Incorrect Permission Assignment in SICAM PAS/PQS
Plan Patch7.8SSA-035466Oct 10, 2023
Attack VectorLocal
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary
SICAM PAS/PQS versions 8.00 through 8.21 contain insecure permission assignments in application folders (CWE-732). An authenticated local user could read and modify critical configuration data or escalate privileges. The vulnerability exists because application folders do not restrict access appropriately, allowing lower-privileged accounts to access sensitive files and potentially gain system-level access.
What this means
What could happen
An authenticated local user on a SICAM PAS/PQS system could read and modify critical configuration data or escalate their privileges to gain higher access to the system.
Who's at risk
This affects any utility or industry using Siemens SICAM PAS/PQS for power automation and quality supervision. This includes electric utilities managing substations and distribution networks, as well as industrial facilities with power quality monitoring. Engineering workstations and control servers running vulnerable versions are at risk.
How it could be exploited
An attacker with a valid local user account on the SICAM PAS/PQS server gains access to the system, then exploits incorrect file permissions on application folders to read sensitive configuration files or overwrite files to escalate to higher privileges such as administrator or system-level access.
Prerequisites
- Valid local user credentials on the SICAM PAS/PQS server
- Local or physical access to the system, or access via RDP/remote shell
- SICAM PAS/PQS version 8.00 to 8.21 (unpatched)
Low complexity exploitationLocal access required but from any authenticated userCan lead to privilege escalationAffects configuration integrityRequires valid credentials so insider risk
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (2)
2 with fix
ProductAffected VersionsFix Status
SICAM PAS/PQS≥ V8.00<V8.228.22
SICAM PAS/PQS≥ V8.00<V8.208.20
Remediation & Mitigation
0/5
Schedule — requires maintenance window
0/4Patching may require device reboot — plan for process interruption
SICAM PAS/PQS
HOTFIXInstall the Security Patch available from Siemens support (https://support.industry.siemens.com/cs/ww/en/view/109824392/) on SICAM PAS/PQS versions V8.00 to V8.21
HOTFIXUpdate SICAM PAS/PQS to version V8.22 or later
HOTFIXUpdate SICAM PAS/PQS to version V8.20 or later if already on V8.20 branch
HARDENINGAudit file and folder permissions on existing SICAM PAS/PQS installations to verify no unauthorized access
Long-term hardening
0/1SICAM PAS/PQS
HARDENINGRestrict local user access to SICAM PAS/PQS servers to only authorized engineering and operations staff who require it
CVEs (2)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/3a90c362-f7f5-4ca0-9e13-0d98627eadac