CVE-2018-11453 & CVE-2018-11454: Siemens High Risk Vulnerability Alert

Recently, Siemens issued an official notice stating that there are two high-risk vulnerabilities (CVE-2018-11453, CVE-2018-11454) in the TIA Portal (Totally Integrated Automation Portal) software used in its SIMATIC STEP7 and WinCC products.

Affected version

Vulnerability Overview

• CVE-2018-11453

CVSS v3.0 Base Score 7.8
CVSS Vector CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

Improper file permissions in the default installation of TIA Portal may allow an attacker with local file
system access to insert specially crafted files which may prevent TIA Portal startup (Denial-of-Service)
or lead to local code execution. No special privileges are required, but the victim needs to attempt to
start TIA Portal after the manipulation.
At the time of advisory publication no public exploitation of this security vulnerability was known.

• CVE-2018-11454

CVSS v3.0 Base Score 8.6
CVSS Vector CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C

Improper file permissions in the default installation of TIA Portal may allow an attacker with local file
system access to manipulate ressources which may be transferred to devices and executed there by
a different user. No special privileges are required, but the victim needs to transfer the manipulated
files to a device. Execution is caused on the target device rather than on the PG device.
At the time of advisory publication no public exploitation of this security vulnerability was known.

Solution

The official patch has been released by Siemens to fix the high vulnerability, which is summarized as follows:

• For the SIMATIC STEP 7 and WinCC (TIA Portal) V10, V11, V12, V13, please take the following circumvention measures:
  1. Ensure that only authorized personnel have access to the operating system
  2. Verify the legality of GCD files and only process GSD files from trusted sources
• SIMATIC STEP 7 and WinCC (TIA Portal) V14 users, please upgrade to V14 SP1 Update 6 for protection. Download the patch here.
• SIMATIC STEP 7 and WinCC (TIA Portal) V15 users should upgrade to V15 Update 2 or higher for protection. Download the patch here