CVE-2016-7165 Privilege Escalation flaw affects many Siemens solutions

Siemens released security updates and temporary fixes to fix a privilege escalation flaw, tracked CVE-2016-7165, that affects several industrial products.

Siemens has released security updates and temporary fixes to address a privilege escalation vulnerability, tracked CVE-2016-7165, that affects several industrial products.

The flaw could be exploited by attackers to escalate their privileges if the flawed products are not installed under the default path.

Users with local access to the Windows system running on the same device as affected Siemens applications can escalate their privileges under certain conditions.

“Unquoted service paths could allow local Microsoft Windows operating system users to escalate their privileges if the affected products are not installed under their default path (“C:\Program Files\*” or the localized equivalent),” reads the advisories published by both Siemens and ICS-CERT.

The privilege escalation vulnerability flaw was reported to Siemens by WATERSURE and KIANDRA IT.

The products affected by this vulnerability are widely adopted by many organizations, the impact of its exploitation depends on each specific implementation.

The CVE-2016-7165 flaw affects several products, including Siemens SCADA systems, distributed control systems (DCS). It also affects engineering tools and simulators such as SIMATIC, SINEMA, TeleControl, SOFTNET, SIMIT, Security Configuration Tool (SCT) and Primary Setup Tool (PST) products.

The updates released by Siemens work only for some products, for other systems the company suggested to apply temporary fixes.

In October, the US ICS-CERT has published its annual vulnerability coordination report for the fiscal year 2015. The report included detailed information about security vulnerabilities reported to the US ICS-CERT in 2015.

“ICS-CERT is pleased to announce the release of the NCCIC/ICS-CERT FY 2015 Annual Vulnerability Coordination Report. This report provides a summary of the DHS NCCIC/ICS-CERT vulnerability coordination activities for FY 2015. A link to the full document can be found on the ICS-CERT web site ICS-CERT Info Products web page.” reported the ICS-CERT.

According to the annual vulnerability coordination report, the overall number of security flaws disclosed by the US ICS-CERT is 427,  meanwhile, in 2014 the number of vulnerabilities was 245.

This means that the number of flaws disclosed by the US ICS-CERT has increased by 74 percent.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Siemens, CVE-2016-7165)