cnvd - cnvd-2018-19602

cnvd-2018-19602

Vulnerability from cnvd

Title: Siemens SIMATIC STEP 7和WinCC权限管理漏洞

Description:

Siemens SIMATIC STEP 7（TIA Portal）和WinCC（TIA Portal）都是德国西门子（Siemens）公司的产品。Siemens SIMATIC STEP 7（TIA Portal）是一套用于SIMATIC控制器的编程软件。该软件提供PLC编程、设计选件包和先进的驱动器技术等。WinCC（TIA Portal）是一套自动化的数据采集与监控（SCADA）系统。该系统提供过程监视、数据采集等功能。

Siemens SIMATIC STEP 7（TIA Portal）和WinCC（TIA Portal）中存在权限管理漏洞，该漏洞源于在TIA Portal默认安装中未能正确分配文件权限，本地攻击者可利用该漏洞操纵会被传输至设备并被用户执行的资源。

Severity: 高

Patch Name: Siemens SIMATIC STEP 7和WinCC权限管理漏洞的补丁

Patch Description:

Siemens SIMATIC STEP 7（TIA Portal）和WinCC（TIA Portal）中存在权限管理漏洞，该漏洞源于在TIA Portal默认安装中未能正确分配文件权限，本地攻击者可利用该漏洞操纵会被传输至设备并被用户执行的资源。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

厂商已发布了漏洞修复程序，请及时关注更新： https://cert-portal.siemens.com/productcert/pdf/ssa-979106.pdf

Reference: https://cert-portal.siemens.com/productcert/pdf/ssa-979106.pdf

Impacted products

Name
['Siemens SIMATIC STEP 7 (TIA Portal) 10', 'Siemens SIMATIC STEP 7 (TIA Portal) 11', 'Siemens SIMATIC STEP 7 (TIA Portal) 12', 'Siemens SIMATIC STEP 7 (TIA Portal) 13', 'Siemens SIMATIC STEP 7 (TIA Portal) 14.，<14 SP1 Update 6', 'Siemens SIMATIC STEP 7 (TIA Portal) 15.，<15 Update 2', 'Siemens WinCC (TIA Portal) 10', 'Siemens WinCC (TIA Portal) 11', 'Siemens WinCC (TIA Portal) 12', 'Siemens WinCC (TIA Portal) 13', 'Siemens WinCC (TIA Portal) 14.，<14 SP1 Update 6', 'Siemens WinCC (TIA Portal) 15.，<15 Update 2']

