siemens simatic-step-7-tia-portal CVE-2018-11454 vulnerability in Siemens Products
Published on August 7, 2018

A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 (All versions), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 (All versions < V13 SP2 Update 2), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14 (All versions < V14 SP1 Update 6), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15 (All versions < V15 Update 2). Improper file permissions in the default installation of TIA Portal may allow an attacker with local file system access to manipulate resources which may be transferred to devices and executed there by a different user. No special privileges are required, but the victim needs to transfer the manipulated files to a device. Execution is caused on the target device rather than on the PG device.

NVD

Weakness Type

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.


Products Associated with CVE-2018-11454

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2018-11454 are published in these products:

Siemens Simatic Step 7 Tia Portal
 
Siemens Simatic Wincc Tia Portal
 

Affected Versions

Siemens AG SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12, SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13, SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14, SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15:

Exploit Probability

EPSS
0.06%
Percentile
17.65%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.