OTPulse
FeedAboutContact

Siemens Polarion ALM

Plan Patch7.8ICS-CERT ICSA-24-046-14Feb 13, 2024
Attack VectorLocal
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary

Polarion ALM versions prior to 2404.0 are affected by two vulnerabilities: (1) incorrect default file and folder permissions on the installation path, allowing privilege escalation for users with local access; and (2) improper authentication on the REST API endpoints of the DOORS connector, allowing unauthenticated remote access to integrated data. An attacker could exploit either vulnerability to gain unauthorized access to the ALM system or escalate privileges within the environment.

What this means
What could happen
An attacker with local access could escalate privileges or bypass authentication controls on Polarion ALM. If the DOORS connector is exposed, an unauthenticated attacker could access the REST API endpoint remotely and potentially read or modify synchronized data.
Who's at risk
This advisory affects organizations using Siemens Polarion ALM for application lifecycle management. Risk is elevated if the DOORS connector feature is enabled and exposed to network access, or if local access controls on the ALM server are weak. This primarily affects engineering teams, architects, and system integrators who rely on Polarion for requirements and document management in critical infrastructure projects.
How it could be exploited
An attacker with local file system access could exploit incorrect default permissions on the Polarion ALM installation directory to gain elevated privileges. Alternatively, an attacker on the network could access the unauthenticated DOORS connector REST API endpoint if the connector is enabled and not restricted, allowing unauthorized interaction with system integration data.
Prerequisites
  • Local file system access to the Polarion ALM installation directory (for privilege escalation path)
  • Network access to the Polarion ALM server on the HTTP/HTTPS port where DOORS connector REST API is exposed (for remote unauthenticated API access)
  • DOORS connector feature enabled in the Polarion ALM instance (for API exploitation)
Remotely exploitable (DOORS connector REST API)No authentication required on DOORS connector endpointLow complexity exploitationDefault/weak configuration in installationAffects system integration and data access controls
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
Polarion ALM<V2404.02404.0
Remediation & Mitigation
0/5
Do now
0/3
HARDENINGRestrict file and folder path permissions on the Polarion ALM installation directory post-installation
WORKAROUNDIf DOORS connector is not in use, add Apache configuration rule to deny all unauthenticated access to /polarion/doorsconnector/rest endpoint
WORKAROUNDIf DOORS connector is in use, restrict network access to the /polarion/doorsconnector/rest endpoint to the specific IP address of the DOORS instance only
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Polarion ALM to version 2404.0 or later
Long-term hardening
0/1
HARDENINGProtect network access to the Polarion ALM server with a firewall or network access control
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/3cb51dd0-bf44-447f-88d8-3e0bc090968f
Siemens Polarion ALM | CVSS 7.8 - OTPulse