OTPulse
FeedAboutContact

Siemens Desigo

Monitor7.5ICS-CERT ICSA-25-135-04May 13, 2025
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

Desigo CC Installed Client has an information disclosure vulnerability (CWE-306) that could allow an attacker to leak sensitive data from the Desigo CC server. The vulnerability does not affect the Windows App Client or Flex Client options. No vendor patch is available.

What this means
What could happen
An attacker with network access to the Desigo CC server could extract sensitive information (configuration, operational data, or credentials) that may compromise the security of building automation or related control systems.
Who's at risk
Building automation and HVAC operators using Siemens Desigo CC with the Installed Client should be aware that sensitive operational and configuration data could be exposed. Organizations running Desigo CC servers on facility networks are at risk if the event port is reachable from untrusted segments. The Windows App Client and Flex Client variants are not affected.
How it could be exploited
An attacker on the network reaches the Desigo CC server's event port (default 4998/tcp) and sends requests to trigger the information disclosure. If Installed Client is enabled on the server, the attacker can retrieve sensitive data without authentication.
Prerequisites
  • Network access to Desigo CC server's event port (default 4998/tcp)
  • Desigo CC Installed Client must be enabled on the server
  • No credentials required
remotely exploitableno authentication requiredlow complexityno patch availableinformation disclosure from control system server
Exploitability
Low exploit probability (EPSS 0.2%)
Affected products (1)
ProductAffected VersionsFix Status
Desigo CCAll versionsNo fix (EOL)
Remediation & Mitigation
0/4
Do now
0/2
WORKAROUNDRestrict network access to the Desigo CC server's event port (default 4998/tcp) using firewall rules
HARDENINGDisable support for Installed Clients on the Desigo CC server if Windows App Client or Flex Client can be used instead
Mitigations - no patch available
0/2
Desigo CC has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGIsolate Desigo CC servers behind firewall and ensure they are not directly accessible from the internet
HARDENINGImplement network segmentation to restrict access to building automation systems from business networks
View full CISA ICS-CERT advisory
โ†‘โ†“ Navigate ยท Esc Close
API: /api/v1/advisories/912315a3-75a1-4455-bbc3-39734cd72076
Siemens Desigo | CVSS 7.5 - OTPulse