Vulnerability in SIMATIC STEP 7 and WinCC by Siemens
CVE-2018-11453
Key Information:
Summary
A vulnerability has been discovered in SIMATIC STEP 7 and WinCC software from Siemens that arises from improper file permissions in the default installation of TIA Portal. This flaw allows an attacker, already having access to the local file system, to introduce specially crafted files. Such manipulation can lead to Denial-of-Service situations, preventing TIA Portal from starting properly, or it may facilitate local code execution. Importantly, no special privileges are required, but the affected user must attempt to launch TIA Portal after the files have been altered.
Affected Version(s)
SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12, SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13, SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14, SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15 SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 : All versions
SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12, SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13, SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14, SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15 SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 : All versions < V13 SP2 Update 2 < SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 : All versions V13 SP2 Update 2
SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12, SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13, SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14, SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15 SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14 : All versions < V14 SP1 Update 6 < SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14 : All versions V14 SP1 Update 6
References
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved