OTPulse
FeedAboutContact

Siemens SIMATIC PCS neo Administration Console

Monitor5.5ICS-CERT ICSA-23-262-01Sep 14, 2023
Attack VectorLocal
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary

SIMATIC PCS neo Administration Console V4.0 and V4.0 Update 1 leak Windows admin credentials in a way that allows local access to the Administration Console to retrieve them. An attacker with local access can extract these credentials and use them to impersonate the administrator and gain access to other Windows systems. Siemens has released Security Patch 01 to address this issue.

What this means
What could happen
An attacker with access to the Administration Console computer could extract Windows admin credentials, allowing them to impersonate the administrator and gain full access to other Windows systems on the network.
Who's at risk
Organizations running Siemens SIMATIC PCS neo (Administration Console) in versions V4.0 or V4.0 Update 1. This affects control system operators and facilities that use Siemens process control automation, including refineries, chemical plants, and power generation facilities that depend on centralized process engineering consoles.
How it could be exploited
An attacker with local access to the Administration Console machine can retrieve the stored Windows admin credentials used for remote deployment of AC Agents, then use those credentials to log in to other systems on the network as an administrator.
Prerequisites
  • Local access to the Administration Console Windows system
  • SIMATIC PCS neo Administration Console V4.0 or V4.0 Update 1 running
  • Windows admin account credentials must be configured for AC Agent remote deployment
Credentials stored insecurelyLocal access exploitationCan lead to lateral movement to other systemsAffects administrative accessLow exploit complexity
Exploitability
Low exploit probability (EPSS 0.0%)
Affected products (2)
2 with fix
ProductAffected VersionsFix Status
SIMATIC PCS neo (Administration Console) V4.0All versionsSee Security Patch 01
SIMATIC PCS neo (Administration Console) V4.0 Update 1All versionsSee Security Patch 01
Remediation & Mitigation
0/4
Do now
0/1
WORKAROUNDChange Windows account passwords used for remote AC Agent deployment and disable or avoid remote agent deployment
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

SIMATIC PCS neo (Administration Console) V4.0
HOTFIXInstall Siemens Security Patch 01 for SIMATIC PCS neo Administration Console
Long-term hardening
0/2
SIMATIC PCS neo (Administration Console) V4.0
HARDENINGRestrict local access to Administration Console machines using physical security and host-based access controls
HARDENINGProtect network access to Administration Console with firewall rules and network segmentation
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/de680317-03be-4522-b0bd-c22a518d9109
Siemens SIMATIC PCS neo Administration Console | CVSS 5.5 - OTPulse