OTPulse
FeedAboutContact

Weak Registry Permission Vulnerability in SIMATIC IPC DiagBase and SIMATIC IPC DiagMonitor

Monitor7SSA-369369Feb 11, 2025
Attack VectorLocal
Auth RequiredLow
ComplexityHigh
User InteractionNone needed
Summary

SIMATIC IPC DiagBase and SIMATIC IPC DiagMonitor contain a weak registry permission vulnerability (CWE-732) that allows an authenticated local attacker with user-level privileges to escalate privileges and potentially bypass security measures. The vulnerability exists in all current versions of both products. No vendor patch is available; Siemens recommends implementing compensating controls including network access protection, user access controls, and registry permission hardening per their Industrial Security operational guidelines.

What this means
What could happen
An attacker with local access and low-level credentials could escalate privileges and take unauthorized control of the IPC, potentially altering diagnostics data, manipulating system configurations, or compromising monitoring functions that operators rely on for process visibility and control.
Who's at risk
Water utilities, electric utilities, and other critical infrastructure operators using Siemens SIMATIC IPC systems for process diagnostics and monitoring. This affects any facility relying on DiagBase or DiagMonitor for system health visibility and control of industrial processes.
How it could be exploited
An attacker with a user account on the IPC could exploit weak registry permissions to modify system registry settings, escalate privileges to administrator level, and bypass security restrictions. This requires local interactive access to the device itself or remote access via an already-compromised user session.
Prerequisites
  • Local or remote user account on the SIMATIC IPC
  • Windows user-level or higher privileges
  • Physical or network-based access to the IPC running DiagBase or DiagMonitor
Requires local or remote authenticated accessPrivilege escalation riskNo vendor patch availableAffects diagnostic and monitoring functions
Exploitability
Low exploit probability (EPSS 0.0%)
Affected products (2)
2 EOL
ProductAffected VersionsFix Status
SIMATIC IPC DiagBaseAll versionsNo fix (EOL)
SIMATIC IPC DiagMonitorAll versionsNo fix (EOL)
Remediation & Mitigation
0/5
Do now
0/2
HARDENINGRestrict physical and network access to SIMATIC IPC devices to authorized personnel only; use firewall rules to limit access to engineering workstations and authorized monitoring systems
HARDENINGImplement strict Windows user access controls on the IPC; enforce strong passwords and limit local user accounts to the minimum necessary for operations
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

WORKAROUNDApply Windows registry hardening: audit and manually restrict permissions on registry keys used by DiagBase and DiagMonitor to prevent unauthorized modification
Mitigations - no patch available
0/2
The following products have reached End of Life with no planned fix: SIMATIC IPC DiagBase, SIMATIC IPC DiagMonitor. Apply the following compensating controls:
HARDENINGReview and apply Siemens operational guidelines for Industrial Security to establish a protected IT environment per product manual recommendations
HARDENINGMonitor IPC registry and process access logs for suspicious modification attempts
View full Siemens ProductCERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/3a7e5647-1fbd-4703-a4da-210fc230bf94
Weak Registry Permission Vulnerability in SIMATIC IPC DiagBase and SIMATIC IPC DiagMonitor | CVSS 7 - OTPulse