Siemens SINEMA Server Hole

Tuesday, August 2, 2016 @ 04:08 PM gHale


Siemens produced a temporary fix to mitigate a privilege escalation vulnerability in the SINEMA Server, according to a report with ICS-CERT.

All versions of SINEMA Server suffer from the issue, discovered by researcher rgod working with Trend Micro’s Zero Day Initiative.

RELATED STORIES
Rockwell Clears FactoryTalk Vulnerabilities
Siemens Fixes SINEMA XSS Hole
NET PC-Software DoS Hole Fixed
Siemens Mitigates SIMATIC Holes

Successful exploitation of this vulnerability could allow users, authenticated via the operating system, to escalate their privileges under certain conditions.

Siemens is a multinational company headquartered in Munich, Germany.

The affected product, SINEMA, is a network management appliance for industrial applications and allows network monitoring as well as diagnostics and reporting functions integrated into SCADA systems such as WinCC.

The SINEMA product sees action across several sectors including chemical, commercial facilities, critical manufacturing, energy, government facilities, and water and wastewater systems. This product sees use on a global basis.

The file permissions set for the SINEMA Server application folder could allow users, authenticated via the operating system, to escalate their privileges.

CVE-2016-6486 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.3.

This vulnerability is not exploitable remotely and cannot end up exploited without user interaction.

No known public exploits specifically target this vulnerability. However, an attacker with a low skill would be able to exploit this vulnerability.

Siemens has a temporary fix for existing installations. For detailed information on how-to correct the file permissions please call your local service organization. If you require assistance in identifying your local service organization, call a local Siemens hotline center.

Siemens is working on a new SINEMA Server version to resolve the vulnerability and the advisory will be updated as soon as new information becomes available.

As a general security measure, Siemens strongly recommends protecting network access to SINEMA Server systems with appropriate mechanisms. It is advised to configure the environment according to Siemens operational guidelines in order to run the devices in a protected IT environment.

For more information on this vulnerability, see Siemens Security Advisory SSA-321174.