Siemens Security Advisory by Siemens ProductCERT SSA-568732: Privilege Escalation in COMOS Publication Date Last Update Current Version CVSS Overall Score 2013-12-06 2013-12-13 V1.1 5.6 Summary: A potential vulnerability was discovered in the client application of the database system COMOS which might allow attackers to escalate their privileges for database access. The attacker would need local access as authenticated user to exploit the vulnerability. Siemens provides software updates that fix the vulnerability. AFFECTED PRODUCTS All COMOS versions before 9.2 COMOS 9.2: all versions < V092_Upd08_Patch001 (9.2.0.8.1) COMOS 10.0: all versions < V100_SP03_Upd01_Patch040 (10.0.3.1.40) COMOS 10.1: all versions < V101_Patch002 (10.1.0.0.2) DESCRIPTION The object oriented database system of COMOS supports collecting, processing, saving, and distributing information throughout the entire design process and allows the configuration of user privileges. The client application used for accessing the database system might allow authenticated Windows users to elevate their rights in regard to the database access over the COMOS graphical user interface. Detailed information about the vulnerability is provided below VULNERABILITY CLASSIFICATION The vulnerability classification has been performed by using the CVSSv2 scoring system (http://www.first.org/cvss/). The CVSS environmental score is specific to the customer's environment and will impact the overall CVSS score. The environmental score should therefore be individually defined by the customer to accomplish final scoring. Vulnerability Description (CVE-2013-6840) A potential vulnerability in the client application of COMOS might allow privilege escalation in regard to the database access for local authenticated users. Elevated access may allow compromise of the confidentiality, integrity and availability of the database. CVSS Base Score CVSS Temporal Score CVSS Overall Score 7.2 5.6 5.6 (AV:L/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C) Mitigating factors: The attacker must have local access to the system as authenticated Windows user and must have access permission for COMOS projects. SSA-568732 © Siemens AG 2013 Page 1 of 2 Siemens Security Advisory by Siemens ProductCERT SOLUTION Siemens provides the following patches for COMOS versions 9.2, 10.0 and 10.1 that close the potential vulnerability: COMOS 9.2: V092_Upd08_Patch001 (9.2.0.8.1) COMOS 10.0: V100_SP03_Upd01_Patch040 (10.0.3.1.40) COMOS 10.1: V101_Patch002 (10.1.0.0.2) Siemens recommends installing them as soon as possible. These software updates are available at customer support [2]. Users of older versions of COMOS should upgrade to the supported versions. As a further mitigation measure Siemens strongly recommends to protect the Windows systems against unauthorized access with appropriate measures. In general, Siemens strongly recommends to protect systems according to recommended security practices [5] and to configure the environment according to operational guidelines [3] in order to run the affected software components in a protected IT environment. ADDITIONAL RESOURCES [1] Information about COMOS: https://www.siemens.com/comos [2] Contact details for the customer support are available at: http://support.automation.siemens.com/WW/view/en/16605032 [3] An overview of the operational guidelines for Industrial Security (with the cell protection concept): http://www.industry.siemens.com/topics/global/en/industrialsecurity/Documents/operational_guidelines_industrial_security_en.pdf [4] Information about Industrial Security by Siemens: http://www.siemens.com/industrialsecurity [5] Recommended security practices by ICS-CERT: http://ics-cert.us-cert.gov/content/recommended-practices [6] For further inquiries on vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: http://www.siemens.com/cert/advisories HISTORY DATA V1.0 (2013-12-06): V1.1 (2013-12-13): Publication Date Updated Additional Resources Link 2 DISCLAIMER See: http://www.siemens.com/terms_of_use SSA-568732 © Siemens AG 2013 Page 2 of 2