OTPulse
FeedAboutContact

Siemens Simcenter STAR-CCM+

Plan Patch7.8ICS-CERT ICSA-22-349-07Dec 13, 2022
Attack VectorLocal
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary

Simcenter STAR-CCM+ contains a local privilege escalation vulnerability in versions prior to 2306. The vulnerability exists because the application's service executable and installation files have overly permissive write permissions, allowing unprivileged local users to overwrite them. An attacker with a regular user account on the system can modify the service executable and gain administrator-level privileges when the service is restarted. This vulnerability is not remotely exploitable and requires local system access.

What this means
What could happen
An unprivileged local user could gain administrator-level access to the Simcenter STAR-CCM+ system, potentially allowing them to modify simulation parameters, access sensitive engineering data, or disrupt computational analysis workflows.
Who's at risk
Engineering and simulation teams using Siemens Simcenter STAR-CCM+ for computational fluid dynamics (CFD) analysis and process modeling. This affects any organization relying on STAR-CCM+ for design validation, thermal analysis, or aerodynamic simulations where loss of integrity or unauthorized modifications could impact design decisions or product releases.
How it could be exploited
An attacker with a local user account on the machine running Simcenter STAR-CCM+ exploits improper file permissions to overwrite the service executable. Upon the next service restart, the malicious executable runs with elevated privileges, giving the attacker administrator access to the application and underlying system.
Prerequisites
  • Local user account on the system running Simcenter STAR-CCM+
  • Simcenter STAR-CCM+ version prior to 2306 installed
  • Write permissions accessible on installation directory files
Local privilege escalationLow complexity attackImproper file permissions default configurationAffects engineering design workflows
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
Simcenter STAR-CCM+<V23062306
Remediation & Mitigation
0/4
Do now
0/2
WORKAROUNDRemove write permissions for non-administrative users on all files and folders under the Simcenter STAR-CCM+ installation path
HARDENINGRestrict local account creation and user access to engineering workstations running Simcenter STAR-CCM+ to trusted personnel only
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Simcenter STAR-CCM+ to version 2306 or later
Long-term hardening
0/1
HARDENINGPlace Simcenter STAR-CCM+ systems on a network segment isolated from the business network and restrict physical access
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/39b15104-eaa9-4b40-9a36-4301de0f5442