OTPulse
FeedAboutContact

Privilege Escalation Vulnerability in SINUMERIK MC

Plan Patch7.8SSA-337210Mar 8, 2022
Attack VectorLocal
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary

The NC plug-in card in SINUMERIK MC and SINUMERIK ONE contains a privilege escalation vulnerability (CWE-269) that allows local attackers to escalate privileges to root level. Root access provides full control over the device, including the ability to read and modify G code that controls machine tool operations. CVSS v3.1 base score is 7.8 (high severity).

What this means
What could happen
A user with local access to a SINUMERIK MC or SINUMERIK ONE controller could escalate their privileges to root level, gaining full control of the machine control system, including the ability to read and modify G code that controls machine tool operations.
Who's at risk
Machine tool operators and manufacturers using SINUMERIK MC or SINUMERIK ONE CNC controllers should prioritize patching. This includes all shops with Siemens-based numerical control systems for milling, turning, or grinding operations.
How it could be exploited
An attacker with local access to the NC plug-in card in SINUMERIK MC or SINUMERIK ONE exploits the privilege escalation vulnerability to gain root privileges. From root, they could modify G code to alter tool paths, spindle speeds, or feed rates, or read proprietary manufacturing programs.
Prerequisites
  • Local access to the SINUMERIK MC or SINUMERIK ONE controller
  • User-level account on the affected device
  • Access to the NC plug-in card interface
privilege escalation vulnerabilitylocal access requiredlow complexityaffects machine control systemsallows modification of manufacturing programs
Exploitability
Low exploit probability (EPSS 0.0%)
Affected products (2)
2 with fix
ProductAffected VersionsFix Status
SINUMERIK MC< V1.15 SP11.15 SP1
SINUMERIK ONE< V6.15 SP16.15 SP1
Remediation & Mitigation
0/2
Schedule — requires maintenance window
0/2

Patching may require device reboot — plan for process interruption

SINUMERIK MC
HOTFIXUpdate SINUMERIK MC to version 1.15 SP1 or later
SINUMERIK ONE
HOTFIXUpdate SINUMERIK ONE to version 6.15 SP1 or later
View full Siemens ProductCERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/95955586-db8b-4ed9-9797-39e2edd02892