Privilege Escalation Vulnerability in SIPORT Before V3.4.0
Plan Patch7.8SSA-064257Nov 12, 2024
Attack VectorLocal
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary
SIPORT before V3.4.0 contains a privilege escalation vulnerability (CWE-732) that allows a local attacker with an unprivileged account to override or modify the service executable and gain elevated privileges. The vulnerability is due to insecure file permissions on the SIPORT service executable. Siemens has released version 3.4.0 which corrects this issue.
What this means
What could happen
An attacker with a local unprivileged account on SIPORT could escalate to elevated privileges by modifying the service executable, potentially allowing them to alter industrial process logic or shut down operations.
Who's at risk
SIPORT operators and facility managers using versions before 3.4.0. This affects organizations relying on SIPORT for industrial process monitoring, automation, or control system integration (typically manufacturing, utilities, and process industries).
How it could be exploited
An attacker with local user access on the SIPORT host modifies the service executable file (which has insecure permissions). When SIPORT service runs, it executes the attacker's modified code with elevated privileges, giving the attacker full control of the system and connected industrial devices.
Prerequisites
- Local user account on the SIPORT system (unprivileged)
- Write access to SIPORT service executable directory (due to insecure file permissions)
- Ability to restart or trigger the SIPORT service
Privilege escalation to system levelLow complexity attackAffects industrial process control systemsRequires local access (insider threat)
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
SIPORT< V3.4.03.4.0
Remediation & Mitigation
0/1
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXUpdate SIPORT to version 3.4.0 or later
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/ab6ac07b-5ec7-471c-a7f3-2f02925e6712