Simatic Step 7 Tia Portal
CVE-2018-11454
HIGH
Severity by source
AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 (All versions), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 (All versions < V13 SP2 Update 2), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14 (All versions < V14 SP1 Update 6), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15 (All versions < V15 Update 2). Improper file permissions in the default installation of TIA Portal may allow an attacker with local file system access to manipulate resources which may be transferred to devices and executed there by a different user. No special privileges are required, but the victim needs to transfer the manipulated files to a device. Execution is caused on the target device rather than on the PG device.
AnalysisAI
A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 (All versions), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 (All versions < V13 SP2. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Incorrect Default Permissions (CWE-276), which allows attackers to access resources due to overly permissive default settings. A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 (All versions), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 (All versions < V13 SP2 Update 2), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14 (All versions < V14 SP1 Update 6), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15 (All versions < V15 Update 2). Improper file permissions in the default installation of TIA Portal may allow an attacker with local file system access to manipulate resources which may be transferred to devices and executed there by a different user. No special privileges are required, but the victim needs to transfer the manipulated files to a device. Execution is caused on the target device rather than on the PG device. Affected products include: Siemens Simatic Step 7 \(Tia Portal\), Siemens Simatic Wincc \(Tia Portal\).
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Set restrictive default permissions, follow principle of least privilege, review defaults during deployment.
More in Simatic Step 7 Tia Portal
View allA vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 (All versions),
A vulnerability has been identified in SIMATIC S7-1200 CPU family (incl. Rated high severity (CVSS 7.5), this vulnerabil
A vulnerability has been identified in Primary Setup Tool (PST) (All versions < V4.2 HF1), SIMATIC Automation Tool (All
A vulnerability has been identified in Primary Setup Tool (PST) (All versions < V4.2 HF1), SIMATIC IT Production Suite (
A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) (All Versions < V15.1). Rated medium severity (CVSS 5
Same weakness CWE-276 – Incorrect Default Permissions
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today