Siemens Web Installer DLL Hijacking Vulnerability Allowing Arbitrary Code Execution

A DLL hijacking vulnerability has been identified in the Siemens Web Installer component used by various Siemens products. This vulnerability allows an attacker to execute arbitrary code when a legitimate user installs an application that relies on the affected installer component. The issue arises because the installer does not properly control the search path for dynamic link libraries, enabling the execution of malicious code during the installation process.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of arbitrary code on the user's system, potentially allowing attackers to manipulate or control the system or application in harmful ways.

Remediation

Siemens has released new versions for several affected products and recommends using the latest versions during setup and installation. For products where no fix is currently available, Siemens advises specific countermeasures, such as hardening the application host to prevent local access by untrusted personnel and installing applications only from an empty directory to reduce the risk of malicious DLLs being present.