Main Vulnerability Database Vulnerabilities #VU14416

Privilege escalation in SIMATIC WinCC (TIA Portal) and SIMATIC STEP 7 (TIA Portal) - CVE-2018-11454

Published: August 15, 2018

Vulnerability identifier: #VU14416

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-11454

CWE-ID: CWE-276

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Siemens

Affected software:
SIMATIC WinCC (TIA Portal)
SIMATIC STEP 7 (TIA Portal)

Detailed vulnerability description

The vulnerability allows a remote attacker to gain elevated privileges on the target system.

The vulnerability exists due to improper file permissions in the default installation of TIA Portal. A local unauthenticated attacker can transfer the manipulated files to a device and cause the service to crash or execute arbitrary code with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

How to mitigate CVE-2018-11454

Install update from vendor's website.

Sources

https://cert-portal.siemens.com/productcert/pdf/ssa-979106.pdf

Privilege escalation in SIMATIC WinCC (TIA Portal) and SIMATIC STEP 7 (TIA Portal) - CVE-2018-11454

Detailed vulnerability description

How to mitigate CVE-2018-11454

Sources

Please verify you're human