OTPulse
FeedAboutContact

Sensitive Information Disclosure in SIMATIC PCS neo Administration Console

Monitor5.5SSA-646240Sep 14, 2023
Attack VectorLocal
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary

The Administration Console of SIMATIC PCS neo leaks Windows admin credentials in plaintext or easily recoverable form. An attacker with local access to the Windows system running the Administration Console could extract these credentials and use them to gain administrative access to other Windows systems on the network.

What this means
What could happen
An attacker with local access to the Administration Console system could steal Windows admin credentials and use them to compromise other systems on your network, potentially gaining control over engineering workstations or other critical IT infrastructure connected to your industrial control system.
Who's at risk
Engineering teams using SIMATIC PCS neo Administration Console for process automation configuration and monitoring. This affects anyone managing PCS neo-based systems in manufacturing, utilities, or other industrial facilities where the Administration Console runs on Windows workstations or servers connected to corporate networks.
How it could be exploited
An attacker with local Windows access to the Administration Console machine (either physical access or via Remote Desktop/similar) can extract stored admin credentials from memory, configuration files, or the application. These credentials can then be reused to authenticate to other Windows systems on the network with administrative privileges.
Prerequisites
  • Local access to the Windows system running SIMATIC PCS neo Administration Console
  • User account on the Administration Console system (can be low-privilege)
  • Access to credential storage (memory, registry, or configuration files on the local machine)
Affects Windows system and credentialsCredential theft can spread to other systemsRequires local access but low complexity to exploit once access is gainedVendor patch available but may require coordination with engineering teams
Exploitability
Low exploit probability (EPSS 0.0%)
Affected products (2)
2 with fix
ProductAffected VersionsFix Status
SIMATIC PCS neo (Administration Console) V4.0All versionsSee Security Patch 01
SIMATIC PCS neo (Administration Console) V4.0 Update 1All versionsSee Security Patch 01
Remediation & Mitigation
0/1
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

SIMATIC PCS neo (Administration Console) V4.0
HOTFIXInstall Security Patch 01 for SIMATIC PCS neo Administration Console from Siemens support portal
View full Siemens ProductCERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/554b8dbd-a5e2-419e-b602-762cde69e6ee