Name

['Siemens SIMATIC STEP 7 (TIA Portal) 10', 'Siemens SIMATIC STEP 7 (TIA Portal) 11', 'Siemens SIMATIC STEP 7 (TIA Portal) 12', 'Siemens SIMATIC STEP 7 (TIA Portal) 13', 'Siemens SIMATIC STEP 7 (TIA Portal) 14.*，<14 SP1 Update 6', 'Siemens SIMATIC STEP 7 (TIA Portal) 15.*，<15 Update 2', 'Siemens WinCC (TIA Portal) 10', 'Siemens WinCC (TIA Portal) 11', 'Siemens WinCC (TIA Portal) 12', 'Siemens WinCC (TIA Portal) 13', 'Siemens WinCC (TIA Portal) 14.*，<14 SP1 Update 6', 'Siemens WinCC (TIA Portal) 15.*，<15 Update 2']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-11454"
    }
  },
  "description": "Siemens SIMATIC STEP 7\uff08TIA Portal\uff09\u548cWinCC\uff08TIA Portal\uff09\u90fd\u662f\u5fb7\u56fd\u897f\u95e8\u5b50\uff08Siemens\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Siemens SIMATIC STEP 7\uff08TIA Portal\uff09\u662f\u4e00\u5957\u7528\u4e8eSIMATIC\u63a7\u5236\u5668\u7684\u7f16\u7a0b\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u63d0\u4f9bPLC\u7f16\u7a0b\u3001\u8bbe\u8ba1\u9009\u4ef6\u5305\u548c\u5148\u8fdb\u7684\u9a71\u52a8\u5668\u6280\u672f\u7b49\u3002WinCC\uff08TIA Portal\uff09\u662f\u4e00\u5957\u81ea\u52a8\u5316\u7684\u6570\u636e\u91c7\u96c6\u4e0e\u76d1\u63a7\uff08SCADA\uff09\u7cfb\u7edf\u3002\u8be5\u7cfb\u7edf\u63d0\u4f9b\u8fc7\u7a0b\u76d1\u89c6\u3001\u6570\u636e\u91c7\u96c6\u7b49\u529f\u80fd\u3002\r\n\r\nSiemens SIMATIC STEP 7\uff08TIA Portal\uff09\u548cWinCC\uff08TIA Portal\uff09\u4e2d\u5b58\u5728\u6743\u9650\u7ba1\u7406\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5728TIA Portal\u9ed8\u8ba4\u5b89\u88c5\u4e2d\u672a\u80fd\u6b63\u786e\u5206\u914d\u6587\u4ef6\u6743\u9650\uff0c\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u64cd\u7eb5\u4f1a\u88ab\u4f20\u8f93\u81f3\u8bbe\u5907\u5e76\u88ab\u7528\u6237\u6267\u884c\u7684\u8d44\u6e90\u3002",
  "discovererName": "Younes Dragoni",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://cert-portal.siemens.com/productcert/pdf/ssa-979106.pdf",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-19602",
  "openTime": "2018-09-21",
  "patchDescription": "Siemens SIMATIC STEP 7\uff08TIA Portal\uff09\u548cWinCC\uff08TIA Portal\uff09\u90fd\u662f\u5fb7\u56fd\u897f\u95e8\u5b50\uff08Siemens\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Siemens SIMATIC STEP 7\uff08TIA Portal\uff09\u662f\u4e00\u5957\u7528\u4e8eSIMATIC\u63a7\u5236\u5668\u7684\u7f16\u7a0b\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u63d0\u4f9bPLC\u7f16\u7a0b\u3001\u8bbe\u8ba1\u9009\u4ef6\u5305\u548c\u5148\u8fdb\u7684\u9a71\u52a8\u5668\u6280\u672f\u7b49\u3002WinCC\uff08TIA Portal\uff09\u662f\u4e00\u5957\u81ea\u52a8\u5316\u7684\u6570\u636e\u91c7\u96c6\u4e0e\u76d1\u63a7\uff08SCADA\uff09\u7cfb\u7edf\u3002\u8be5\u7cfb\u7edf\u63d0\u4f9b\u8fc7\u7a0b\u76d1\u89c6\u3001\u6570\u636e\u91c7\u96c6\u7b49\u529f\u80fd\u3002\r\n\r\nSiemens SIMATIC STEP 7\uff08TIA Portal\uff09\u548cWinCC\uff08TIA Portal\uff09\u4e2d\u5b58\u5728\u6743\u9650\u7ba1\u7406\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5728TIA Portal\u9ed8\u8ba4\u5b89\u88c5\u4e2d\u672a\u80fd\u6b63\u786e\u5206\u914d\u6587\u4ef6\u6743\u9650\uff0c\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u64cd\u7eb5\u4f1a\u88ab\u4f20\u8f93\u81f3\u8bbe\u5907\u5e76\u88ab\u7528\u6237\u6267\u884c\u7684\u8d44\u6e90\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Siemens SIMATIC STEP 7\u548cWinCC\u6743\u9650\u7ba1\u7406\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Siemens SIMATIC STEP 7 (TIA Portal) 10",
      "Siemens SIMATIC STEP 7 (TIA Portal) 11",
      "Siemens SIMATIC STEP 7 (TIA Portal) 12",
      "Siemens SIMATIC STEP 7 (TIA Portal) 13",
      "Siemens SIMATIC STEP 7 (TIA Portal) 14.*\uff0c\u003c14 SP1 Update 6",
      "Siemens SIMATIC STEP 7 (TIA Portal) 15.*\uff0c\u003c15 Update 2",
      "Siemens WinCC (TIA Portal)  10",
      "Siemens WinCC (TIA Portal)  11",
      "Siemens WinCC (TIA Portal)  12",
      "Siemens WinCC (TIA Portal)  13",
      "Siemens WinCC (TIA Portal)  14.*\uff0c\u003c14 SP1 Update 6",
      "Siemens WinCC (TIA Portal)  15.*\uff0c\u003c15 Update 2"
    ]
  },
  "referenceLink": "https://cert-portal.siemens.com/productcert/pdf/ssa-979106.pdf",
  "serverity": "\u9ad8",
  "submitTime": "2018-08-09",
  "title": "Siemens SIMATIC STEP 7\u548cWinCC\u6743\u9650\u7ba1\u7406\u6f0f\u6d1e"
}

