OTPulse
FeedAboutContact

Local Privilege Escalation Vulnerability in SIMOTION Tools

Plan Patch8.1SSA-563922Sep 9, 2025
Attack VectorLocal
Auth RequiredNone
ComplexityHigh
User InteractionNone needed
Summary

Local privilege escalation vulnerability in SIMATIC Technology Package TPCamGen, SIMOTION OA MIIF, SIMOTION OACAMGEN, SIMOTION OALECO, and SIMOTION OAVIBX tools. The vulnerability allows a local attacker to execute arbitrary code with SYSTEM privileges during the installation or setup phase of these tools. Attack requires local access to the engineering workstation and occurs only when a legitimate user is actively installing an affected tool. Siemens has not released patches for any of these products and states they are preparing fixes.

What this means
What could happen
A local attacker with user-level access could gain SYSTEM privileges during installation of SIMOTION tools, allowing them to run arbitrary commands on the engineering workstation. This affects only the setup phase, not normal operation of the motion control system itself.
Who's at risk
Engineering personnel and system integrators who use SIMOTION tools on Windows engineering workstations to configure and program Siemens motion control systems. The risk applies to organizations maintaining legacy or newly deployed SIMOTION automation systems across manufacturing, water treatment, and infrastructure industries.
How it could be exploited
An attacker with local access to an engineering workstation must wait for a legitimate user to install or update one of the affected SIMOTION tools. During the installation process, the attacker can exploit the privilege escalation vulnerability to execute arbitrary code with SYSTEM privileges, potentially installing persistent backdoors or modifying the installed software.
Prerequisites
  • Local access to the engineering workstation
  • Installation of affected SIMOTION tool in progress
  • User executing the installer
Locally exploitableLow complexityNo patch available currentlySYSTEM privilege escalation
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (5)
5 EOL
ProductAffected VersionsFix Status
SIMOTION OA MIIFAll versionsNo fix (EOL)
SIMOTION OACAMGENAll versionsNo fix (EOL)
SIMOTION OALECOAll versionsNo fix (EOL)
SIMOTION OAVIBXAll versionsNo fix (EOL)
SIMATIC Technology Package TPCamGenAll versionsNo fix (EOL)
Remediation & Mitigation
0/4
Do now
0/1
WORKAROUNDPerform installations only in isolated environments or on air-gapped workstations where possible
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXMonitor for and apply Siemens vendor fixes once available for affected SIMOTION tools
Mitigations - no patch available
0/2
The following products have reached End of Life with no planned fix: SIMOTION OA MIIF, SIMOTION OACAMGEN, SIMOTION OALECO, SIMOTION OAVIBX, SIMATIC Technology Package TPCamGen. Apply the following compensating controls:
HARDENINGRestrict physical and remote access to engineering workstations to authorized personnel only
HARDENINGFollow Siemens' operational guidelines for Industrial Security to harden the IT environment
View full Siemens ProductCERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/b7092030-55d3-402a-a15c-8ca06aa9d382
Local Privilege Escalation Vulnerability in SIMOTION Tools | CVSS 8.1 - OTPulse