Siemens SIMOTION Tools

Plan Patch8.1ICS-CERT ICSA-25-254-01Sep 9, 2025

Attack VectorLocal

Auth RequiredNone

ComplexityHigh

User InteractionNone needed

Summary

Local privilege escalation vulnerability in SIMATIC Technology Package TPCamGen and SIMOTION tools (OA MIIF, OACAMGEN, OALECO, OAVIBX). An attacker with local access to an engineering workstation can execute arbitrary code with SYSTEM privileges during the installation of affected tools. Exploitation requires a legitimate user to initiate the installation. No fixes are currently available; Siemens is preparing remediation versions. The vulnerability is specific to the setup and installation phase and does not affect operational systems after successful installation.

What this means

What could happen

An attacker with local access to an engineering workstation could gain system-level control of that machine during installation of affected SIMOTION tools, potentially allowing them to modify configurations, steal credentials, or deploy malware that affects connected industrial systems.

Who's at risk

This affects organizations that use SIMOTION motion control systems with any of the listed tools (TPCamGen, OA MIIF, OACAMGEN, OALECO, OAVIBX). Your risk is highest if engineering staff regularly install or update these tools on workstations that have access to your production motion control network. This is of particular concern for facilities that perform configuration or commissioning work on SIMOTION systems.

How it could be exploited

An attacker with local access to an engineering workstation could trick or wait for a legitimate user to install one of the affected SIMOTION tools. During the setup process, the vulnerability allows the attacker to escalate privileges to SYSTEM level and execute arbitrary code before the installation completes.

Prerequisites

Local access to an engineering workstation
A legitimate user must initiate installation of an affected SIMOTION tool
No credentials needed for exploitation

Local access required (limits remote exploitation)No authentication requiredLow complexity exploitationNo patch currently availableOccurs during installation phase onlyCould affect safety system engineering workstations

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (5)

5 EOL

ProductAffected VersionsFix Status

SIMATIC Technology Package TPCamGenAll versionsNo fix (EOL)

SIMOTION OA MIIFAll versionsNo fix (EOL)

SIMOTION OACAMGENAll versionsNo fix (EOL)

SIMOTION OALECOAll versionsNo fix (EOL)

SIMOTION OAVIBXAll versionsNo fix (EOL)

Remediation & Mitigation

0/5

Do now

0/2

WORKAROUNDPerform installation of SIMOTION tools only on isolated workstations or in controlled environments until vendor fixes are available

HARDENINGRestrict physical and logical access to engineering workstations where SIMOTION tools are installed or will be installed

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

HARDENINGImplement network segmentation to isolate engineering workstations from critical production networks

HARDENINGMonitor installation logs on engineering workstations for unauthorized activity during software setup

HOTFIXApply vendor-supplied fixes as soon as they become available

CVEs (1)

CVE-2025-43715

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/8cf3f11b-d07c-4045-b877-49190142e2a1