Siemens SIPORT

Plan PatchCVSS 7.8ICS-CERT ICSA-24-319-02Nov 12, 2024

Siemens

Attack path

Attack VectorLocal

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

SIPORT versions before 3.4.0 contain a privilege escalation vulnerability in file permission handling. A local attacker with an unprivileged account can override or modify the service executable file due to improper access control on files in the installation directory, then gain elevated privileges when the service runs. The vulnerability requires local access to the system; remote exploitation is not possible.

What this means

What could happen

An attacker with a local unprivileged account on a SIPORT system could modify service executable files to gain administrative control of the device, potentially allowing them to alter critical process parameters or disrupt operations.

Who's at risk

Water utilities and municipal electric utilities using Siemens SIPORT software for network protocol mediation, gateway, and filtering functions should be aware that unprivileged local users could exploit this to escalate privileges and take control of the device. This affects organizations where SIPORT is deployed as a boundary device between operational networks and external connections.

How it could be exploited

An attacker with local access to the SIPORT system exploits incorrect file permissions on the installation directory. They replace the service executable with malicious code, which runs with elevated privileges when the service restarts, giving the attacker full control of the system.

Prerequisites

Local unprivileged account on the SIPORT system
Write access to SIPORT installation directory files and folders

Privilege escalation vulnerabilityLocal exploitation requiredAffects access control to critical system filesLow exploitation complexity

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (1)

ProductAffected VersionsFix Status

SIPORT<V3.4.03.4.0

Remediation & Mitigation

0/3

Do now

0/1

WORKAROUNDRemove write permissions for non-administrative users on files and folders in the SIPORT installation directory

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate SIPORT to version 3.4.0 or later

Long-term hardening

0/1

HARDENINGRestrict physical and local network access to SIPORT systems, ensuring only authorized personnel can access the device locally

CVEs (1)

CVE-2024-47783

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/e3659fae-c133-430e-acbb-3996b7160f77

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.