OTPulse
FeedAboutContact

Siemens OPC UA Modeling Editor (SiOME)

Plan Patch7.5ICS-CERT ICSA-23-320-07Nov 14, 2023
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

Siemens OPC UA Modeling Editor (SiOME) versions before 2.8 contain an XML external entity (XXE) injection vulnerability that allows an attacker to read arbitrary files on the affected workstation. The vulnerability occurs because the application processes XML data without properly validating or disabling external entity references. An attacker who can provide a malicious XML file to SiOME can exploit this to read sensitive files accessible to the workstation user, including configuration files, project data, or other sensitive information stored on that machine.

What this means
What could happen
An attacker could read arbitrary files from the Siemens OPC UA Modeling Editor workstation, potentially exposing configuration data, credentials, or engineering information used to manage automation systems.
Who's at risk
This vulnerability affects engineering and planning teams who use Siemens OPC UA Modeling Editor to design automation configurations. The primary risk is to workstations used for PLC and automation system engineering and design.
How it could be exploited
An attacker sends a malicious XML file to SiOME (via email, shared folder, or direct upload if exposed on the network). The application processes the XML without properly validating external entity references, allowing the attacker to read files accessible to the workstation's user account.
Prerequisites
  • Network access to the workstation running SiOME
  • Ability to send or place a malicious XML file where SiOME will process it
  • SiOME version before 2.8
remotely exploitablelow complexityno authentication requiredaffects engineering workstations
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
OPC UA Modelling Editor (SiOME)<V2.82.8
Remediation & Mitigation
0/3
Do now
0/1
HARDENINGRestrict network access to SiOME workstations using firewall rules; do not expose to the internet or untrusted networks
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Siemens OPC UA Modeling Editor to version 2.8 or later
Long-term hardening
0/1
HARDENINGIsolate the engineering workstation running SiOME from the business network and ensure it is not directly reachable from the internet
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/f6ff5992-a986-4325-ab62-cbc4e8e21e28