Local Privilege Escalation Vulnerability in Unicam FX

Monitor7.8SSA-543502Feb 13, 2024

Attack VectorLocal

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

Unicam FX contains a local privilege escalation vulnerability (CWE-648) that allows an attacker with user-level access to gain SYSTEM privileges on the device. Unicam FX has reached end-of-software-maintenance and no security patches will be released. Siemens recommends implementing network access controls, following operational security guidelines, and migrating to a supported successor product.

What this means

What could happen

An attacker with local access to a Unicam FX system could escalate their privileges to SYSTEM level, giving them complete control over the device and any industrial processes it manages.

Who's at risk

Organizations operating Unicam FX systems should be concerned, particularly in water treatment, power generation, and other critical infrastructure facilities where this device is used for process control or monitoring. End users, systems integrators, and facility managers need to prioritize migration planning.

How it could be exploited

An attacker must first gain local access to the Unicam FX system (via physical access or by compromising a user account on the device). Once they have a user-level account, they can execute code that exploits the privilege escalation vulnerability to gain SYSTEM-level privileges and take full control of the system.

Prerequisites

Local access to the Unicam FX system
User-level account on the device or ability to execute code with user privileges

no patch availablelocal privilege escalationend-of-life productrequires prior system compromise or physical access

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (1)

ProductAffected VersionsFix Status

Unicam FXAll versionsNo fix (EOL)

Remediation & Mitigation

0/3

Do now

0/1

HARDENINGRestrict physical and network access to Unicam FX systems; limit user accounts to trusted personnel only

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGImplement network segmentation to isolate Unicam FX from less-trusted networks and systems

Mitigations - no patch available

0/1

Unicam FX has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGMigrate to a supported successor product; Unicam FX is end-of-life and will not receive security patches

CVEs (1)

CVE-2024-22042

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/ab5c00dd-2118-45df-982a-3db44c0013ad