OTPulse
FeedAboutContact

Privilege Escalation Vulnerability in SINUMERIK ONE, SINUMERIK 840D and SINUMERIK 828D

Plan Patch8.8SSA-342438Sep 10, 2024
Attack VectorLocal
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary

SINUMERIK ONE, SINUMERIK 840D sl, and SINUMERIK 828D are affected by a privilege escalation vulnerability (CWE-732) in file/directory permissions that allows an authenticated local user to escalate privileges to gain administrative access to the machine's operating system. This affects the underlying system beyond just the CNC application.

What this means
What could happen
An authenticated user with local access to a SINUMERIK CNC machine could escalate their privileges to gain full control of the machine's operating system, allowing them to modify programs, alter machine parameters, or disable safety interlocks.
Who's at risk
Manufacturing facilities operating SINUMERIK CNC machines, including shops using SINUMERIK ONE for integrated machining operations, SINUMERIK 840D sl for advanced turning/milling centers, and SINUMERIK 828D for turning centers and mill-turn machines. Any facility where shop floor workers or contractors have local login access to these machines is at risk.
How it could be exploited
An attacker with a local user account on the CNC machine could exploit improper file permissions or privilege handling in the SINUMERIK software to escalate privileges to administrative level, gaining ability to run arbitrary commands and modify machine behavior.
Prerequisites
  • Local access to a SINUMERIK CNC machine
  • Valid user credentials on the affected system
Local access requiredValid credentials requiredLow complexity exploitationNo patch available for some product versionsAffects machine control systems
Exploitability
Low exploit probability (EPSS 0.0%)
Affected products (4)
2 with fix2 EOL
ProductAffected VersionsFix Status
SINUMERIK 828D V5< V5.245.24
SINUMERIK ONE< V6.246.24
SINUMERIK 828D V4All versionsNo fix (EOL)
SINUMERIK 840D sl V4All versionsNo fix (EOL)
Remediation & Mitigation
0/3
Do now
0/1
SINUMERIK 828D V4
HARDENINGFor SINUMERIK 828D V4 and SINUMERIK 840D sl V4 where no patch is available, restrict physical and logical access to affected machines to authorized personnel only
Schedule — requires maintenance window
0/2

Patching may require device reboot — plan for process interruption

SINUMERIK ONE
HOTFIXUpdate SINUMERIK ONE to V6.24 or later
All products
HOTFIXUpdate SINUMERIK 828D to V5.24 or later
View full Siemens ProductCERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/cf2e7f25-ed9e-4c67-aff9-f849a3bc14f8
Privilege Escalation Vulnerability in SINUMERIK ONE, SINUMERIK 840D and SINUMERIK 828D | CVSS 8.8 - OTPulse