Incorrect Permission Assignment in Multiple SIMATIC Software Products
Plan Patch7.3SSA-661034Jul 13, 2021
Attack VectorLocal
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary
Multiple SIMATIC software products have incorrect file permissions on configuration metafiles. This allows a user with a local account on the engineering workstation to modify configuration files without authorization. When these modified configurations are deployed to connected devices, they can alter process parameters, equipment behavior, or safety-related settings. Affected products include SIMATIC PCS 7 V8.2 and earlier (all versions), SIMATIC PCS 7 V9.X, SIMATIC PDM, SIMATIC STEP 7 V5.X, and SINAMICS STARTER. Siemens has released patches for most products but states V8.2 and earlier versions of PCS 7 will not be updated.
What this means
What could happen
An attacker with local system access could modify configuration files on an engineering workstation, allowing them to alter process parameters or device behavior without being detected. This could cause unintended changes to control logic, equipment setpoints, or safety-related configurations in industrial processes.
Who's at risk
Engineering teams and control system integrators who use SIEMATIC STEP 7, SIMATIC PCS 7, SIMATIC PDM, or SINAMICS STARTER to configure Siemens PLCs, process automation systems, and variable frequency drives. This affects water/wastewater treatment facilities, power generation and distribution, chemical processing, and any facility using Siemens-based process control.
How it could be exploited
An attacker with a user account on the engineering workstation or PLC configuration device exploits incorrect file permissions to modify SIMATIC software configuration metafiles. These modified files are then loaded onto target devices (PLCs, drives, etc.) when the operator synchronizes or deploys configurations, injecting malicious parameter changes or logic modifications into the live control system.
Prerequisites
- Local user account on the engineering workstation or system where SIMATIC software is installed
- Write access to configuration file directories (due to permission misconfiguration)
- Ability to modify files before configuration deployment to target devices
No authentication required beyond local system accessLow complexity exploitationAffects configuration integrity of critical control systemsSIMATIC PCS 7 V8.2 has no patch available
Exploitability
Low exploit probability (EPSS 0.0%)
Affected products (5)
4 with fix1 EOL
ProductAffected VersionsFix Status
SIMATIC PCS 7 V9.X< V9.1 SP29.1 SP2
SIMATIC PDM< V9.2 SP29.2 SP2
SIMATIC STEP 7 V5.X< V5.75.7
SINAMICS STARTER (containing STEP 7 OEM version)< V5.4 SP2 HF15.4 SP2 HF1
SIMATIC PCS 7 V8.2 and earlierAll versionsNo fix (EOL)
Remediation & Mitigation
0/7
Do now
0/2SIMATIC PCS 7 V8.2 and earlier
HARDENINGFor SIMATIC PCS 7 V8.2 and earlier (no patch available), implement access controls restricting local user accounts and limiting who can access configuration files and directories
All products
HARDENINGReview and restrict local user account privileges on all engineering workstations to the minimum required for job functions
Schedule — requires maintenance window
0/4Patching may require device reboot — plan for process interruption
SIMATIC STEP 7 V5.X
HOTFIXUpdate SIMATIC STEP 7 V5.X to version 5.7 or later
SIMATIC PDM
HOTFIXUpdate SIMATIC PDM to version 9.2 SP2 or later
All products
HOTFIXUpdate SINAMICS STARTER to version 5.4 SP2 HF1 or later
HOTFIXUpdate SIMATIC PCS 7 to version 9.1 SP2 or later if currently on V9.X
Mitigations - no patch available
0/1SIMATIC PCS 7 V8.2 and earlier has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGImplement file integrity monitoring on SIMATIC configuration directories to detect unauthorized modifications
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/44ab98ae-15e6-44cf-827b-74fe1a637f7c