OTPulse
FeedAboutContact

SSA-589975 Improper Access Control Vulnerability in CoreShield OWG Software

Plan Patch7.8SSA-589975Sep 13, 2022
Attack VectorLocal
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary

The default installation of the Windows version of CoreShield One-Way Gateway (OWG) software sets insecure file permissions that could allow a local attacker with non-administrator privileges to escalate to local administrator access.

What this means
What could happen
A user with local access to the Windows server running CoreShield OWG could escalate their privileges to administrator, potentially gaining control over gateway configurations and the one-way data flow between IT and OT networks.
Who's at risk
Water utilities, electric utilities, and other critical infrastructure operators using Siemens CoreShield One-Way Gateway for data diode functions between control system networks and IT systems. The gateway acts as a critical security boundary—compromise here could allow attackers to bridge isolated networks or manipulate data flowing across the OT/IT divide.
How it could be exploited
An attacker with local user access to the CoreShield OWG server (via compromised account, shared workstation, or physical access) exploits insecure file permissions on application directories to modify or replace executable files or configuration, then restarts the service or application to achieve administrator-level execution.
Prerequisites
  • Local user account on the Windows server running CoreShield OWG
  • Default file permissions not manually hardened after installation
requires local accessprivilege escalationaffects security boundary (one-way gateway)default insecure configuration
Exploitability
Low exploit probability (EPSS 0.0%)
Affected products (1)
ProductAffected VersionsFix Status
CoreShield One-Way Gateway (OWG) Software< V2.22.2
Remediation & Mitigation
0/3
Do now
0/1
HARDENINGRestrict local login access to the CoreShield OWG server to only authorized engineering and administrative personnel
Schedule — requires maintenance window
0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate CoreShield OWG software to version 2.2 or later
HARDENINGAfter installation, audit and harden file permissions on CoreShield OWG application directories to restrict write access to administrator accounts only
View full Siemens ProductCERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/1026fe72-bf89-4668-8724-61d55af3f338
SSA-589975 Improper Access Control Vulnerability in CoreShield OWG Software | CVSS 7.8 - OTPulse