Arbitrary Code Execution Vulnerability in TIA Portal by Siemens
CVE-2019-10934

7.8HIGH

Key Information:

Vendor: Siemens
Status: Tia Portal V14; Tia Portal V15; Tia Portal V16; Tia Portal V17
Vendor: CVE Published:; 16 January 2020

Summary

A security vulnerability has been detected in multiple versions of TIA Portal software from Siemens. This flaw allows attackers, with valid account access and limited rights, to manipulate a configuration file in a way that could lead to the execution of arbitrary code with SYSTEM privileges. Exploitation requires no user interaction, posing a significant risk to systems utilizing affected versions of TIA Portal. At the time of publication, there were no known public exploits for this vulnerability.

Affected Version(s)

TIA Portal V14 All versions

TIA Portal V15 All versions < V15.1 Update 7

TIA Portal V16 All versions < V16 Update 6

References

https://cert-portal.siemens.com/productcert/pdf/ssa-62951...

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 16, 2020
Vulnerability Reserved
Apr 8, 2019