PatchSiren cyber security CVE debrief
CVE-2023-5180 Siemens CVE debrief
CVE-2023-5180 is a high-severity vulnerability in Open Design Alliance Drawings SDK versions prior to 2024.12, affecting Siemens COMOS. The flaw stems from improper validation of the number of sectors used by the File Allocation Table (FAT) structure when parsing crafted DGN files. A corrupted value in this field leads to an out-of-bounds write condition, which an attacker can leverage to achieve arbitrary code execution in the context of the current process. The vulnerability requires local access and user interaction, as the attack vector involves convincing a user to open a malicious DGN file. Published on August 13, 2024, this issue is not currently listed in CISA's Known Exploited Vulnerabilities catalog. Siemens has addressed the vulnerability in COMOS V10.5 and later versions.
- Vendor
- Siemens
- Product
- COMOS
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-08-13
- Original CVE updated
- 2024-08-13
- Advisory published
- 2024-08-13
- Advisory updated
- 2024-08-13
Who should care
Organizations using Siemens COMOS for plant design and engineering should prioritize this patch. Engineering workstations processing DGN files from external sources, including contractors, suppliers, or legacy project archives, face elevated risk. Industrial control system operators in critical infrastructure sectors (energy, water, manufacturing) where COMOS is deployed for process design should assess exposure. Security teams responsible for OT/ICS environments should coordinate with engineering departments to validate file sources and deploy updates without disrupting operational workflows.
Technical summary
The vulnerability exists in the DGN file parsing logic of Open Design Alliance Drawings SDK, specifically in handling the FAT structure sector count. When a crafted DGN file contains a corrupted value for the number of sectors used by the FAT structure, the SDK fails to properly validate this value before using it in memory operations. This results in an out-of-bounds write that corrupts process memory. Successful exploitation allows arbitrary code execution with the privileges of the COMOS process. The attack requires local access and user interaction to open the malicious file, with no privileges required for the attacker beyond convincing the user to open the file.
Defensive priority
HIGH
Recommended defensive actions
- Apply vendor fix: Update Siemens COMOS to V10.5 or later version
- Implement file source validation: Ensure all DGN files imported into COMOS originate from trusted sources and are transmitted over secure channels
- Restrict file execution: Apply principle of least privilege to limit impact of potential exploitation
- Monitor for anomalies: Implement detection for unexpected COMOS process behavior or crashes when handling DGN files
- Review supply chain: Audit DGN file sources in engineering workflows to prevent introduction of malicious files
Evidence notes
The vulnerability description and affected product information are derived from CISA CSAF advisory ICSA-24-228-08, which references Siemens security advisory SSA-659443. The CVSS 3.1 vector (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) confirms local attack vector with user interaction required.
Official resources
-
CVE-2023-5180 CVE record
CVE.org
-
CVE-2023-5180 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
This vulnerability was disclosed through coordinated disclosure via CISA and Siemens. The advisory was published on August 13, 2024, with vendor fixes available at that time.