Siemens Patches Database Hole

Monday, August 20, 2012 @ 03:08 PM gHale

Siemens created a fix for a privilege escalation vulnerability in the Siemens COMOS database application, according to a report on ICS-CERT.

This remotely exploitable vulnerability affects the following versions of COMOS:
• All versions earlier than Version 9.1,
• Version 9.1: Patch 412 and earlier,
• Version 9.2: Update 3 Patch 022 and earlier, and
• Version 10: Patch 004 and earlier.

SpecView Hole in SCADA/HMI line
Siemens Default Password Hole
Software Providers Suffer Vulnerabilities
Fixes for Sielco Sistemi Holes

Authenticated users with read privileges could escalate their privileges by exploiting this vulnerability. Thus, the attacker is able to gain administrator access to the database.

Siemens COMOS is an object-oriented database system that supports collecting, processing, saving, and distributing of information through a design process. It allows the configuration of different user privileges to different users.

Authenticated users with read privileges could escalate their privileges by exploiting a documented method in the design of the database. As a result, the attacker gains administrator access to the database. CVE-2012-3009 is the number assigned to this vulnerability, which has a CVSS v2 base score of 8.5.

An attacker with a medium skill level could exploit these vulnerabilities.

To mitigate the issue, for COMOS Versions 9.1, 9.2, and 10.0, Siemens recommends installing the corresponding patches as soon as possible:
• Version 9.1 Patch 413,
• Version 9.2 Update 03 Patch 023, and Version V10 Patch 005.

These software updates are available at Siemens customer support. For earlier versions, Siemens recommends upgrading to a newer version.

Leave a Reply

You must be logged in to post a comment.