Full Report
Multiple Siemens products are affected by a type confusion vulnerability in Google Chrome prior to 138.0.7204.96. This could allow a remote attacker to perform arbitrary code execution via a crafted HTML page. Siemens has released a new version for Industrial Edge App Publisher and recommends to update to the latest version. Siemens is preparing further fix versions and recommends countermeasures for products where fixes are not, or not yet available.
Analysis Summary
# Vulnerability: Type Confusion in Google Chrome Affecting Siemens Products
## CVE Details
- CVE ID: CVE-2025-6554
- CVSS Score: 8.1 (High) based on CVSS v3.1; 7.0 (High) based on CVSS v4.0
- CWE: CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')
## Affected Systems
- Products:
- HyperLynx
- Industrial Edge App Publisher
- SINAMICS SDI Pro 5.5 (Though this product is listed in the description section, the table only explicitly shows remediation for HyperLynx and Industrial Edge App Publisher, implying all three may be affected or part of the scope)
- Versions:
- HyperLynx: All versions < V2510.0001
- Industrial Edge App Publisher: All versions < V1.23.5
- Configurations: Exploitation relies on the use of vulnerable third-party Google Chrome components (prior to 138.0.7204.96).
## Vulnerability Description
The vulnerability is a Type Confusion flaw located within the V8 JavaScript engine of Google Chrome versions prior to 138.0.7204.96. A remote attacker can trigger this vulnerability by presenting a victim with a crafted HTML page, potentially leading to arbitrary read/write primitives within the exploited process.
For **HyperLynx**, the impact analysis suggests exploitation requires the attacker to modify local files and necessitates local access to the application, resulting in a lower CVSS v3.1 score of 6.6 (AV:L/AC:L/PR:L/UI:R).
## Exploitation
- Status: PoC available (Inferred from the underlying Chrome vulnerability context, typically leading to Proof-of-Concept development for Type Confusion flaws). The advisory implies potential remote exploitation via crafted HTML.
- Complexity: Low (For remote exploitation via web page).
- Attack Vector: Network (Remote) for general Chrome payload; Local (Local) for specific HyperLynx context.
## Impact
- Confidentiality: High (Arbitrary Read)
- Integrity: High (Arbitrary Write)
- Availability: None specified (Base Chrome vector often impacts integrity/confidentiality first, typically leading to process termination if not fully controlled)
## Remediation
### Patches
- **Industrial Edge App Publisher:** Update to **V1.23.5 or later**.
- **HyperLynx:** Update to **V2510.0001 or later**.
- Further fix versions for other affected products are currently being prepared by Siemens.
### Workarounds
Siemens recommends implementing countermeasures for products where fixes are not yet available. Specific product-related mitigations are referred to the "Known Affected Products" section of the advisory (not detailed in this summary).
General recommendations include:
1. Protecting network access to devices with appropriate mechanisms.
2. Configuring the environment according to Siemens' operational guidelines for Industrial Security.
3. Following recommendations in product manuals.
## Detection
- Detection indicators focus primarily on monitoring for processes attempting to leverage the embedded vulnerable Chrome version (138.0.7204.96 or earlier) under unusual conditions, though specific IoCs are not provided.
- Detection should involve monitoring for network connections initiated by these Siemens applications to untrusted remote sources presenting HTML/web content, especially if coupled with unexpected behavior within the application process.
## References
- Vendor Advisory: SSA-365200
- Siemens Operational Guidelines: hxxps://www.siemens.com/cert/operational-guidelines-industrial-security
- Siemens Security Advisories Portal: hxxps://www.siemens.com/cert/advisories