerability is not remotely exploitable. Siemens has not released a patch and recommends restricting file permissions and avoiding untrusted project sources.

What this means
What could happen
An attacker with local access to an engineering workstation could execute arbitrary code on that machine by exploiting a file handling flaw in TD Keypad Designer, compromising the integrity of control system project files and potentially affecting downstream HMI/SCADA operations.
Who's at risk
Engineering staff and automation specialists who use Siemens TD Keypad Designer to create or modify HMI keypad projects for Siemens control devices. Any organization deploying HMI interfaces based on TD projects should be aware that malicious project files could compromise the integrity of those interfaces in production.
How it could be exploited
An attacker creates or modifies a malicious TD project file and tricks a local user with insufficient file permissions into opening it. The application fails to properly validate the file contents, allowing the attacker's code to execute with the privileges of the engineering user. This could allow modification of project configurations before they are deployed to HMI devices.
Prerequisites
  • Local access to an engineering workstation running TD Keypad Designer
  • Social engineering or write access to a directory containing TD project files
  • User must be tricked into opening a malicious TD project file
  • User interaction required (file open action)
Local access required (not remotely exploitable)User interaction requiredLow complexity attackNo patch availableAffects engineering tools used to configure safety-relevant systems
Exploitability
Low exploit probability (EPSS 0.2%)
Affected products (1)
ProductAffected VersionsFix Status
TD Keypad DesignerAll versionsNo fix (EOL)
Remediation & Mitigation
0/4
Do now
0/2
HARDENINGRestrict write permissions to directories containing TD Keypad Designer project files to authorized engineering users only
HARDENINGEstablish a policy that engineering staff only open TD projects from trusted, verified sources (e.g., version control, internal repositories)
Mitigations - no patch available
0/2
TD Keypad Designer has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGIsolate engineering workstations running TD Keypad Designer from the general business network using network segmentation
HARDENINGApply Siemens operational guidelines for Industrial Security to your TD Keypad Designer environment
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/9070d20f-0ad4-47e9-8592-0af525973d30
ICSA-18-254-03 Siemens TD Keypad Designer | CVSS 7.3 - OTPulse