ID

VAR-201808-0744


CVE

CVE-2018-11454


TITLE

SIMATIC STEP 7 and WinCC Vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2018-009208

DESCRIPTION

A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 (All versions), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 (All versions < V13 SP2 Update 2), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14 (All versions < V14 SP1 Update 6), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15 (All versions < V15 Update 2). Improper file permissions in the default installation of TIA Portal may allow an attacker with local file system access to manipulate resources which may be transferred to devices and executed there by a different user. No special privileges are required, but the victim needs to transfer the manipulated files to a device. Execution is caused on the target device rather than on the PG device. SIMATIC STEP 7 and WinCC (TIA Portal ) Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Siemens SIMATIC STEP 7 (TIA Portal) is a set of programming software for SIMATIC controllers. The software provides PLC programming, design option packages and advanced drive technology. WinCC (TIA Portal) is an automated data acquisition and monitoring (SCADA) system. The system provides functions such as process monitoring and data acquisition. And resources that are executed by the user. Siemens SIMATIC STEP 7 and SIMATIC WinCC are prone to multiple insecure file-permissions vulnerabilities. A local attacker can exploit these issues by gaining access to a world-readable file and extracting sensitive information from it. Information obtained may aid in other attacks

Trust: 2.7

sources: NVD: CVE-2018-11454 // JVNDB: JVNDB-2018-009208 // CNVD: CNVD-2018-19602 // BID: 105115 // IVD: e2fc30c0-39ab-11e9-8ae0-000c29342cb1 // VULHUB: VHN-121315

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: e2fc30c0-39ab-11e9-8ae0-000c29342cb1 // CNVD: CNVD-2018-19602

AFFECTED PRODUCTS

vendor:siemensmodel:simatic wincc \scope:eqversion:14.0

Trust: 1.6

vendor:siemensmodel:simatic step 7 \scope:eqversion:14.0

Trust: 1.6

vendor:siemensmodel:simatic wincc \scope:eqversion:13.0

Trust: 1.6

vendor:siemensmodel:simatic wincc \scope:eqversion:15.0

Trust: 1.6

vendor:siemensmodel:simatic step 7 \scope:eqversion:13.0

Trust: 1.6

vendor:siemensmodel:simatic wincc \scope:eqversion:12.0

Trust: 1.6

vendor:siemensmodel:simatic wincc \scope:eqversion:11.0

Trust: 1.6

vendor:siemensmodel:simatic step 7 \scope:eqversion:15.0

Trust: 1.6

vendor:siemensmodel:simatic wincc \scope:eqversion:10.0

Trust: 1.6

vendor:siemensmodel:simatic step 7 \scope:eqversion:11.0

Trust: 1.0

vendor:siemensmodel:simatic step 7 \scope:eqversion:10.0

Trust: 1.0

vendor:siemensmodel:simatic step 7 \scope:eqversion:12.0

Trust: 1.0

vendor:siemensmodel:simatic step 7scope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic winccscope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic stepscope:eqversion:710

