Siemens SICAM PAS/PQS
Plan Patch7.8ICS-CERT ICSA-23-285-06Oct 10, 2023
Attack VectorLocal
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary
SICAM PAS/PQS versions 8.00 to 8.21 contain insecure permission assignments in application folders (CWE-732). These improper permissions allow an authenticated local attacker to read and modify configuration data or escalate privileges on the system. The vulnerability requires local access and authenticated user credentials.
What this means
What could happen
An attacker with local access and a user account on the SICAM PAS/PQS server could read or modify system configuration data, or escalate privileges to gain administrative control of the power systems monitoring and quality system.
Who's at risk
Power system operators and energy utilities using Siemens SICAM PAS (Power Analysis System) or SICAM PQS (Power Quality System) for monitoring and analysis of electrical distribution systems. Affects organizations running versions 8.00 through 8.21 on Windows servers that have local user accounts with non-administrative access.
How it could be exploited
An attacker would need local access to the SICAM PAS/PQS server and valid non-administrative credentials for a local user account. They would then exploit the improper folder permissions to access restricted configuration files or escalate their privileges to full system control.
Prerequisites
- Local access to the SICAM PAS/PQS server
- Valid local user account credentials (non-administrative)
- System running affected version 8.00 through 8.21
Requires authentication (non-admin local account)Local access required (not remotely exploitable)Low complexity attack (simple file permission exploitation)Default or weak local account credentials could lower barrier to entry
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (2)
2 with fix
ProductAffected VersionsFix Status
SICAM PAS/PQS≥ V8.00<V8.228.22
SICAM PAS/PQS≥ V8.00<V8.208.20
Remediation & Mitigation
0/5
Do now
0/2SICAM PAS/PQS
HARDENINGRestrict local user accounts on the SICAM PAS/PQS server to only trusted personnel
All products
HARDENINGDisable or remove unnecessary local accounts on the server
Schedule — requires maintenance window
0/2Patching may require device reboot — plan for process interruption
SICAM PAS/PQS
HOTFIXUpdate SICAM PAS/PQS to version 8.22 or later
All products
HOTFIXApply the Siemens security patch for versions 8.00 to 8.21 to fix folder permissions
Long-term hardening
0/1SICAM PAS/PQS
HARDENINGEnsure SICAM PAS/PQS is not directly accessible from business networks or internet; isolate behind firewall
CVEs (2)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/69674b50-6d8b-44be-af05-582a68d4ad0f