This security bulletin addresses a weakness related to the absence of anti-tamper protections and modern exploit mitigation controls in the SIPORT Desktop Client Application. The affected executables do not implement industry-standard protection mechanisms such as Address Space Layout Randomization (ASLR), Data Execution Prevention (DEP), Authenticode code signing, SafeSEH, or Control Flow Guard (CFG).

As a result, the application is susceptible to unauthorized modification and potential abuse. While current risk exposure is reduced through the organization’s reliance on feature-limited web clients, continued use of the desktop client maintains a residual security risk. Siemens’ long-term product strategy focuses on migration to a modern web-based client rather than enhancing the legacy desktop application.

The SIPORT Desktop Client Application was originally developed using Visual Basic 6 (VB6), which lacks support for many modern exploit mitigation and binary protection features. As a result:

• Address Space Layout Randomization (ASLR)
• Data Execution Prevention (DEP)
• Authenticode code signing
• Safe Structured Exception Handling (SafeSEH)
• Control Flow Guard (CFG)

• Modify application binaries
• Inject unauthorized code
• Bypass application integrity expectations

This condition weakens the application’s resistance to tampering and increases exposure to post-exploitation persistence techniques.

Due to the lack of Anti-Tamper protection and modern binary hardening features, an attacker with local system access could potentially modify the SIPORT Desktop Client Application executables. Successful tampering could allow malicious behavior to execute within the trusted application context, potentially leading to:

• Circumvention of application security controls
• Unauthorized actions performed under the user context
• Exposure or manipulation of sensitive data

This weakness does not rely on a remote network attack vector but significantly increases risk in scenarios involving compromised endpoints or malicious insiders.

The following workarounds and mitigations are recommended to reduce exposure while the desktop client remains in use:

• Network Segmentation: Enforce strict network segmentation (e.g., VLANs) to limit access between systems running the SIPORT Desktop Client Application and other sensitive network segments.
• Firewall Restrictions: Apply restrictive inbound and outbound firewall rules on workstations running the application to limit communications strictly to required services.
• Least Privilege Execution: Ensure the SIPORT Desktop Client Application is executed under a non-administrative, least-privileged user account.
• Endpoint Protection Controls (Recommended Addition): Apply application control, file integrity monitoring, and endpoint detection and response (EDR) policies to detect unauthorized binary modification.

• Client Migration Monitoring: Continuously track usage of the SIPORT Desktop Client Application and prioritize users for migration to the web client where feasible.
• Regular Security Assessments: Conduct periodic vulnerability and configuration assessments of systems running the desktop client to proactively identify abuse conditions.

Siemens acknowledges the security risk associated with the lack of Anti-Tamper protection and modern exploit mitigation features in the SIPORT Desktop Client Application. Current risk reduction relies primarily on the use of feature-limited web-based clients.

Siemens' long-term product strategy is focused on a phased transition away from legacy thick clients toward modern, web-based solutions. Due to the architectural limitations of the legacy platform and the scope of changes required, implementation of protections such as ASLR, DEP, Authenticode, SafeSEH, and CFG within the existing desktop client is not currently planned.

Siemens recommends that customers apply the mitigations outlined in this bulletin and continue to transition users to supported web-based clients as part of their security posture improvement.