PT-2015-10: Privilege Gaining in Siemens SIMATIC STEP 7 (TIA Portal) Vulnerable softwareSiemens SIMATIC STEP 7 (TIA Portal) Version: 13 and earlierLink: http://www.siemens.com/Severity levelSeverity level: Low Impact: Privilege Gaining Access Vector: Local CVSS v2: Base Score: 2.6 Vector: (AV:L/AC:H/Au:N/C:P/I:P/A:N)CVE: CVE-2015-1356Software descriptionSiemens SIMATIC STEP 7 (TIA Portal) is an engineering software to configure and program SIMATIC controllers and Standard PCs running WinAC RTX.Vulnerability descriptionThe specialists of the Positive Research center have detected a Privilege Gaining vulnerability in Siemens SIMATIC STEP 7 (TIA Portal).Vulnerability exists in TIA Portal due to improper integrity protection of project-file fields containing user’s privileges, which allows attackers to modify user permissions by manipulating project files.How to fixUpdate your sofware up to the latest versionAdvisory status 21.09.2012 - Vendor gets vulnerability details 13.02.2015 - Vendor releases fixed version and details 25.02.2015 - Public disclosureCreditsThe vulnerability was detected by Alexander Timorin, Positive Research Center (Positive Technologies Company)Referenceshttp://en.securitylab.ru/lab/PT-2015-10 http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-234789.pdf Reports on the vulnerabilities previously discovered by Positive Research:http://www.ptsecurity.com/research/advisory/ http://en.securitylab.ru/lab/