CVE-2018-11454

Name of the Vulnerable Software and Affected Versions SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) versions V10 through V12 SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) version V13 through V13 SP2 Update 1 SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) version V14 through V14 SP1 Update 5 SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) version V15 through V15 Update 1

Description A vulnerability has been identified due to improper file permissions in the default installation of TIA Portal. This may allow an attacker with local file system access to manipulate resources, which can then be transferred to devices and executed by a different user. The attacker does not require special privileges, but the victim must transfer the manipulated files to a device. The execution occurs on the target device rather than the PG device.

Recommendations For versions V10 through V12, update to a version later than V12. For version V13, update to V13 SP2 Update 2 or later. For version V14, update to V14 SP1 Update 6 or later. For version V15, update to V15 Update 2 or later.