Improper User Permission Control in Siemens SIMATIC IPC DiagBase and DiagMonitor
CVE-2025-23403

7.3HIGH

Key Information:

Vendor: Siemens
Status: Simatic Ipc Diagbase; Simatic Ipc Diagmonitor
Vendor: CVE Published:; 11 February 2025

What is CVE-2025-23403?

A critical security vulnerability has been detected in Siemens' SIMATIC IPC DiagBase and DiagMonitor. The affected systems fail to enforce proper permissions for their respective registry keys, which may allow authenticated attackers to exploit this flaw. By gaining unauthorized access, attackers could potentially load malicious drivers into the system. This action can lead to privilege escalation, allowing them to bypass existing endpoint protection and other security measures, thereby compromising system integrity and data security.

Affected Version(s)

SIMATIC IPC DiagBase 0

SIMATIC IPC DiagMonitor 0

References

https://cert-portal.siemens.com/productcert/html/ssa-3693...

CVSS V4

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 11, 2025
Vulnerability Reserved
Jan 15, 2025