Trust: 0.6

vendor:siemensmodel:simatic stepscope:eqversion:711

Trust: 0.6

vendor:siemensmodel:simatic stepscope:eqversion:712

Trust: 0.6

vendor:siemensmodel:simatic stepscope:eqversion:713

Trust: 0.6

vendor:siemensmodel:simatic step sp1 updatescope:eqversion:714.*<146

Trust: 0.6

vendor:siemensmodel:simatic step updatescope:eqversion:715.*<152

Trust: 0.6

vendor:siemensmodel:winccscope:eqversion:10

Trust: 0.6

vendor:siemensmodel:winccscope:eqversion:11

Trust: 0.6

vendor:siemensmodel:winccscope:eqversion:12

Trust: 0.6

vendor:siemensmodel:winccscope:eqversion:13

Trust: 0.6

vendor:siemensmodel:wincc sp1 updatescope:eqversion:14.*<146

Trust: 0.6

vendor:siemensmodel:wincc updatescope:eqversion:15.*<152

Trust: 0.6

vendor:simatic step 7 tia portalmodel: - scope:eqversion:13.0

Trust: 0.4

vendor:siemensmodel:simatic winccscope:eqversion:v120

Trust: 0.3

vendor:siemensmodel:simatic winccscope:eqversion:v110

Trust: 0.3

vendor:siemensmodel:simatic winccscope:eqversion:v15

Trust: 0.3

vendor:siemensmodel:simatic winccscope:eqversion:v13

Trust: 0.3

vendor:siemensmodel:simatic winccscope:eqversion:v11

Trust: 0.3

vendor:siemensmodel:simatic winccscope:eqversion:v10

Trust: 0.3

vendor:siemensmodel:simatic step tia portalscope:eqversion:7v14

Trust: 0.3

vendor:siemensmodel:simatic step tia portalscope:eqversion:7v13

Trust: 0.3

vendor:siemensmodel:simatic step tia portalscope:eqversion:7v12

Trust: 0.3

vendor:siemensmodel:simatic stepscope:eqversion:7v15

Trust: 0.3

vendor:siemensmodel:simatic stepscope:eqversion:7v11

Trust: 0.3

vendor:siemensmodel:simatic stepscope:eqversion:7v10

Trust: 0.3

vendor:simatic step 7 tia portalmodel: - scope:eqversion:10.0

Trust: 0.2

vendor:simatic step 7 tia portalmodel: - scope:eqversion:11.0

Trust: 0.2

vendor:simatic step 7 tia portalmodel: - scope:eqversion:12.0

Trust: 0.2

vendor:simatic step 7 tia portalmodel: - scope:eqversion:14.0

Trust: 0.2

vendor:simatic step 7 tia portalmodel: - scope:eqversion:15.0

Trust: 0.2

vendor:simatic wincc tia portalmodel: - scope:eqversion:10.0

Trust: 0.2

vendor:simatic wincc tia portalmodel: - scope:eqversion:11.0

Trust: 0.2

vendor:simatic wincc tia portalmodel: - scope:eqversion:12.0

Trust: 0.2

vendor:simatic wincc tia portalmodel: - scope:eqversion:13.0

Trust: 0.2

vendor:simatic wincc tia portalmodel: - scope:eqversion:14.0

Trust: 0.2

vendor:simatic wincc tia portalmodel: - scope:eqversion:15.0

Trust: 0.2

sources: IVD: e2fc30c0-39ab-11e9-8ae0-000c29342cb1 // CNVD: CNVD-2018-19602 // BID: 105115 // JVNDB: JVNDB-2018-009208 // CNNVD: CNNVD-201808-240 // NVD: CVE-2018-11454

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-11454
value: HIGH

Trust: 1.0

NVD: CVE-2018-11454
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-19602
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201808-240
value: HIGH

Trust: 0.6

IVD: e2fc30c0-39ab-11e9-8ae0-000c29342cb1
value: HIGH

Trust: 0.2

VULHUB: VHN-121315
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-11454
severity: MEDIUM
baseScore: 4.4
vectorString: AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.4
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-19602
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e2fc30c0-39ab-11e9-8ae0-000c29342cb1
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-121315
severity: MEDIUM
baseScore: 4.4
vectorString: AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.4
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-11454
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 6.0
version: 3.0

Trust: 1.8

sources: IVD: e2fc30c0-39ab-11e9-8ae0-000c29342cb1 // CNVD: CNVD-2018-19602 // VULHUB: VHN-121315 // JVNDB: JVNDB-2018-009208 // CNNVD: CNNVD-201808-240 // NVD: CVE-2018-11454

