OVERVIEWThis updated advisory is a follow-up to the original advisory titled ICSA-15-064-02 Siemens SIMATIC ProSave, SIMATIC CFC, SIMATIC STEP 7, SIMOTION Scout, and STARTER Insufficiently Qualified Paths that was published March 5, 2015, on the NCCIC/ICS‑CERT web site.Ivan Sanchez from WiseSecurity Team has identified a search path vulnerability in the Siemens SIMATIC ProSave, SIMATIC CFC, SIMATIC STEP 7, SIMOTION Scout, and STARTER applications. Siemens has produced updates for each of these products that mitigates this vulnerability. UNTRUSTED SEARCH PATHInsufficiently qualified paths could allow attackers to execute arbitrary code from files located on the local file system or connected network shares with the privileges of the user running the affected products.

1. Simatic Prosave V10 Firefox Version

For successful exploitation an unsuspecting user must be tricked into opening a manipulated application file.CVE-2015-1594 has been assigned to this vulnerability. A CVSS v2 base score of 6.9 has been assigned; the CVSS vector string is (AV:L/AC:M/Au:N/C:C/I:C/A:C). VULNERABILITY DETAILS EXPLOITABILITYThis vulnerability is not exploitable remotely and cannot be exploited without user interaction. The exploit is only triggered when a local user runs the vulnerable application and loads the malformed file. EXISTENCE OF EXPLOITNo known public exploits specifically target this vulnerability.

Simatic Prosave V10 Firefox Version

DIFFICULTYCrafting a working exploit for this vulnerability would require a moderate amount of skill. Social engineering is required to convince the user to accept the malformed file. Additional user interaction is needed to load the malformed file. This decreases the likelihood of a successful exploit.