Privilege Escalation Vulnerabilities in SICAM TOOLBOX II before V07.10

Plan Patch7.8SSA-975961Aug 8, 2023

Attack VectorLocal

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

SICAM TOOLBOX II before V07.10 contains two privilege escalation vulnerabilities arising from improper file/directory permissions (CWE-732) and insufficient privilege management (CWE-250). These allow a local user to escalate to administrator privileges and execute arbitrary code on the affected workstation. Siemens has released version 07.10 which corrects both issues.

What this means

What could happen

A local attacker with regular user access to an engineering workstation running SICAM TOOLBOX II could escalate privileges and execute arbitrary code with administrator rights, potentially allowing them to modify power system configurations or sabotage the engineering environment.

Who's at risk

Power utilities, electric cooperatives, and transmission/distribution operators using SICAM TOOLBOX II on engineering workstations for substation automation and SCADA configuration. Any organization managing critical infrastructure with Siemens SICAM systems.

How it could be exploited

An attacker with a local account on a workstation running SICAM TOOLBOX II before v07.10 can exploit improper file/directory permissions (CWE-732) or insufficient privilege checks (CWE-250) to escalate to administrator privileges and run malicious code. The vulnerability requires local access but not administrative credentials initially.

Prerequisites

Local account access to the affected workstation
SICAM TOOLBOX II version before 07.10 installed
Interactive access to the Windows system (not remote exploitation)

Privilege escalation vulnerabilityAffects engineering workstations with high-value accessLocal access required but low complexity exploitationImproper permission configuration (CWE-732)

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (1)

ProductAffected VersionsFix Status

SICAM TOOLBOX II< V07.1007.10

Remediation & Mitigation

0/3

Do now

0/1

HARDENINGRestrict local logon access to engineering workstations running SICAM TOOLBOX II to trusted personnel only

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate SICAM TOOLBOX II to version 07.10 or later

Long-term hardening

0/1

HARDENINGReview and enforce strong access controls and credential management for workstations in the engineering network

CVEs (2)

CVE-2022-39062 CVE-2023-38641

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/45dab019-27a8-4d2a-a7bd-19148c334da2