PROBLEMTYPE DATA

problemtype:CWE-732

Trust: 1.1

problemtype:CWE-276

Trust: 1.0

problemtype:CWE-264

Trust: 0.9

sources: VULHUB: VHN-121315 // JVNDB: JVNDB-2018-009208 // NVD: CVE-2018-11454

THREAT TYPE

local

Trust: 0.9

sources: BID: 105115 // CNNVD: CNNVD-201808-240

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201808-240

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-009208

PATCH

title:SSA-979106url:https://cert-portal.siemens.com/productcert/pdf/ssa-979106.pdf

Trust: 0.8

title:Patch for Siemens SIMATIC STEP 7 and WinCC Rights Management Vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/140875

Trust: 0.6

title:Siemens SIMATIC STEP 7 and WinCC Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=83959

Trust: 0.6

sources: CNVD: CNVD-2018-19602 // JVNDB: JVNDB-2018-009208 // CNNVD: CNNVD-201808-240

EXTERNAL IDS

db:NVDid:CVE-2018-11454

Trust: 3.6

db:SIEMENSid:SSA-979106

Trust: 2.3

db:BIDid:105115

Trust: 2.0

db:ICS CERTid:ICSA-18-226-01

Trust: 1.1

db:CNNVDid:CNNVD-201808-240

Trust: 0.9

db:CNVDid:CNVD-2018-19602

Trust: 0.8

db:JVNDBid:JVNDB-2018-009208

Trust: 0.8

db:IVDid:E2FC30C0-39AB-11E9-8AE0-000C29342CB1

Trust: 0.2

db:VULHUBid:VHN-121315

Trust: 0.1

sources: IVD: e2fc30c0-39ab-11e9-8ae0-000c29342cb1 // CNVD: CNVD-2018-19602 // VULHUB: VHN-121315 // BID: 105115 // JVNDB: JVNDB-2018-009208 // CNNVD: CNNVD-201808-240 // NVD: CVE-2018-11454

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-979106.pdf

Trust: 2.3

url:http://www.securityfocus.com/bid/105115

Trust: 1.7

url:https://ics-cert.us-cert.gov/advisories/icsa-18-226-01

Trust: 1.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11454

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-11454

Trust: 0.8

url:http://www.siemens.com/

Trust: 0.3

sources: CNVD: CNVD-2018-19602 // VULHUB: VHN-121315 // BID: 105115 // JVNDB: JVNDB-2018-009208 // CNNVD: CNNVD-201808-240 // NVD: CVE-2018-11454

CREDITS

Younes Dragoni from Nozomi Networks.

Trust: 0.3

sources: BID: 105115

SOURCES

db:IVDid:e2fc30c0-39ab-11e9-8ae0-000c29342cb1
db:CNVDid:CNVD-2018-19602
db:VULHUBid:VHN-121315
db:BIDid:105115
db:JVNDBid:JVNDB-2018-009208
db:CNNVDid:CNNVD-201808-240
db:NVDid:CVE-2018-11454

LAST UPDATE DATE

2024-11-23T22:30:18.527000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2018-19602date:2018-09-21T00:00:00
db:VULHUBid:VHN-121315date:2019-10-09T00:00:00
db:BIDid:105115date:2018-08-14T00:00:00
db:JVNDBid:JVNDB-2018-009208date:2019-01-08T00:00:00
db:CNNVDid:CNNVD-201808-240date:2019-10-17T00:00:00
db:NVDid:CVE-2018-11454date:2024-11-21T03:43:24.100

SOURCES RELEASE DATE

db:IVDid:e2fc30c0-39ab-11e9-8ae0-000c29342cb1date:2018-09-21T00:00:00
db:CNVDid:CNVD-2018-19602date:2018-09-21T00:00:00
db:VULHUBid:VHN-121315date:2018-08-07T00:00:00
db:BIDid:105115date:2018-08-14T00:00:00
db:JVNDBid:JVNDB-2018-009208date:2018-11-12T00:00:00
db:CNNVDid:CNNVD-201808-240date:2018-08-08T00:00:00
db:NVDid:CVE-2018-11454date:2018-08-07T15:29:00.373