PT-2015-10: Privilege Gaining in Siemens SIMATIC STEP 7 (TIA Portal)
Siemens SIMATIC STEP 7 (TIA Portal)
Version: 13 and earlier
Severity level: Low
Impact: Privilege Gaining
Access Vector: Local
Base Score: 2.6
Siemens SIMATIC STEP 7 (TIA Portal) is an engineering software to configure and program SIMATIC controllers and Standard PCs running WinAC RTX.
The specialists of the Positive Research center have detected a Privilege Gaining vulnerability in Siemens SIMATIC STEP 7 (TIA Portal).
Vulnerability exists in TIA Portal due to improper integrity protection of project-file fields containing user’s privileges, which allows attackers to modify user permissions by manipulating project files.
How to fix
Update your sofware up to the latest version
21.09.2012 - Vendor gets vulnerability details
13.02.2015 - Vendor releases fixed version and details
25.02.2015 - Public disclosure
The vulnerability was detected by Alexander Timorin, Positive Research Center (Positive Technologies Company)
Reports on the vulnerabilities previously discovered by Positive Research: