CVE-2018-11453

Name of the Vulnerable Software and Affected Versions SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) versions V10 through V12 SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) versions V13 through V13 SP1 Update 2 SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) versions V14 through V14 SP1 Update 5 SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) versions V15 through V15 Update 1

Description A vulnerability has been identified due to improper file permissions in the default installation of TIA Portal. This may allow an attacker with local file system access to insert specially crafted files, potentially preventing TIA Portal startup or leading to local code execution. The attacker does not require special privileges, but the victim must attempt to start TIA Portal after the manipulation.

Recommendations For versions V10 through V12, update to a version later than V12. For versions V13 through V13 SP1 Update 2, update to V13 SP2 Update 2 or later. For versions V14 through V14 SP1 Update 5, update to V14 SP1 Update 6 or later. For versions V15 through V15 Update 1, update to V15 Update 2 or later.