-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

# SSA-661034: Incorrect Permission Assignment in Multiple SIMATIC Software
Products

Publication Date:        2021-07-13
Last Update:             2022-08-09
Current Version:         1.2
CVSS v3.1 Base Score:    7.3


SUMMARY
=======

Multiple SIMATIC software products are affected by a vulnerability
that could allow an attacker to change the content of certain
metafiles and subsequently manipulate parameters or behaviour of
devices configured by the affected software products.

Siemens has released updates for several affected products and
recommends to update to the latest versions. Siemens is preparing
further updates and recommends specific countermeasures for products
where updates are not, or not yet available.


AFFECTED PRODUCTS AND SOLUTION
==============================


* SIMATIC PCS 7 V8.2 and earlier 
  - Affected versions:
       All versions
  - Remediation:
       Currently no fix is planned

       See recommendations from section "Workarounds and Mitigations"

* SIMATIC PCS 7 V9.X 
  - Affected versions:
       All versions < V9.1 SP2
  - Remediation:
       Update to V9.1 SP2 or later version

       See further recommendations from section "Workarounds and Mitigations"
  - Download:
       https://support.industry.siemens.com/cs/ww/en/view/109812240/

* SIMATIC PDM 
  - Affected versions:
       All versions < V9.2 SP2
  - Remediation:
       Update to V9.2 SP2 or later version

       See further recommendations from section "Workarounds and Mitigations"
  - Download:
       https://support.industry.siemens.com/cs/ww/en/view/109811911/

* SIMATIC STEP 7 V5.X 
  - Affected versions:
       All versions < V5.7
  - Remediation:
       Update to V5.7 or later version

       See further recommendations from section "Workarounds and Mitigations"
  - Download:
       https://support.industry.siemens.com/cs/ww/en/view/109794088/

* SINAMICS STARTER (containing STEP 7 OEM version) 
  - Affected versions:
       All versions <  V5.4 SP2 HF1
  - Remediation:
       Update to V5.4 SP2 HF1 or later version

       See further recommendations from section "Workarounds and Mitigations"
  - Download:
       https://support.industry.siemens.com/cs/ww/en/view/109800526/


WORKAROUNDS AND MITIGATIONS
===========================

Siemens has identified the following specific workarounds and mitigations that
customers can apply to reduce the risk:

  * Restrict access on the engineering station to trusted users only

Product specific remediations or mitigations can be found in the section
"Affected Products and Solution".


Please follow the "General Security Recommendations".


GENERAL SECURITY RECOMMENDATIONS
================================

As a general security measure, Siemens strongly recommends to protect
network access to devices with appropriate mechanisms. In order to
operate the devices in a protected IT environment, Siemens recommends
to configure the environment according to Siemens' operational
guidelines for Industrial Security (Download:
https://www.siemens.com/cert/operational-guidelines-industrial-
security), and to follow the recommendations in the product manuals.

Additional information on Industrial Security by Siemens can be found
at: https://www.siemens.com/industrialsecurity


PRODUCT DESCRIPTION
===================

SIMATIC PCS 7 is a distributed control system (DCS) integrating
SIMATIC WinCC, SIMATIC Batch, SIMATIC Route Control, OpenPCS7 and
other components.

SIMATIC PDM (Process Device Manager) is an universal,
manufacturer-independent tool for configuration, parameter assignment,
commissioning, diagnostics and maintenance of intelligent process
devices (actors, sensors) and automation components (remote I/Os,
multiplexer, process control units, compact controller). 

SIMATIC STEP 7 V5.X is the classic engineering software to configure
and program SIMATIC S7-300/S7-400/C7/WinAC controllers.

STARTER is the drive engineering tool for parameterizing and
commissioning.


VULNERABILITY CLASSIFICATION
============================

The vulnerability classification has been performed by using the CVSS scoring
system in version 3.1 (CVSS v3.1) (https://www.first.org/cvss/). The CVSS
environmental score is specific to the customer's environment and will impact
the overall CVSS score. The environmental score should therefore be
individually defined by the customer to accomplish final scoring.

An additional classification has been performed using the CWE classification, a
community-developed list of common software security weaknesses. This serves as
a common language and as a baseline for weakness identification, mitigation,
and prevention efforts. A detailed list of CWE classes can be found at:
https://cwe.mitre.org/.



* Vulnerability CVE-2021-31894

  A directory containing metafiles relevant to devices' configurations
  has write permissions. An attacker could leverage this vulnerability
  by changing the content of certain metafiles and subsequently
  manipulate parameters or behavior of devices that would be later
  configured by the affected software.

    CVSS v3.1 Base Score: 7.3
    CVSS Vector:          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L/E:U/RL:O/RC:C
    CWE:                  CWE-732: Incorrect Permission Assignment for Critical Resource




ADDITIONAL INFORMATION
======================

For further inquiries on security vulnerabilities in Siemens products and
solutions, please contact the Siemens ProductCERT:

https://www.siemens.com/cert/advisories


HISTORY DATA
============

V1.0 (2021-07-13): Publication Date
V1.1 (2021-09-14): Added solution for SINAMICS STARTER
V1.2 (2022-08-09): Added solution to SIMATIC PCS 7 V9.X and SIMATIC PDM

TERMS OF USE
============

Siemens Security Advisories are subject to the terms and conditions contained
in Siemens' underlying license terms or other applicable agreements previously
agreed to with Siemens (hereinafter "License Terms"). To the extent applicable
to information, software or documentation made available in or through a
Siemens Security Advisory, the Terms of Use of Siemens' Global Website
(https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in
particular Sections 8-10 of the Terms of Use, shall apply additionally. In case
of conflicts, the License Terms shall prevail over the Terms of Use.

Copyright: Siemens 2022
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEHyx/myPwjH9jB9tDlm7gTEmyujQFAmLxo4AACgkQlm7gTEmy
ujS20BAAk8tBTtfHerUikMju7EEoNrXGAQxGZ/Wys49vQMLnRia3+ZDCtIpjcuBj
EYZ+5EQDnwHbSA3H/oBnur0kB2o1kJ6X1Spkwzj3Jgij0aKTYere/FkWkkuE2cqt
889iHGzI1Y2wArAAV5GzuVtrLoRKXFKfGbPsJ33Drl6xRYLei3z6yM8XlxqgcoTN
um3FhatsRueGH6PNUM/GNhefXggqQf3XFFvJCTjGTXaHKXQ3aRjkTOzoTDJU5wBa
UYgRZz91THfPj5dzD5RLvm9vNcxwP+bQHtYi1uh7SQ30ODDRSSmDEBnEMehb4dFn
+Qe4WryfgNdq6hCpj04VUe9cXmNVfdavsjbRYJ5nM+o/UKnSfpZFEnJk4SJ16qtk
P248BWHqGBkGPHNn1G2F00EKzv9d3bXyDbxG7rgZeWvqK6Jm0O6a1bj5g3H/xrRa
WRYY1VtUcRxwpINWrMHV6emSn3boYT4SwCY6dSma2oZ4zRgwqoAyZlf+hSi1TCUR
871lmdf6UYuXprWOB2AojH9wrp+zdHdcs+YvbHhWDmVF0Hd4ZdaiefOUT/7LhC5m
qOZPaWGW318thvj0Gm9nNLUtQ093d2To6nsex7IusEJi+oFdNO4XTeAeEISTGW2b
iMK9e2XwX0U4Ceg7LIU7SuskwcGG3vp3bYDPkC35vspJ7SCyTi0=
=XfNy
-----END PGP SIGNATURE-----