Privilege escalation in Siemens Industrial Products using Intel CPUs

1) Race condition

EUVDB-ID: #VU69118

Risk: Low

CVSSv3.1: 7.1 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C]

CVE-ID: CVE-2022-21198

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition in the BIOS firmware. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

SIMATIC IPC BX-39A: All versions

SIMATIC IPC847E: All versions

SIMATIC IPC677E: All versions

SIMATIC IPC647E: All versions

SIMATIC IPC627E: All versions

SIMATIC IPC477E Pro: All versions

SIMATIC Field PG M6: All versions

SIMATIC Field PG M5: All versions

SIMATIC ITP1000: All versions

SIMATIC IPC477E: All versions

SIMATIC IPC427E: All versions

External links

http://cert-portal.siemens.com/productcert/txt/ssa-686975.txt
http://ics-cert.us-cert.gov/advisories/icsa-23-047-09

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.