Siemens SCALANCE LPE 4903 and SINUMERIK Edge

Act Now7.8ICS-CERT ICSA-22-167-16Jun 14, 2022

Attack VectorLocal

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

A local privilege escalation vulnerability (CVE-2021-4034) in the polkit pkexec utility affects SCALANCE LPE9403 and SINUMERIK Edge. An unprivileged user can exploit this flaw to gain administrative rights on the affected device. This is a known vulnerability in pkexec that affects systems running vulnerable versions of the utility.

What this means

What could happen

An attacker with local access to a SCALANCE LPE9403 or SINUMERIK Edge device could gain administrative rights, allowing them to modify network settings, access process data, or reconfigure industrial equipment connected to the device.

Who's at risk

Water and electric utilities operating Siemens SCALANCE LPE9403 network switches or SINUMERIK Edge devices in industrial control networks. Any facility using these devices for process monitoring or network management in energy distribution, treatment plants, or manufacturing environments should treat this as a priority.

How it could be exploited

An unprivileged local user runs a specially crafted command using the pkexec utility, which fails to properly validate privilege escalation and executes the command with root (administrative) privileges. This allows the attacker to bypass normal access controls and run arbitrary administrative commands on the device.

Prerequisites

Local access to the device or shell session (physical or SSH login)
Unprivileged user account on the affected device
Vulnerable pkexec utility must be available and setuid bit must be set

Actively exploited (KEV)Local privilege escalationUnprivileged user can escalate to rootHigh EPSS score (88.3%)Affects network management and process control equipment

Exploitability

Actively exploited — confirmed by CISA KEV

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

SCALANCE LPE9403<V2.02.0

SINUMERIK Edge<V3.3.03.3.0

Remediation & Mitigation

0/5

Do now

0/4

SCALANCE LPE9403

HOTFIXUpdate SCALANCE LPE9403 to firmware v2.0 or later

SINUMERIK Edge

HOTFIXUpdate SINUMERIK Edge to v3.3.0 or later using the product's internal update mechanism

All products

WORKAROUNDIf patching cannot be completed immediately, remove SUID permissions from pkexec using 'chmod 0755 /usr/bin/pkexec' on affected devices (note: this may affect processes that depend on pkexec functionality)

HARDENINGRestrict local system access to authorized personnel only and enforce least-privilege account policies

Long-term hardening

0/1

HARDENINGConfigure network access controls and firewalls to limit connections to these devices to authorized management networks only

CVEs (1)

CVE-2021-4034

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/69fc1225-7dab-41ad-a4a9-4f7a93631b5f