Full Report
Multiple DLL Hijacking vulnerabilities in Siemens Software Center (SSC) could allow a local attacker to execute code with elevated privileges. Siemens has released an update for the Siemens Software Center and recommends to update to the latest version.
Analysis Summary
# Vulnerability: DLL Hijacking in Siemens Software Center (SSC)
## CVE Details
- **CVE ID:** CVE-2021-41544, CVE-2022-25634
- **CVSS Score:** 7.8 (High) / 7.5 (High)
- **CWE:** CWE-427 (Uncontrolled Search Path Element), CWE-22 (Improper Limitation of a Pathname to a Restricted Directory)
## Affected Systems
- **Products:** Siemens Software Center (SSC)
- **Versions:** All versions prior to V3.0
- **Configurations:** Systems where the application is installed and accessible to local users.
## Vulnerability Description
Multiple vulnerabilities exist in the Siemens Software Center relating to how the application handles library loading:
1. **CVE-2021-41544:** An uncontrolled search path element flaw (DLL Hijacking) allows an attacker to place a malicious DLL file in a directory searched by the application. When the application attempts to load the legitimate DLL, it instead executes the malicious code.
2. **CVE-2022-25634:** A path traversal issue in the bundled Qt framework (versions up to 5.15.8 and 6.2.3) that can lead to the loading of system library files from unintended working directories.
## Exploitation
- **Status:** PoC available (Indicated by exploit code maturity 'P' in CVSS vector)
- **Complexity:** Low
- **Attack Vector:** Local (CVE-2021-41544) / Network (Note: While CVE-2022-25634 lists Network, the primary context in SSC is local privilege escalation).
## Impact
- **Confidentiality:** High
- **Integrity:** High
- **Availability:** High
- **Result:** Successful exploitation allows a local attacker to execute arbitrary code with the elevated privileges of the Siemens Software Center service/application.
## Remediation
### Patches
- **Siemens Software Center V3.0 or later:** Users should update to the latest version. Existing installations typically prompt for an update automatically.
- **Download Link:** hxxps://www[.]sw[.]siemens[.]com/en-US/siemens-software-center/
### Workarounds
- **Host Hardening:** Restrict local access to the application host to trusted personnel only.
- **Access Control:** Ensure strict permissions on the application directories to prevent unauthorized users from placing files in the search path.
## Detection
- **Indicators of Compromise:** Presence of unexpected DLL files in the Siemens Software Center installation directory or temporary working directories.
- **Detection Methods:** Monitor for unusual child processes spawning from `SiemensSoftwareCenter.exe` or equivalent binaries, especially those running with SYSTEM or Administrative privileges.
## References
- **Vendor Advisory:** hxxps://cert-portal[.]siemens[.]com/productcert/pdf/ssa-188491[.]pdf
- **Siemens Industrial Security Guidelines:** hxxps://www[.]siemens[.]com/cert/operational-guidelines-industrial-security
- **General Advisories:** hxxps://www[.]siemens[.]com/cert/advisories