Local Privilege Escalation Vulnerability in Xpedition Designer
Plan Patch7.8SSA-988345Jun 14, 2022
Attack VectorLocal
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary
A privilege escalation vulnerability in Xpedition Designer could allow an unprivileged local user to override or modify the service executable and gain elevated privileges. The vulnerability exists in versions below VX.2.10 Update 13, VX.2.11 Update 11, VX.2.12 Update 5, and VX.2.13 Update 1.
What this means
What could happen
An unprivileged user on an engineering workstation running Xpedition Designer could gain system-level privileges and modify design files, simulation parameters, or gain access to sensitive configuration data used in production systems.
Who's at risk
Engineering teams and control system designers using Siemens Xpedition Designer should care about this vulnerability. It affects personnel with regular user accounts on engineering workstations where Xpedition Designer is installed, including design engineers, system integrators, and automation technicians who may use these systems to develop and test control logic and configurations.
How it could be exploited
An attacker with a regular user account on a workstation running vulnerable Xpedition Designer would exploit improper file permissions on the service executable. By overwriting the executable with malicious code, they could force the service to run their code with elevated privileges when the service restarts or is managed by a privileged account.
Prerequisites
- Local account access to a workstation running Xpedition Designer
- Unprivileged (non-admin) user account
- Xpedition Designer service running on the workstation
Local access requiredLow complexity exploitationAffects engineering tools and design workflowPrivilege escalation to system level
Exploitability
Low exploit probability (EPSS 0.0%)
Affected products (4)
4 with fix
ProductAffected VersionsFix Status
Xpedition Designer VX.2.10< VX.2.10 Update 13VX.2.10 Update 13 or later
Xpedition Designer VX.2.11< VX.2.11 Update 11VX.2.11 Update 11 or later
Xpedition Designer VX.2.13< VX.2.13 Update 1VX.2.13 Update 1 or later
Xpedition Designer VX.2.12< VX.2.12 Update 5VX.2.12 Update 5 or later
Remediation & Mitigation
0/6
Schedule — requires maintenance window
0/4Patching may require device reboot — plan for process interruption
Xpedition Designer VX.2.10
HOTFIXUpdate Xpedition Designer VX.2.10 to Update 13 or later
Xpedition Designer VX.2.11
HOTFIXUpdate Xpedition Designer VX.2.11 to Update 11 or later
Xpedition Designer VX.2.12
HOTFIXUpdate Xpedition Designer VX.2.12 to Update 5 or later
Xpedition Designer VX.2.13
HOTFIXUpdate Xpedition Designer VX.2.13 to Update 1 or later
Long-term hardening
0/2HARDENINGImplement local access controls and restrict user permissions on engineering workstations to limit who can access and modify service files
HARDENINGReview and tighten file and directory permissions on Xpedition Designer installation directories to ensure unprivileged users cannot modify executable files
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/57cd5aa1-d83e-40d8-bc02-af5ff8c94647