CVE-2018-11454 (GCVE-0-2018-11454)

Vulnerability from cvelistv5

Published

2018-08-07 15:00

Modified

2024-09-16 18:03

Severity ?

CWE

CWE-276 - Incorrect Default Permissions

Summary

A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 (All versions), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 (All versions < V13 SP2 Update 2), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14 (All versions < V14 SP1 Update 6), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15 (All versions < V15 Update 2). Improper file permissions in the default installation of TIA Portal may allow an attacker with local file system access to manipulate resources which may be transferred to devices and executed there by a different user. No special privileges are required, but the victim needs to transfer the manipulated files to a device. Execution is caused on the target device rather than on the PG device.

References

▼	URL	Tags
	http://www.securityfocus.com/bid/105115	vdb-entry, x_refsource_BID
	https://cert-portal.siemens.com/productcert/pdf/ssa-979106.pdf	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Siemens AG	SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12, SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13, SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14, SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15	Version: SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 : All versions Version: SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 : All versions < V13 SP2 Update 2 Version: SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14 : All versions < V14 SP1 Update 6 Version: SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15 : All versions < V15 Update 2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T08:10:14.570Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "105115",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105115"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-979106.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12, SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13, SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14, SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 : All versions"
            },
            {
              "status": "affected",
              "version": "SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 : All versions \u003c V13 SP2 Update 2"
            },
            {
              "status": "affected",
              "version": "SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14 : All versions \u003c V14 SP1 Update 6"
            },
            {
              "status": "affected",
              "version": "SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15 : All versions \u003c V15 Update 2"
            }
          ]
        }
      ],
      "datePublic": "2018-08-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 (All versions), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 (All versions \u003c V13 SP2 Update 2), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14 (All versions \u003c V14 SP1 Update 6), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15 (All versions \u003c V15 Update 2). Improper file permissions in the default installation of TIA Portal may allow an attacker with local file system access to manipulate resources which may be transferred to devices and executed there by a different user. No special privileges are required, but the victim needs to transfer the manipulated files to a device. Execution is caused on the target device rather than on the PG device."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-276",
              "description": "CWE-276: Incorrect Default Permissions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T16:57:01",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "name": "105115",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105115"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-979106.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "productcert@siemens.com",
          "DATE_PUBLIC": "2018-08-07T00:00:00",
          "ID": "CVE-2018-11454",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12, SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13, SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14, SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 : All versions"
                          },
                          {
                            "version_value": "SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 : All versions \u003c V13 SP2 Update 2"
                          },
                          {
                            "version_value": "SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14 : All versions \u003c V14 SP1 Update 6"
                          },
                          {
                            "version_value": "SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15 : All versions \u003c V15 Update 2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Siemens AG"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 (All versions), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 (All versions \u003c V13 SP2 Update 2), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14 (All versions \u003c V14 SP1 Update 6), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15 (All versions \u003c V15 Update 2). Improper file permissions in the default installation of TIA Portal may allow an attacker with local file system access to manipulate resources which may be transferred to devices and executed there by a different user. No special privileges are required, but the victim needs to transfer the manipulated files to a device. Execution is caused on the target device rather than on the PG device."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-276: Incorrect Default Permissions"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "105115",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105115"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-979106.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-979106.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2018-11454",
    "datePublished": "2018-08-07T15:00:00Z",
    "dateReserved": "2018-05-25T00:00:00",
    "dateUpdated": "2024-09-16T18:03:30.602Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted