CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
EPSS
Percentile
79.9%
Siemens SIMATIC STEP 7 (TIA Portal)
Version: 13 and earlier
Link:
http://www.siemens.com/
Severity level: Low
Impact: Privilege Gaining
Access Vector: Local
CVSS v2:
Base Score: 2.6
Vector: (AV:L/AC:H/Au:N/C:P/I:P/A:N)
CVE: CVE-2015-1356
Siemens SIMATIC STEP 7 (TIA Portal) is an engineering software to configure and program SIMATIC controllers and Standard PCs running WinAC RTX.
The specialists of the Positive Research center have detected a Privilege Gaining vulnerability in Siemens SIMATIC STEP 7 (TIA Portal).
Vulnerability exists in TIA Portal due to improper integrity protection of project-file fields containing userβs privileges, which allows attackers to modify user permissions by manipulating project files.
Update your sofware up to the latest version
21.09.2012 - Vendor gets vulnerability details
13.02.2015 - Vendor releases fixed version and details
25.02.2015 - Public disclosure
The vulnerability was detected by Alexander Timorin, Positive Research Center (Positive Technologies Company)
<http://en.securitylab.ru/lab/PT-2015-10>
<http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-234789.pdf>[](<https://ics-cert.us-cert.gov/advisories/ICSA-14-238-02>)
Reports on the vulnerabilities previously discovered by Positive Research:
<http://www.ptsecurity.com/research/advisory/>
<http://en.securitylab.ru/lab/>