Full Report
Siemens OPC UA Modeling Editor (SiOME) is affected by an XML external entity (XXE) injection vulnerability that could allow an attacker to interfere with an application’s processing of XML data and read arbitrary files in the system. Siemens has released a new version for Siemens OPC UA Modelling Editor (SiOME) and recommends to update to the latest version.
Analysis Summary
# Vulnerability: XXE Injection in Siemens OPC UA Modeling Editor (SiOME)
## CVE Details
* **CVE ID:** CVE-2023-46590
* **CVSS Score:** 7.5 (High)
* **CWE:** CWE-611: Improper Restriction of XML External Entity Reference
## Affected Systems
* **Products:** Siemens OPC UA Modelling Editor (SiOME)
* **Versions:** All versions prior to V2.8
* **Configurations:** Not specified, assumed to affect standard deployments processing XML data.
## Vulnerability Description
Siemens OPC UA Modeling Editor (SiOME) is vulnerable to an XML External Entity (XXE) injection flaw. This vulnerability exists because the application fails to properly restrict the processing of external entity references within XML data. An attacker can leverage this flaw to interfere with the application's XML processing.
## Exploitation
* **Status:** PoC available indicated by CVSS vector component E:P (Proof-of-Concept)
* **Complexity:** Low (CVSS AC:L)
* **Attack Vector:** Network (AV:N)
## Impact
The exploit allows for information disclosure, specifically the reading of arbitrary files on the underlying system.
* **Confidentiality:** High (C:H) - Arbitrary file reading capability.
* **Integrity:** Low (I:N) - No direct integrity impact mentioned.
* **Availability:** None (A:N) - No direct availability impact mentioned.
## Remediation
### Patches
* Update Siemens OPC UA Modelling Editor (SiOME) to **Version V2.8 or later**.
* Patch availability link: hxxps://support.industry.siemens.com/cs/ww/en/view/109755133/
### Workarounds
* No specific temporary mitigations beyond applying the patch are detailed in this advisory, beyond general security recommendations.
## Detection
* **Indicators of Compromise:** Look for unusual file access patterns or outbound network activity associated with the SiOME application process, especially concurrent with XML data processing/imports.
* **Detection Methods and Tools:** Utilize network monitoring and endpoint detection tools capable of inspecting application process behavior during XML parsing operations.
## References
* **Vendor Advisories:** SSA-197270
* **Relevant Links:**
* Product Advisory Link: hxxps://cert-portal.siemens.com/productcert/html/ssa-197270.html
* Operational Guidelines Download: hxxps://www.siemens.com/cert/operational-guidelines-industrial-security