OTPulse
FeedAboutContact

Siemens PSS SINCAL

Plan Patch8.8ICS-CERT ICSA-24-284-09Oct 8, 2024
Attack VectorLocal
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary

Several Siemens products including PSS SINCAL optionally use WibuKey Dongles for licensing. The Windows device driver for these dongles contains vulnerabilities (CWE-119 - buffer overflow) that could allow a local user to execute code with elevated privileges. The vulnerabilities are not remotely exploitable. WIBU Systems has released an updated WibuKey Runtime for Windows (v6.70 or later). Siemens recommends updating the WibuKey driver on all affected Windows client installations where WibuKey Dongles are in use.

What this means
What could happen
A user with local access to a Windows workstation running PSS SINCAL with a WibuKey dongle could exploit a driver vulnerability to gain elevated privileges and potentially modify engineering configurations or disable licensing controls.
Who's at risk
Utilities and industrial facilities using Siemens PSS SINCAL for power system planning and analysis on Windows workstations with WibuKey hardware dongles for software licensing. Risk is highest where engineering workstations are shared or have weak physical security.
How it could be exploited
An attacker with local access to a Windows engineering workstation containing the WibuKey dongle driver could exploit a memory corruption flaw in the WibuKey Runtime driver to execute code with elevated privileges. From there, the attacker could modify PSS SINCAL project files or bypass licensing restrictions.
Prerequisites
  • Local access to Windows workstation running PSS SINCAL with WibuKey dongle
  • WibuKey Runtime driver installed on Windows system
  • User privileges to interact with the dongle driver
Low complexity exploitLocal access required onlyAffects engineering workstationsNo patch available for PSS SINCAL itself
Exploitability
Low exploit probability (EPSS 0.2%)
Affected products (1)
ProductAffected VersionsFix Status
PSS(R)SINCALAll versionsNo fix yet
Remediation & Mitigation
0/3
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate WibuKey Runtime for Windows to version 6.70 or later on all engineering workstations using WibuKey dongles
Long-term hardening
0/2
HARDENINGRestrict physical and network access to engineering workstations to authorized personnel only
HARDENINGImplement local administrative controls to limit which users can interact with hardware licensing dongles
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/dcda836e-59b3-4b2c-86d1-2753ababe4a3
Siemens PSS SINCAL | CVSS 8.8 - OTPulse