Siemens Polarion Subversion Webclient

Plan Patch8.1ICS-CERT ICSA-20-252-08Sep 8, 2020

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Polarion Subversion Webclient versions are vulnerable to cross-site scripting (CWE-80) and cross-site request forgery (CWE-352) attacks. An attacker can craft a malicious link and trick a user into clicking it while logged into the tool, potentially stealing credentials or executing unauthorized commands in the context of the authenticated session. Siemens has stated the product is no longer supported and will not receive security updates.

What this means

What could happen

An attacker could trick a user into clicking a malicious link within Polarion Subversion Webclient, leading to credential theft or unauthorized access to version control systems and project data. This could compromise engineering designs, build artifacts, and intellectual property stored in Subversion repositories.

Who's at risk

Engineering teams and process operators who use Polarion Subversion Webclient to manage or access design files, control logic, and project documentation. This affects organizations in any sector that rely on Polarion for version control of ICS/OT code, PLCs, and safety system designs, including water utilities, power plants, and manufacturing facilities.

How it could be exploited

An attacker crafts a malicious link and social engineers a user working in Polarion Subversion Webclient to click it (e.g., via email, chat, or embedded in a document). The link could redirect to a fake login page, inject code, or trigger a stored cross-site scripting attack. When the user clicks, credentials or session tokens are captured or malicious code executes in the context of their authenticated session.

Prerequisites

User must open a link provided by an attacker while actively using Polarion Subversion Webclient
Attacker must have a way to deliver the link to the user (email, chat, web, etc.)
The Subversion repository must be accessible over the network

remotely exploitableno authentication required to deliver the attacklow complexityno patch availableend-of-life product

Exploitability

Low exploit probability (EPSS 0.4%)

Affected products (1)

ProductAffected VersionsFix Status

Polarion Subversion Webclient: All versionsAll versionsNo fix (EOL)

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDDo not open unknown or untrusted links while using Polarion Subversion Webclient

Mitigations - no patch available

0/3

Polarion Subversion Webclient: All versions has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGImplement network segmentation to restrict access to Polarion Subversion Webclient from engineering networks; use firewalls or VPN to limit who can reach the tool

HARDENINGTrain users on social engineering and phishing attacks; teach them to verify link sources before clicking and to check URLs in the browser address bar

HARDENINGDisable or retire Polarion Subversion Webclient if possible and migrate to a supported Subversion web interface or alternative version control system

CVEs (2)

CVE-2020-15788 CVE-2020-15789

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/c44beb80-7e7d-43c3-9a1d-c1511caea994