OTPulse
FeedAboutContact

Disclosure of Private Data

Act Now10SSA-788287Apr 13, 2021
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

Siemens Opcenter Quality and QMS Automotive use ClickOnce technology for SmartClient installation. These products shipped with a trusted but expired code-signing certificate. An attacker could forge this certificate to sign malicious executables that appear to be legitimate Siemens-signed software, allowing installation of malware on engineering workstations. The certificate was revoked immediately upon discovery.

What this means
What could happen
An attacker could forge a code-signing certificate and distribute malicious SmartClient installers that appear to be trusted from Siemens, allowing them to gain execution on engineering workstations used to manage these QMS and Opcenter systems.
Who's at risk
Quality management and manufacturing operations organizations using Siemens Opcenter Quality or QMS Automotive. Most critical for engineering teams who build and deploy SmartClient installers for these systems, as well as operators and process engineers who execute them on workstations connected to production networks.
How it could be exploited
An attacker intercepts or provides malicious SmartClient installer files and re-signs them using the expired Siemens certificate (now expired and revoked, but historically valid). Engineers or integrators deploying these installers would see what appears to be a legitimate Siemens-signed executable and run it, giving the attacker access to their workstation and potentially the industrial systems it manages.
Prerequisites
  • Attacker must be able to distribute or intercept SmartClient installer files (e.g., man-in-the-middle, compromised download source, or social engineering)
  • Target must download and execute a malicious installer
  • Target workstation must trust the expired Siemens code-signing certificate (typical for systems with Siemens products installed)
Remotely exploitable (via malicious installer distribution)No authentication required once installer is executedAffects engineering/management systems that control productionNo patch available for affected versionsExpired code-signing certificate enables forgery
Exploitability
Low exploit probability (EPSS 0.4%)
Affected products (2)
2 EOL
ProductAffected VersionsFix Status
QMS Automotive< V12.30No fix (EOL)
Opcenter Quality< V12.2No fix (EOL)
Remediation & Mitigation
0/4
Do now
0/2
WORKAROUNDVerify the digital signature on all SmartClient installers before execution; do not use installers signed with the revoked certificate
HARDENINGRestrict download sources for SmartClient installers to official Siemens channels and validate checksums
Mitigations - no patch available
0/2
The following products have reached End of Life with no planned fix: QMS Automotive, Opcenter Quality. Apply the following compensating controls:
HARDENINGSegment network access to Opcenter Quality and QMS Automotive systems to limit engineer workstation exposure
HARDENINGImplement application whitelisting or code-signing enforcement policies on engineering workstations
View full Siemens ProductCERT advisory
โ†‘โ†“ Navigate ยท Esc Close
API: /api/v1/advisories/20fd5d4b-c850-47e8-99e3-db1398982194
Disclosure of Private Data | CVSS 10 - OTPulse