Siemens PSS SINCAL

Plan PatchCVSS 8.8ICS-CERT ICSA-24-284-09Oct 8, 2024

Siemens

Attack path

Attack VectorLocal

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

Siemens PSS SINCAL optionally uses WibuKey Dongles for licensing. The WibuKey Windows device driver contains a buffer overflow vulnerability (CWE-119) that allows a local attacker with standard user privileges to execute arbitrary code with elevated privileges on the workstation. WIBU Systems has released corrected driver versions. Siemens recommends updating WibuKey Runtime for Windows to V6.70 or later on affected installations. These vulnerabilities are not remotely exploitable.

What this means

What could happen

A local attacker with standard user privileges on a Windows engineering workstation could escalate privileges and gain full control of the system, potentially affecting engineering access to critical power system simulations and study tools.

Who's at risk

Power system planning and simulation engineers using PSS SINCAL with WibuKey licensing on Windows workstations should prioritize this update. Organizations that use PSS SINCAL for grid studies, stability analysis, and operational planning need to patch engineering workstations that have WibuKey dongles installed.

How it could be exploited

An attacker with local access to a Windows engineering workstation running PSS SINCAL with WibuKey dongle licensing can exploit a buffer overflow in the WibuKey Windows device driver to execute arbitrary code with elevated privileges, bypassing normal access controls.

Prerequisites

Local access to Windows engineering workstation
Standard user-level account on the system
WibuKey dongle physically installed or driver loaded
WibuKey Windows driver version earlier than V6.70

low complexitylocal attack onlyrequires user-level accessaffects engineering workstations in OT environmentbuffer overflow vulnerabilitydefault or weak workstation security practices may enable exploit

Exploitability

Unlikely to be exploited — EPSS score 0.2%

Affected products (1)

ProductAffected VersionsFix Status

PSS(R)SINCALAll versionsNo fix yet

Remediation & Mitigation

0/3

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate WibuKey Runtime for Windows to version V6.70 or later on all engineering workstations using PSS SINCAL with WibuKey dongles

Long-term hardening

0/2

HARDENINGRestrict physical and network access to engineering workstations running PSS SINCAL to authorized personnel only

HARDENINGImplement local administrator account restrictions and principle of least privilege on engineering workstations to limit user execution capabilities

CVEs (2)

CVE-2024-45181 CVE-2024-45182

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/dcda836e-59b3-4b2c-86d1-2753ababe4a3

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.