Vulnerability identifier: #VU28936
Vulnerability risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-428
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
SIMATIC Automation Tool
Server applications /
Other server solutions
SINEMA Server
Server applications /
Other server solutions
SIMATIC NET PC Software
Server applications /
SCADA systems
SIMATIC PCS 7
Server applications /
SCADA systems
SIMATIC S7-1500 Software Controller
Server applications /
SCADA systems
SIMATIC STEP 7
Server applications /
SCADA systems
SIMATIC STEP 7 (TIA Portal)
Server applications /
SCADA systems
SIMATIC WinCC OA
Server applications /
SCADA systems
SIMATIC WinCC Runtime Professional
Server applications /
SCADA systems
Siemens SIMATIC WinCC
Server applications /
SCADA systems
SINUMERIK ONE virtual
Server applications /
SCADA systems
SINUMERIK Operate
Server applications /
SCADA systems
SIMATIC PCS neo
Web applications /
Other software
SIMATIC ProSave
Client/Desktop applications /
Other client software
SINAMICS Startdrive
Client/Desktop applications /
Other client software
SINEC NMS
Server applications /
Remote management servers, RDP, SSH
Vendor: Siemens
Description
The vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exist due to a component within the affected application that regularly calls a helper binary with SYSTEM privileges while the call path is not quoted. A local administrator can execute arbitrary code with SYSTEM level privileges.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
SIMATIC Automation Tool: All versions
SIMATIC NET PC Software: 16
SIMATIC PCS 7: All versions
SIMATIC PCS neo: All versions
SIMATIC ProSave: All versions
SIMATIC S7-1500 Software Controller: All versions
SIMATIC STEP 7: All versions
SIMATIC STEP 7 (TIA Portal): 13.0 - 16.0
SIMATIC WinCC OA: All versions
SIMATIC WinCC Runtime Professional: 13.0 - 16.0
Siemens SIMATIC WinCC: All versions
SINAMICS Startdrive: All versions
SINEC NMS: All versions
SINEMA Server: All versions
SINUMERIK ONE virtual: All versions
SINUMERIK Operate: All versions
External links
http://ics-cert.us-cert.gov/advisories/icsa-20-161-04
http://cert-portal.siemens.com/productcert/pdf/ssa-312271.pdf
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.