CISA Advisory ICSA-20-352-03 - PTC Kepware LinkMaster Incorrect Default Permissions Vulnerability (NIST CVE-2020-13535)

The Cybersecurity & Infrastructure Security Agency's (CISA) Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) has identified a vulnerability discovered pertaining to the default permissions for PTC Kepware LinkMaster Version 3.0.94.0 and prior. How does this affect me? Are patches available?

Reference IDs

CISA: ICSA-20-352-03

NIST: CVE-2020-13535

Full details are available on the CISA website for Advisory # ICSA-20-352-03.

If the LinkMaster server is behind a secure firewall without any allowed access to LinkMaster to individuals outside the company network, the attack surface is reduced but not to zero. The remaining vulnerability is from users who have physical access to the company's computers or networks. Each customer company must assess their security risk and stance and must involve their company Cyber-security professionals to assess the risk, and we can answer questions for those parties if needed. In absence of having company standards, users should consider US NIST guidelines.

What will happen if your PTC Kepware LinkMaster is attacked?

For the affected versions, LinkMaster installs with the incorrect default permissions, which may grant an attacker access to reconfigure the service in any manner desired. HOWEVER, each customer company must assess their security risk and stance and should involve their company Cyber-security professionals to assess the risk, and we can answer questions for those parties if needed.

Successful exploitation of this vulnerability could allow a local attacker to globally overwrite the service configuration to execute arbitrary code with NT SYSTEM privileges.

PTC Kepware LinkMaster Patches Available

Software Toolbox has made available the following update to address this issue - your existing LinkMaster configuration is fully compatible with this updated version. Please verify your current support/maintenance status in the LinkMaster License Utility prior to downloading and installing this updated version to confirm eligibility (in the License Details, at the top, the "LinkMaster is eligible for product support and updates until:" is the date you're looking for).

It is also strongly recommended that you save a copy of your LinkMaster configuration project as a backup prior updating.

The updated LinkMaster installation requires Administrator default permissions - to run LinkMaster the user running the application must either be an Administrator or an Administrator must grant the user Administrator privileges.

Download PTC Kepware LinkMaster V3.0.99

Next Steps

Scenarios for updating your LinkMaster will depend on the current state of the support/maintenance agreement for your license on the LinkMaster machine. To confirm your support/maintenance status, launch the LinkMaster License Utility (from the Start Menu under Kepware) and confirm the "LinkMaster is eligible for product support and updates until:" date listed for your license.

For users with licenses covered by a current support/maintenance agreement (i.e. a date in the future):

You are eligible for the current version.
It is recommended to download V3.0.99 and upgrade your LinkMaster installation as soon as practically possible, following your company's change management practices.

For users with licenses NOT covered by a current support/maintenance agreement (i.e. a date that is older than March 3, 2017):

Please contact us for a quotation to reinstate your support/maintenance agreement. Once reinstated, this will allow you to download V3.0.99.0 and upgrade your LinkMaster installation as soon as practically possible, following your company's change management practices. Please include your serial number or activation ID or any other information that will help us with your request.

If you have any further questions regarding this bulletin, please submit a support request.