Insecure Folder Permissions in SIMARIS Configuration
Monitor4.4SSA-794542Feb 9, 2021
Attack VectorLocal
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary
SIMARIS configuration prior to version 4.0.1 is installed with insecure folder permissions that allow a local user with standard privileges to escalate to higher permissions. An attacker with local workstation access could exploit this to read, modify, or delete SIMARIS project files and electrical system configurations. Siemens has released version 4.0.1 and later to correct this issue.
What this means
What could happen
An attacker with local access to a SIMARIS configuration workstation could exploit weak folder permissions to escalate privileges and modify electrical system design data or safety-critical configurations without authorization.
Who's at risk
Electrical engineering teams and operators who use SIMARIS configuration software to design, configure, and manage medium-voltage switchgear and electrical systems. This affects anyone with local workstation access in utilities, manufacturing plants, and industrial facilities that rely on Siemens electrical distribution systems.
How it could be exploited
An attacker with a standard user account on a SIMARIS workstation can exploit insecure SIMARIS installation folder permissions to write or modify files, gaining higher privileges to access or alter electrical engineering configurations and project data.
Prerequisites
- Local access to a workstation running SIMARIS configuration
- Standard (non-administrator) user account on the affected system
- SIMARIS version earlier than 4.0.1 installed
Local exploitation only (not remotely exploitable)Privilege escalation via weak file permissionsAffects engineering workstations with design and configuration data
Exploitability
Low exploit probability (EPSS 0.0%)
Affected products (1)
ProductAffected VersionsFix Status
SIMARIS configuration< V4.0.14.0.1
Remediation & Mitigation
0/1
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXUpdate SIMARIS configuration to version 4.0.1 or later
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/268abb51-cb71-4119-8709-40745718a605