CVE-2018-11454— Siemens SIMATIC STEP 7和WinCC 安全漏洞

N/A

A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 (All versions), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 (All versions < V13 SP2 Update 2), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14 (All versions < V14 SP1 Update 6), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15 (All versions < V15 Update 2). Improper file permissions in the default installation of TIA Portal may allow an attacker with local file system access to manipulate resources which may be transferred to devices and executed there by a different user. No special privileges are required, but the victim needs to transfer the manipulated files to a device. Execution is caused on the target device rather than on the PG device.

N/A

缺省权限不正确

Siemens SIMATIC STEP 7和WinCC 安全漏洞

Siemens SIMATIC STEP 7（TIA Portal）和WinCC（TIA Portal）都是德国西门子（Siemens）公司的产品。Siemens SIMATIC STEP 7（TIA Portal）是一套用于SIMATIC控制器的编程软件。该软件提供PLC编程、设计选件包和先进的驱动器技术等。WinCC（TIA Portal）是一套自动化的数据采集与监控（SCADA）系统。该系统提供过程监视、数据采集等功能。 Siemens SIMATIC STEP 7（TIA Portal）和WinC

N/A

N/A