Siemens is getting quite the reputation (a positive one) for self-reporting vulnerabilities to ICS-CERT (there were five such vulnerability reports last month). Yesterday ICS-CERT published an advisory for a Siemens reported privilege escalation vulnerability in their COMOS [Typo corrected on name 12:00 EDT 8-15-12] database application.
Siemens describes the vulnerability this way:
“Authenticated users with read privileges may exploit a vulnerability to elevate their rights. As a result, they may achieve full administrative access to the database.”
ICS-CERT adds that a moderately skilled attacker could be expected to be able to exploit this vulnerability remotely. Siemens reports that the attacker would need network access to the system and read access to the database. Neither notes that the most probable means of remotely exploiting this would be through a social engineering attack to gain the necessary access.
Siemens has patches available for versions 9.1 and later and recommends upgrading earlier versions as no patch is available for those. Unfortunately there is no direct link available in either the ICS-CERT nor Siemens documents for the available patches.
NOTE: Once again ICS-CERT provides a link to the Siemens alert (well almost; it goes to the page where the Siemens alerts are listed) a courtesy that it still does not extend to independent security researchers.
BTW: Siemens: It would be more helpful if your latest vulnerability alerts were listed on the top of the list instead of the bottom.