OTPulse
FeedAboutContact

Unquoted Search Path Vulnerability in SICAM PQ Analyzer

Low Risk3.4SSA-173318Jan 11, 2022
Attack VectorLocal
Auth RequiredHigh
ComplexityLow
User InteractionNone needed
Summary

SICAM PQ Analyzer versions prior to 3.18 contain an unquoted search path vulnerability in a Windows registry entry. An attacker with local administrative access could place a malicious executable in the application's search path, which would be executed when the service starts or restarts. The vulnerability is triggered through the application's initialization process, not through normal operation.

What this means
What could happen
An attacker with administrative access to the server running SICAM PQ Analyzer could place a malicious executable in the application's search path, which would then be executed with the application's privileges when the service starts, potentially allowing code execution on the system.
Who's at risk
Operators and administrators managing SIEMENS SICAM PQ Analyzer installations, which are used for power quality analysis and monitoring in substations and control centers. This affects the IT infrastructure hosting the analysis software rather than front-line control devices, but could compromise the integrity of power quality data or enable lateral movement into the OT network.
How it could be exploited
An attacker with local administrative access modifies the Windows registry unquoted search path for SICAM PQ Analyzer to point to a directory they control, then places a malicious executable in that directory. When the application starts or the service is restarted, it executes the attacker's code with the privileges of the PQ Analyzer process.
Prerequisites
  • Local administrative access to the server running SICAM PQ Analyzer
  • Ability to write to directories in the application search path
  • Ability to restart the application service or wait for service restart
Local access onlyHigh privileges required (administrative)Low CVSS scorePath traversal/privilege escalation vector
Exploitability
Low exploit probability (EPSS 0.4%)
Affected products (1)
ProductAffected VersionsFix Status
SICAM PQ Analyzer< V3.183.18
Remediation & Mitigation
0/1
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate SICAM PQ Analyzer to version 3.18 or later
View full Siemens ProductCERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/630041f4-48ae-4411-b5d2-79b9478896bf
Unquoted Search Path Vulnerability in SICAM PQ Analyzer | CVSS 3.4 - OTPulse