​Siemens Software Center
Plan Patch7.8ICS-CERT ICSA-23-222-04Aug 8, 2023
Attack VectorLocal
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary
Multiple DLL Hijacking vulnerabilities (CWE-427, CWE-22) in Siemens Software Center versions prior to 3.0 allow a local attacker with standard user privileges to execute code with elevated system permissions. The vulnerabilities exist because the application searches for DLL files in directories where an attacker can place a malicious library. Exploitation requires local access to the Software Center host machine.
What this means
What could happen
A local attacker with low privileges could exploit DLL hijacking to execute code with system-level permissions on the machine running Software Center, potentially compromising the engineering workstation and any ICS devices it manages.
Who's at risk
This affects any organization using Siemens Software Center versions prior to 3.0 for managing or deploying Siemens industrial control systems, PLCs, drives, and other automation equipment. Risk is highest for sites where workstations are shared or accessible to contractors or less-trusted staff.
How it could be exploited
An attacker with local access to a Software Center host could plant a malicious DLL in a directory that the application searches before the legitimate library. When Software Center loads the DLL, the attacker's code runs with elevated privileges. This could compromise the workstation used to configure or update control systems.
Prerequisites
- Local access to the Software Center host machine
- User account with standard or elevated privileges
- Ability to write files to directories in the application's DLL search path
Local access required but privilege escalation possibleLow attack complexityAffects engineering/configuration workstationsNo active exploitation reported
Exploitability
Low exploit probability (EPSS 0.4%)
Affected products (1)
ProductAffected VersionsFix Status
Software Center<V3.03.0
Remediation & Mitigation
0/4
Do now
0/2HARDENINGRestrict local access to the Software Center host to trusted personnel only; implement access controls and monitor who can log in
HARDENINGApply file permission restrictions to application directories to prevent unauthorized DLL placement
Schedule — requires maintenance window
0/2Patching may require device reboot — plan for process interruption
HOTFIXUpdate Siemens Software Center to version 3.0 or later
HARDENINGIsolate the Software Center engineering workstation from untrusted networks using network segmentation or VPN restrictions
CVEs (2)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/00b599a2-11f2-420f-9500-558f96dcea0f