Siemens WIBU CodeMeter Runtime
Plan Patch8.2ICS-CERT ICSA-25-226-05Aug 12, 2025
Attack VectorLocal
Auth RequiredHigh
ComplexityLow
User InteractionNone needed
Summary
WIBU Systems CodeMeter Runtime contains a privilege escalation vulnerability. The vulnerability exists in SIMATIC PDM Maintenance Station V5.0, SIMATIC WinCC OA V3.18, V3.19, and V3.20. An attacker with high privileges on a local system could escalate privileges under certain circumstances, affecting the confidentiality, integrity, and availability of the affected products.
What this means
What could happen
A user with elevated privileges on a system running WinCC OA or PDM Maintenance Station could escalate to further privilege levels, potentially gaining control of the engineering workstation or associated processes. This could allow modification of control system configurations or operator interface settings.
Who's at risk
This affects manufacturing facilities using Siemens engineering and maintenance tools, specifically operators and engineers running SIMATIC WinCC OA (supervisory control software) or SIMATIC PDM Maintenance Station on Windows workstations. This includes personnel with administrative or engineering-level access to these systems.
How it could be exploited
An attacker with high-privilege account access (administrative or engineering credentials) on a local Windows workstation running WinCC OA or PDM Maintenance Station could exploit the vulnerability to escalate their privilege level further. The vulnerability is local-only and requires existing elevated access; it cannot be exploited remotely over the network.
Prerequisites
- Local access to the workstation running WinCC OA or PDM Maintenance Station
- Valid high-privilege user account (administrative or engineering credentials)
- Vulnerable version of CodeMeter Runtime bundled with the Siemens product
local privilege escalationrequires high-privilege account accessaffects engineering workstations used for process control configurationlow complexity attack (leverages existing CodeMeter vulnerability)PDM Maintenance Station has no vendor fix planned
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (4)
3 with fix1 EOL
ProductAffected VersionsFix Status
SIMATIC WinCC OA V3.18<V3.18 P0323.18 P032
SIMATIC WinCC OA V3.19<V3.19 P0203.19 P020
SIMATIC WinCC OA V3.20<V3.20 P0083.20 P008
SIMATIC PDM Maintenance Station V5.0All versionsNo fix (EOL)
Remediation & Mitigation
0/6
Do now
0/1HARDENINGRestrict local interactive access to engineering workstations to trusted personnel only, using OS-level access controls
Schedule — requires maintenance window
0/3Patching may require device reboot — plan for process interruption
SIMATIC WinCC OA V3.18
HOTFIXUpdate SIMATIC WinCC OA V3.18 to patch level P032 or later
SIMATIC WinCC OA V3.19
HOTFIXUpdate SIMATIC WinCC OA V3.19 to patch level P020 or later
SIMATIC WinCC OA V3.20
HOTFIXUpdate SIMATIC WinCC OA V3.20 to patch level P008 or later
Mitigations - no patch available
0/2SIMATIC PDM Maintenance Station V5.0 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGIsolate PDM Maintenance Station and WinCC OA workstations from business networks using firewalls and network segmentation
HARDENINGImplement physical security and badge access controls to limit unauthorized local access to engineering workstations
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/5ea679bd-b29c-4b45-8104-5935537e67d6