CVE-2016-7165 Privilege Escalation flaw affects many Siemens solutions

Siemens released security updates and temporary fixes to fix a privilege escalation flaw, tracked CVE-2016-7165, that affects several industrial products.

Siemens has released security updates and temporary fixes to address a privilege escalation vulnerability, tracked CVE-2016-7165, that affects several industrial products.

The flaw could be exploited by attackers to escalate their privileges if the flawed products are not installed under the default path.

Users with local access to the Windows system running on the same device as affected Siemens applications can escalate their privileges under certain conditions.

“Unquoted service paths could allow local Microsoft Windows operating system users to escalate their privileges if the affected products are not installed under their default path (“C:\Program Files\*” or the localized equivalent),” reads the advisories published by both Siemens and ICS-CERT.

The privilege escalation vulnerability flaw was reported to Siemens by WATERSURE and KIANDRA IT.

The products affected by this vulnerability are widely adopted by many organizations, the impact of its exploitation depends on each specific implementation.

The CVE-2016-7165 flaw affects several products, including Siemens SCADA systems, distributed control systems (DCS). It also affects engineering tools and simulators such as SIMATIC, SINEMA, TeleControl, SOFTNET, SIMIT, Security Configuration Tool (SCT) and Primary Setup Tool (PST) products.

The updates released by Siemens work only for some products, for other systems the company suggested to apply temporary fixes.

In October, the US ICS-CERT has published its annual vulnerability coordination report for the fiscal year 2015. The report included detailed information about security vulnerabilities reported to the US ICS-CERT in 2015.

“ICS-CERT is pleased to announce the release of the NCCIC/ICS-CERT FY 2015 Annual Vulnerability Coordination Report. This report provides a summary of the DHS NCCIC/ICS-CERT vulnerability coordination activities for FY 2015. A link to the full document can be found on the ICS-CERT web site ICS-CERT Info Products web page.” reported the ICS-CERT.

According to the annual vulnerability coordination report, the overall number of security flaws disclosed by the US ICS-CERT is 427, meanwhile, in 2014 the number of vulnerabilities was 245.

This means that the number of flaws disclosed by the US ICS-CERT has increased by 74 percent.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Siemens, CVE-2016-7165)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.