OTPulse
FeedAboutContact

Siemens PLM Help Server

Monitor6.1ICS-CERT ICSA-22-346-05Dec 13, 2022
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary

Siemens PLM Help Server V4.2 contains a reflected cross-site scripting (XSS) vulnerability in its documentation interface. An attacker could inject malicious JavaScript code into documentation pages. When users view affected pages, the code executes in their browser context, potentially compromising session credentials or redirecting users to malicious sites. This product has reached end of life and will not receive security patches. Siemens recommends migrating to the new Documentation Server product.

What this means
What could happen
An attacker could inject malicious code into documentation pages served by PLM Help Server. If an employee or engineer views a crafted link, the attacker's code could steal their session credentials or redirect them to a phishing site.
Who's at risk
Engineering and operations staff at utilities and manufacturing facilities who rely on Siemens PLM Help Server V4.2 for access to equipment documentation and technical manuals. This affects anyone in roles using the Help Server interface for reference material on industrial systems.
How it could be exploited
An attacker crafts a malicious URL containing JavaScript code and sends it to a user (e.g., via email or chat). When the user clicks the link and the Help Server processes their request, the injected code executes in their browser with their authentication context, allowing credential theft or session hijacking.
Prerequisites
  • User must click a malicious link provided by the attacker
  • PLM Help Server must be accessible to users (internal network or internet-facing)
  • User must be authenticated or have an active session
remotely exploitablelow complexityrequires user interactionend-of-life productno patch available for affected version
Exploitability
Low exploit probability (EPSS 0.5%)
Affected products (1)
ProductAffected VersionsFix Status
PLM Help Server V4.2All versionsNo fix (EOL)
Remediation & Mitigation
0/3
Do now
0/1
WORKAROUNDImplement firewall rules to restrict network access to PLM Help Server to authorized engineering and documentation staff only
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXMigrate to Siemens Documentation Server (new version) which resolves this vulnerability
Mitigations - no patch available
0/1
PLM Help Server V4.2 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGFollow Siemens operational guidelines for Industrial Security and implement network segmentation to protect OT documentation systems
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/1dcdc54b-9d17-4798-b579-75ef89435458
Siemens PLM Help Server | CVSS 6.1 - OTPulse