Execution with unnecessary privileges in Siemens SIMATIC SCADA and PCS 7 systems



Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2024-35783
CWE-ID CWE-250
Exploitation vector Network
Public exploit N/A
Vulnerable software
SIMATIC BATCH
Server applications / SCADA systems

SIMATIC PCS 7
Server applications / SCADA systems

SIMATIC WinCC Runtime Professional
Server applications / SCADA systems

SIMATIC Information Server
Hardware solutions / Firmware

SIMATIC Process Historian
Hardware solutions / Firmware

SIMATIC WinCC
Hardware solutions / Firmware

Vendor Siemens

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Execution with unnecessary privileges

EUVDB-ID: #VU97145

Risk: Low

CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35783

CWE-ID: CWE-250 - Execution with Unnecessary Privileges

Exploit availability: No

Description

The vulnerability allows a remote user to escalate privileges on the system.

The vulnerability exists due to application binary has a setuid bit. A remote administrator can run the affected binary and execute arbitrary OS commands with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

SIMATIC BATCH: 9.1

SIMATIC Information Server: 2020 - 2022

SIMATIC PCS 7: 9.1

SIMATIC Process Historian: 2020 - 2022

SIMATIC WinCC Runtime Professional: 18.0 - 19.0

SIMATIC WinCC: 7.4 - 8.0

CPE2.3 External links

http://cert-portal.siemens.com/productcert/html/ssa-629254.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###