Siemens SIMOTION Tools

Plan PatchCVSS 8.1ICS-CERT ICSA-25-254-01Sep 9, 2025

Siemens

Attack path

Attack VectorLocal

Auth RequiredNone

ComplexityHigh

User InteractionNone needed

Summary

Multiple SIMOTION tools are affected by a local privilege escalation vulnerability in their setup installers. The vulnerability allows an attacker with local access to execute arbitrary code with SYSTEM privileges during the installation of an affected tool, potentially compromising the workstation and any connected control system configurations. Affected products are SIMATIC Technology Package TPCamGen, SIMOTION OA MIIF, SIMOTION OACAMGEN, SIMOTION OALECO, and SIMOTION OAVIBX. The vulnerability exists only during the setup and installation phase. Siemens states that fix versions are in preparation but has not yet released patches.

What this means

What could happen

A user who installs one of these affected SIMOTION tools could unknowingly grant an attacker SYSTEM-level privileges on the engineering workstation, potentially compromising the integrity of control system configurations and enabling further attacks on connected OT networks.

Who's at risk

SIMOTION engineering teams and workstation administrators should care about this vulnerability. It affects Siemens SIMOTION setup tools (TPCamGen, OACAMGEN, OALECO, OAVIBX, and MIIF) that are used to configure and generate code for SIMOTION motion control systems. The risk is highest during tool installation and configuration phases on engineering workstations.

How it could be exploited

An attacker with local access to an engineering workstation could craft a malicious application or exploit the setup installer for these tools. When a legitimate user installs the application, the vulnerability allows the attacker's code to execute with SYSTEM privileges, bypassing normal user restrictions.

Prerequisites

Local access to the engineering workstation where one of the affected SIMOTION tools is being installed
User must initiate installation of an affected tool or a third-party application using the vulnerable setup component

Local exploitation required (not remote)Low complexity attack if attacker already has local accessNo vendor patches currently available for any affected productAffects engineering workstations that control OT systems

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (5)

5 EOL

ProductAffected VersionsFix Status

SIMATIC Technology Package TPCamGenAll versionsNo fix (EOL)

SIMOTION OA MIIFAll versionsNo fix (EOL)

SIMOTION OACAMGENAll versionsNo fix (EOL)

SIMOTION OALECOAll versionsNo fix (EOL)

SIMOTION OAVIBXAll versionsNo fix (EOL)

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGRestrict physical and logical access to engineering workstations running SIMOTION tools to authorized personnel only

HARDENINGEducate users not to install applications from untrusted sources on SIMOTION engineering workstations

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXMonitor for vendor security patches for SIMOTION tools and apply them promptly when available

Mitigations - no patch available

0/1

The following products have reached End of Life with no planned fix: SIMATIC Technology Package TPCamGen, SIMOTION OA MIIF, SIMOTION OACAMGEN, SIMOTION OALECO, SIMOTION OAVIBX. Apply the following compensating controls:

HARDENINGFollow Siemens operational guidelines for Industrial Security (available at https://www.siemens.com/cert/operational-guidelines-industrial-security) to harden the engineering environment

CVEs (1)

CVE-2025-43715

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/8cf3f11b-d07c-4045-b877-49190142e2a1

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.