Full Report
SICAM PAS/PQS is affected by insecure permission assignments in application folders that could allow an authenticated local attacker to read and modify configuration data or to escalate privileges. Siemens has released a new version for SICAM PAS/PQS and recommends to update to the latest version. Siemens has also released a security patch that can be applied to previous versions to fix the permissions of the impacted folders. See also chapter Additional Information.
Analysis Summary
# Vulnerability: Insecure Permissions in SICAM PAS/PQS Allowing Local Privilege Escalation
## CVE Details
- CVE ID: CVE-2023-45205, CVE-2023-38640
- CVSS Score: 7.8 (CVE-2023-45205 - High), 6.6 (CVE-2023-38640 - Medium)
- CWE: CWE-732: Incorrect Permission Assignment for Critical Resource
## Affected Systems
- Products: SICAM PAS/PQS
- Versions: All versions >= V8.00 up to V8.21 (as V8.20 and later versions address certain CVEs, but V8.21 is the last version requiring the specific patch for both issues if not upgraded). CVE-2023-45205 specifically affects versions $\geq$ V8.00 < V8.20.
- Configurations: Requires an authenticated local attacker.
## Vulnerability Description
Both vulnerabilities stem from **Incorrect Permission Assignments (CWE-732)** in specific application folders.
1. **CVE-2023-45205 (Score 7.8):** Allows an authenticated local attacker to **inject arbitrary code** and **escalate privileges** to `NT AUTHORITY\SYSTEM`. This is the more severe flaw.
2. **CVE-2023-38640 (Score 6.6):** Allows an authenticated local attacker to **read and modify configuration data** in the context of the application process.
## Exploitation
- Status: PoC available (The advisory indicates the exploitation metric fields E:P imply Proof-of-Concept existence is assumed for scoring).
- Complexity: Low (AV:L/AC:L - Local Attack, Low Attack Complexity)
- Attack Vector: Local
## Impact
| Vulnerability | Confidentiality | Integrity | Availability |
| :--- | :--- | :--- | :--- |
| CVE-2023-45205 | High (C:H) | High (I:H) | High (A:H) |
| CVE-2023-38640 | Low (C:L) | Low (I:L) | High (A:H) |
## Remediation
### Patches
1. **Upgrade:** Update to **SICAM PAS/PQS V8.22 or later versions**. (These versions contain the fixes integrated).
2. **Security Patch:** Apply the specific Security Patch available for versions **V8.00 to V8.21**. (This patch addresses both CVE-2023-38640 and CVE-2023-45205).
### Workarounds
1. Ensure that only trusted persons have physical and logical access to the system.
2. Avoid the configuration of additional local accounts on the server.
3. Apply general security recommendations, including network access protection (firewalls, segmentation, VPN) and adherence to operational guidelines.
## Detection
- Detection methods mentioned rely primarily on system hardening and access control enforcement based on the vendor's recommendations. No specific IOC signatures were provided in the summary content.
- Mitigation focuses on restricting local access and verifying file/folder permissions if manual intervention outside of patching is necessary.
## References
- Vendor Advisory: SSA-035466 (Siemens)
- Security Patch Link (Defanged): hxxps://support[.]industry[.]siemens[.]com/cs/ww/en/view/109824392/
- General Security Guidelines Link (Defanged): hxxps://www[.]siemens[.]com/gridsecurity