As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Polarion ALM Vulnerabilities: Incorrect Default Permissions, Improper Authentication 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow unauthenticated access or privilege escalation. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: Polarion ALM: all versions. 3.2 Vulnerability Overview 3.2.1 INCORRECT DEFAULT PERMISSIONS CWE-276 Siemens Polarion ALM is vulnerable due to weak file and folder permissions in the installation path. An attacker with local access could exploit this vulnerability to escalate privileges to NT AUTHORITYSYSTEM. CVE-2023-50236 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). A CVSS v4 score has also been calculated for CVE-2023-50236. A base score of 8.5 has been calculated; the CVSS vector string is (CVSS4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N). 3.2.2 IMPROPER AUTHENTICATION CWE-287 The REST API…Read More