Siemens COMOS

Plan Patch7.8ICS-CERT ICSA-22-069-06Mar 8, 2022

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

COMOS is affected by multiple vulnerabilities in the embedded Drawings SDK from Open Design Alliance. These vulnerabilities can be triggered when a user opens a specially crafted DGN, DXF, or DWG file. Exploitation could result in information disclosure or remote code execution in the context of the current user's COMOS process. The vulnerabilities are not remotely exploitable; they require user interaction to open a malicious file.

What this means

What could happen

A user who opens a malicious DGN, DXF, or DWG file in COMOS could allow an attacker to read sensitive engineering data or execute arbitrary code on the workstation running COMOS, potentially compromising plant design documents or control system configuration.

Who's at risk

Engineering and operations teams at utilities and manufacturers who use Siemens COMOS for power plant, water facility, or industrial process design and documentation. Anyone responsible for maintaining or reviewing plant design files in COMOS is at risk if exposed to malicious files.

How it could be exploited

An attacker crafts a malicious DGN, DXF, or DWG file and tricks a COMOS user into opening it (via email, file share, or social engineering). When the file is opened, the vulnerable Drawings SDK parses the file and triggers a memory corruption or other vulnerability, allowing code execution or information disclosure in the context of the user's COMOS process.

Prerequisites

User must open a malicious file with COMOS application
Attacker must achieve social engineering or have access to file share where COMOS users retrieve design files

requires user interaction (file open)no authentication requiredaffects engineering/design data confidentialitylow complexity to craft malicious file

Exploitability

Low exploit probability (EPSS 0.7%)

Affected products (1)

ProductAffected VersionsFix Status

COMOS<V10.4.110.4.1

Remediation & Mitigation

0/3

Do now

0/1

WORKAROUNDDo not open DGN, DXF, or DWG files from untrusted or unknown sources in COMOS

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate COMOS to version 10.4.1 or later

Long-term hardening

0/1

HARDENINGImplement network segmentation to isolate engineering workstations running COMOS from the business network and Internet

CVEs (15)

CVE-2021-25173 CVE-2021-25174 CVE-2021-25175 CVE-2021-25176 CVE-2021-25177 CVE-2021-25178 CVE-2021-31784 CVE-2021-32936 CVE-2021-32938 CVE-2021-32940 CVE-2021-32944 CVE-2021-32946 CVE-2021-32948 CVE-2021-32950 CVE-2021-32952

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/378b2bd2-8e7b-4a90-8152-878afbb9a918