Vulnerability Allows Command Execution in TIA Administrator by Siemens
CVE-2019-10915

7.8HIGH

Key Information:

Vendor
Siemens Ag
Status
Tia Administrator
Vendor
CVE Published:
11 July 2019

Badges

👾 Exploit Exists🟡 Public PoC

Summary

A vulnerability in TIA Administrator permits execution of specific application commands without appropriate authentication, impacting all versions prior to V1.0 SP1 Upd1. This flaw enables an attacker with local access to execute commands without requiring privileges or user interaction. Consequently, this can lead to potential compromises of the system's confidentiality, integrity, and availability. As of the advisory's release, there were no known public exploits of this security issue.

Affected Version(s)

TIA Administrator All versions < V1.0 SP1 Upd1

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2019-10915
Created by jiansiting

References

https://cert-portal.siemens.com/productcert/pdf/ssa-72129...
x_refsource_MISC
http://www.securityfocus.com/bid/109124
vdb-entryx_refsource_BID
https://cert-portal.siemens.com/productcert/pdf/ssa-83488...
x_refsource_CONFIRM

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.