Siemens OPC UA Modeling Editor (SiOME)

Plan PatchCVSS 7.5ICS-CERT ICSA-23-320-07Nov 14, 2023

Siemens

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Siemens OPC UA Modeling Editor (SiOME) versions before 2.8 contain an XML external entity (XXE) injection vulnerability that allows an attacker to read arbitrary files on the affected workstation. The vulnerability occurs because the application processes XML data without properly validating or disabling external entity references. An attacker who can provide a malicious XML file to SiOME can exploit this to read sensitive files accessible to the workstation user, including configuration files, project data, or other sensitive information stored on that machine.

What this means

What could happen

An attacker could read arbitrary files from the Siemens OPC UA Modeling Editor workstation, potentially exposing configuration data, credentials, or engineering information used to manage automation systems.

Who's at risk

This vulnerability affects engineering and planning teams who use Siemens OPC UA Modeling Editor to design automation configurations. The primary risk is to workstations used for PLC and automation system engineering and design.

How it could be exploited

An attacker sends a malicious XML file to SiOME (via email, shared folder, or direct upload if exposed on the network). The application processes the XML without properly validating external entity references, allowing the attacker to read files accessible to the workstation's user account.

Prerequisites

Network access to the workstation running SiOME
Ability to send or place a malicious XML file where SiOME will process it
SiOME version before 2.8

remotely exploitablelow complexityno authentication requiredaffects engineering workstations

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (1)

ProductAffected VersionsFix Status

OPC UA Modelling Editor (SiOME)<V2.82.8

Remediation & Mitigation

0/3

Do now

0/1

HARDENINGRestrict network access to SiOME workstations using firewall rules; do not expose to the internet or untrusted networks

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Siemens OPC UA Modeling Editor to version 2.8 or later

Long-term hardening

0/1

HARDENINGIsolate the engineering workstation running SiOME from the business network and ensure it is not directly reachable from the internet

CVEs (1)

CVE-2023-46590

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/f6ff5992-a986-4325-ab62-cbc4e8e21e28

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.