Full Report
SIPORT before V3.4.0 contains a privilege escalation vulnerability which could allow a local attacker with an unprivileged account to override or modify the service executable and subsequently gain elevated privileges. Siemens has released a new version for SIPORT and recommends to update to the latest version.
Analysis Summary
# Vulnerability: Local Privilege Escalation in Siemens SIPORT
## CVE Details
- **CVE ID:** CVE-2024-47783
- **CVSS Score:**
- CVSS v3.1: 7.8 (High)
- CVSS v4.0: 8.5 (High)
- **CWE:** CWE-732: Incorrect Permission Assignment for Critical Resource
## Affected Systems
- **Products:** SIPORT (Access Control and Time Management system within the Siveillance Access Suite).
- **Versions:** All versions prior to V3.4.0.
- **Configurations:** Systems where unprivileged local users have access to the host operating system.
## Vulnerability Description
The vulnerability stems from improper file system permission assignments during the installation of the SIPORT software. Specifically, the application assigns weak permissions to its installation folders and service executables. This allows a local, authenticated user with low privileges to replace, modify, or overwrite original service binaries with malicious code. Because these services typically run with higher system privileges, the modified code executes with those elevated rights, leading to a full compromise of the host.
## Exploitation
- **Status:** Not exploited (No reports of exploitation in the wild or public PoC currently mentioned in advisory).
- **Complexity:** Low
- **Attack Vector:** Local (Requires an unprivileged account on the system).
## Impact
- **Confidentiality:** High (Full access to system data).
- **Integrity:** High (Ability to modify system files and application logic).
- **Availability:** High (Ability to delete files or crash critical services).
## Remediation
### Patches
- **Update to SIPORT V3.4.0** or a later version. The update is available via the Siemens industry support portal: hxxps://support[.]industry[.]siemens[.]com/cs/ww/en/view/109826608/
### Workarounds
- **Manual Permission Hardening:** Manually audit and remove "Write" and "Modify" permissions for non-administrative users on all files and sub-folders located under the SIPORT installation path.
## Detection
- **Indicators of Compromise:**
- Unexpected modifications to file timestamps of executables within the SIPORT installation directory.
- Presence of unauthorized or unrecognized binary files in the application folder.
- Service crashes or unexpected behavior followed by unusual administrative activity.
- **Detection methods and tools:**
- Use File Integrity Monitoring (FIM) tools to alert on changes to the `C:\Program Files` (or custom installation path) directories for SIPORT.
- Audit NTFS permissions on the installation directory using tools like `icacls`.
## References
- **Siemens Security Advisory (SSA-064257):** hxxps://cert-portal[.]siemens[.]com/productcert/pdf/ssa-064257[.]pdf
- **Siemens ProductCERT:** hxxps://www[.]siemens[.]com/cert/advisories