Siemens Engineering Platforms Interprocess Communication Vulnerability Allowing Arbitrary Code Execution

A deserialization vulnerability has been identified in multiple Siemens engineering platforms, including SIMATIC PCS neo, STEP 7, WinCC, SIMOCODE ES, SINAMICS Startdrive, SIRIUS Safety ES, SIRIUS Soft Starter ES, and TIA Portal Cloud, all versions. The vulnerability arises because these products do not properly sanitize input received through a Windows Named Pipe, which is accessible to all local users. This flaw could enable an authenticated local attacker to cause type confusion and execute arbitrary code within the affected application.

Impact

Exploitation of this vulnerability could lead to unauthorized code execution within the context of the affected application, potentially with elevated privileges.

Remediation

Siemens has released new versions for several affected products and recommends updating to the latest versions. For products where fixes are not yet available, Siemens advises specific countermeasures. On desktop systems, execute the affected software on Windows hosts with only a single user configured. On server systems, restrict access at the operating system level to administrators only.