DLL Hijacking Vulnerabilities in Siemens Software Center

Plan Patch7.8SSA-188491Aug 8, 2023

Attack VectorLocal

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

Multiple DLL hijacking vulnerabilities in Siemens Software Center versions prior to 3.0 allow a local attacker with user-level privileges to execute code with elevated (administrative) privileges. The vulnerabilities exist because Software Center does not properly validate or secure the DLL search path, allowing an attacker to place a malicious DLL in a searchable location that is loaded before the legitimate system library.

What this means

What could happen

A local attacker with user-level access could hijack DLL files to run code with elevated (administrative) privileges on the Software Center host, potentially gaining control of the system and any automation tasks it manages.

Who's at risk

This affects Siemens Software Center administrators and engineers who use the tool to manage, update, or deploy Siemens automation software and firmware across plants. Any organization using Software Center versions before 3.0 for asset management is at risk if users with local system access cannot be fully trusted.

How it could be exploited

An attacker with local access to the Software Center host places a malicious DLL in a location that Software Center searches before the legitimate system directory. When Software Center runs (especially during automatic updates or administrative operations), it loads the attacker's DLL instead of the legitimate one, executing the malicious code with elevated privileges.

Prerequisites

Local access to the Software Center host
User-level privileges on the system
Ability to write files to directories in the Software Center search path

Local access requiredLow complexity attackLow EPSS score (0.4%)

Exploitability

Low exploit probability (EPSS 0.4%)

Affected products (1)

ProductAffected VersionsFix Status

Software Center< V3.03.0

Remediation & Mitigation

0/1

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Siemens Software Center to version 3.0 or later

CVEs (2)

CVE-2021-41544 CVE-2022-25634

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/870a7063-3697-41c7-9e09-4da7b4420a76