Improper Access Control in Polarion ALM
Monitor6.5SSA-925850May 14, 2024
Attack VectorNetwork
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary
The Apache Lucene-based query engine in Polarion ALM lacks proper access controls, allowing an authenticated user to query items beyond their allowed projects and access information they should not be able to see.
What this means
What could happen
An authenticated user could view project data and documents they don't have permission to access, potentially exposing sensitive operational procedures, engineering designs, or configuration details used in your industrial processes.
Who's at risk
Engineering, operations, and project management teams using Siemens Polarion ALM for document and project management. This includes utilities managing control system design documentation, asset configuration files, and operational procedures stored in the ALM system.
How it could be exploited
An attacker with valid Polarion ALM credentials (such as a contractor or disgruntled employee) could craft queries using the Lucene query engine to retrieve items from projects outside their assigned access level. The attacker makes direct queries through the ALM interface without needing to escalate privileges or exploit network paths.
Prerequisites
- Valid Polarion ALM user account with login credentials
- Network access to the Polarion ALM instance
- Ability to use the search/query interface in the ALM application
Requires valid user credentialsAffects data confidentiality onlyLow EPSS score (actively exploited unlikely)
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
Polarion ALM<V2404.02404.0
Remediation & Mitigation
0/1
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXUpdate Polarion ALM to version 2404.0 or later
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/714182bd-57f1-447f-bf25-8944aa6721d8