Siemens Xpedition Designer

Plan Patch7.8ICS-CERT ICSA-22-167-11Jun 14, 2022

Attack VectorLocal

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

Xpedition Designer contains an improper file permissions vulnerability (CWE-732) in its installation directory. An attacker with a local unprivileged account can modify the service executable and gain elevated system privileges. The vulnerability affects versions VX.2.10 (before Update 13), VX.2.11 (before Update 11), VX.2.12 (before Update 5), and VX.2.13 (before Update 1). No known public exploits exist and the vulnerability is not remotely exploitable.

What this means

What could happen

An attacker with a local unprivileged account could modify the Xpedition Designer application executable to gain system administrator privileges, potentially allowing them to alter design data or disrupt the engineering environment that manages critical electrical or water infrastructure designs.

Who's at risk

Engineering teams at water authorities and electric utilities who use Xpedition Designer for power system or water system design and analysis. This affects the design workstations and servers that manage critical infrastructure engineering data. VX.2.10, VX.2.11, VX.2.12, and VX.2.13 versions are affected.

How it could be exploited

An attacker with local access and an unprivileged user account exploits improper file permissions on the Xpedition Designer installation directory. They overwrite the service executable with malicious code, which runs with elevated privileges when the service restarts, giving the attacker administrative control over the application and underlying system.

Prerequisites

Local access to the Xpedition Designer server
Unprivileged user account on the host system
Writable permissions on application installation files and folders (the vulnerability itself)
Service restart or system reboot

Local access requiredLow complexityImproper file permissions (default installation)Privilege escalation to admin

Exploitability

Low exploit probability (EPSS 0.0%)

Affected products (4)

1 with fix3 pending

ProductAffected VersionsFix Status

Xpedition Designer VX.2.10<VX.2.10 Update 13No fix yet

Xpedition Designer VX.2.12<VX.2.12 Update 5No fix yet

Xpedition Designer VX.2.13<VX.2.13 Update 1No fix yet

Xpedition Designer VX.2.11<VX.2.11 Update 11VX.2.11_Update_11 or later

Remediation & Mitigation

0/4

Do now

0/2

WORKAROUNDRemove write permissions for all non-administrative users on files and folders under the Xpedition Designer installation path

HARDENINGRestrict local access to the Xpedition Designer application server to authorized engineering personnel only

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Xpedition Designer to version VX.2.11_Update_11 or later (for VX.2.11 users) or latest version available for your branch

Long-term hardening

0/1

HARDENINGImplement network segmentation to isolate engineering workstations and application servers from general IT network

CVEs (1)

CVE-2022-31465

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/d5fcd61f-4928-42f4-a97b-ce2a54b72325