DIFFICULTYĬrafting a working exploit for these vulnerabilities would be difficult. No known public exploits specifically target these vulnerabilities. These vulnerabilities are not exploitable remotely without local user interaction. A CVSS v2 base score of 2.6 has been assigned the CVSS vector string is (AV:L/AC:H/Au:N/C:P/I:P/A:N). If unsuspecting users are tricked to download the manipulated project file to the device, the user permissions become active. Attackers with access to the project file could possibly read and modify the permissions for device users in the project file. Privilege information for device users is stored unprotected in the TIA Portal project file. PERMISSIONS, PRIVILEGES, AND ACCESS CONTROLS d VULNERABILITY CHARACTERIZATION VULNERABILITY OVERVIEW Siemens estimates that these products are used primarily in the United States and Europe with a small percentage in Asia.
Simatic step 7 tia portal software#
This software is deployed across several sectors including Chemical, Energy, Food and Agriculture, and Water and Wastewater Systems. The affected product, SIMATIC STEP 7 TIA Portal, is engineering software for SIMATIC products. Siemens is a multinational company headquartered in Munich, Germany.
NCCIC/ICS-CERT recommends that organizations evaluate the impact of these vulnerabilities based on their operational environment, architecture, and product implementation. Impact to individual organizations depends on many factors that are unique to each organization. SIMATIC STEP 7 TIA Portal: All versions prior to V13 SP1Ī local user who is tricked into exploiting these vulnerabilities could possibly escalate privileges for an attacker.The following Siemens products are affected: Siemens has produced a service pack that mitigates these vulnerabilities. Aleksandr Timorin from Positive Technologies has identified authentication vulnerabilities in the Siemens SIMATIC STEP 7 TIA Portal application.
0 kommentar(er)
