OTPulse
FeedAboutContact

Arbitrary File Download Vulnerability in SIMATIC eaSie PCS 7 Skill Package

Monitor6.5SSA-199605Dec 14, 2021
Attack VectorNetwork
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary

SIMATIC eaSie PCS 7 Skill Package contains a path traversal vulnerability in the application server that allows an authenticated remote attacker to read arbitrary files on the system. This could expose sensitive configuration data, credentials, or other information stored on the server. Siemens has released a fix in version V21.00 SP3.

What this means
What could happen
An authenticated attacker with access to the application server could read sensitive files from the system, including configuration data, credentials, or process information that could be used for further attacks.
Who's at risk
Process automation engineers and operators running Siemens SIMATIC eaSie PCS 7 Skill Package for process control and engineering support should evaluate this vulnerability. This affects utilities and manufacturers using eaSie for distributed PCS 7 engineering across multiple sites.
How it could be exploited
An attacker with valid credentials to the eaSie PCS 7 application server could craft a malicious file request using path traversal techniques (e.g., "../../../") to navigate outside the intended directory and download arbitrary files from the server filesystem.
Prerequisites
  • Valid credentials for eaSie PCS 7 application server
  • Network access to the application server
  • Affected version (earlier than V21.00 SP3)
Remotely exploitableRequires valid credentialsPath traversal attackAffects configuration/credentials access
Exploitability
Low exploit probability (EPSS 0.4%)
Affected products (1)
ProductAffected VersionsFix Status
SIMATIC eaSie PCS 7 Skill Package< V21.00 SP321.00 SP3
Remediation & Mitigation
0/1
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate SIMATIC eaSie PCS 7 Skill Package to version V21.00 SP3 or later
View full Siemens ProductCERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/511e3408-0229-481e-a8de-1a0f479eb2ab
Arbitrary File Download Vulnerability in SIMATIC eaSie PCS 7 Skill Package | CVSS 6.5 - OTPulse