Siemens DIGSI 4

Plan Patch7.8ICS-CERT ICSA-21-040-10Feb 9, 2021

Attack VectorLocal

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

DIGSI 4 versions prior to 4.94 SP1 HF 1 contain an improper file permissions vulnerability (CWE-276) that allows local users with standard privileges to escalate to administrative access. An attacker with a local account on the engineering workstation can read restricted files, potentially compromising sensitive configuration data, credentials, and access to connected industrial control systems. This vulnerability requires local access and is not remotely exploitable.

What this means

What could happen

An attacker with local access to a DIGSI 4 workstation could gain elevated privileges and read sensitive files, potentially compromising engineering data or access to connected Siemens industrial systems. This could allow modification of system configurations or extraction of credentials for downstream attacks.

Who's at risk

DIGSI 4 engineering workstations used by Siemens automation specialists and engineers to program and configure PLCs, SCADA systems, and other Siemens industrial devices. This affects utilities, manufacturing, water systems, and power plants that use Siemens SIMATIC automation platforms.

How it could be exploited

An attacker with a local user account on the DIGSI 4 engineering workstation exploits an improper file permissions issue (CWE-276) to escalate privileges to administrative level. With elevated access, the attacker can read files normally restricted to higher privilege levels, including configuration files and credentials for connected PLCs or automation systems.

Prerequisites

Local user account on the DIGSI 4 engineering workstation
Windows operating system with standard user or limited user privileges
Access to the file system where DIGSI 4 is installed

privilege escalationimproper file permissionsaffects engineering workstationscan expose credentials to downstream systemslow complexity exploitation

Exploitability

Low exploit probability (EPSS 0.0%)

Affected products (1)

ProductAffected VersionsFix Status

DIGSI 4: All<V4.94 SP1 HF 14.94 SP1 HF 1

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGRestrict local user access to DIGSI 4 workstations; limit accounts with login capability to authorized engineering and IT personnel only

HARDENINGImplement Windows file system access controls to restrict file and folder permissions on the DIGSI 4 installation directory to administrative accounts only

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate DIGSI 4 to version 4.94 SP1 HF 1 or later

Long-term hardening

0/1

HARDENINGIsolate engineering workstations running DIGSI 4 on a protected network segment with restricted access from general IT network

CVEs (1)

CVE-2020-25245

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/6da8db08-af84-4b7f-baf1-a074882a36fa