File Permission Vulnerability in Siemens SIMATIC STEP 7 and WinCC Products
CVE-2018-11454
Key Information:
Summary
A vulnerability exists in the default installation of Siemens SIMATIC STEP 7 and WinCC (TIA Portal) that stems from improper file permissions. This flaw could allow an attacker with local file system access to manipulate files that may be transferred to various devices. Though no special privileges are necessary for the attacker, successful exploitation requires the victim to inadvertently transfer the altered files onto a device where they can be executed by another user. Execution occurs on the target device, posing a significant security risk.
Affected Version(s)
SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12, SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13, SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14, SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15 SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 : All versions
SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12, SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13, SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14, SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15 SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 : All versions < V13 SP2 Update 2 < SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 : All versions V13 SP2 Update 2
SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12, SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13, SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14, SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15 SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14 : All versions < V14 SP1 Update 6 < SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14 : All versions V14 SP1 Update 6
References
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved