Siemens Simcenter STAR-CCM+

Plan PatchCVSS 7.8ICS-CERT ICSA-22-349-07Dec 13, 2022

Siemens

Attack path

Attack VectorLocal

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

Simcenter STAR-CCM+ contains a local privilege escalation vulnerability in versions prior to 2306. The vulnerability exists because the application's service executable and installation files have overly permissive write permissions, allowing unprivileged local users to overwrite them. An attacker with a regular user account on the system can modify the service executable and gain administrator-level privileges when the service is restarted. This vulnerability is not remotely exploitable and requires local system access.

What this means

What could happen

An unprivileged local user could gain administrator-level access to the Simcenter STAR-CCM+ system, potentially allowing them to modify simulation parameters, access sensitive engineering data, or disrupt computational analysis workflows.

Who's at risk

Engineering and simulation teams using Siemens Simcenter STAR-CCM+ for computational fluid dynamics (CFD) analysis and process modeling. This affects any organization relying on STAR-CCM+ for design validation, thermal analysis, or aerodynamic simulations where loss of integrity or unauthorized modifications could impact design decisions or product releases.

How it could be exploited

An attacker with a local user account on the machine running Simcenter STAR-CCM+ exploits improper file permissions to overwrite the service executable. Upon the next service restart, the malicious executable runs with elevated privileges, giving the attacker administrator access to the application and underlying system.

Prerequisites

Local user account on the system running Simcenter STAR-CCM+
Simcenter STAR-CCM+ version prior to 2306 installed
Write permissions accessible on installation directory files

Local privilege escalationLow complexity attackImproper file permissions default configurationAffects engineering design workflows

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (1)

ProductAffected VersionsFix Status

Simcenter STAR-CCM+<V23062306

Remediation & Mitigation

0/4

Do now

0/2

WORKAROUNDRemove write permissions for non-administrative users on all files and folders under the Simcenter STAR-CCM+ installation path

HARDENINGRestrict local account creation and user access to engineering workstations running Simcenter STAR-CCM+ to trusted personnel only

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Simcenter STAR-CCM+ to version 2306 or later

Long-term hardening

0/1

HARDENINGPlace Simcenter STAR-CCM+ systems on a network segment isolated from the business network and restrict physical access

CVEs (1)

CVE-2022-43517

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/39b15104-eaa9-4b40-9a36-4301de0f5442

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.