Tia Portal V13 Sp1 Update 4th

Tia Portal V13 Sp1 Update 4th
Tia Portal V13 Sp1 Torrent
Tia Portal V13 Sp1 Update 4th Grade

1. EXECUTIVE SUMMARY

ATTENTION: Exploitable locally/low skill level to exploit
Vendor: Siemens
Equipment: SIMATIC STEP 7 (TIA Portal) and SIMATIC WinCC (TIA Portal)
Vulnerabilities: Incorrect Default Permissions

2. UPDATE INFORMATION

This updated advisory is a follow-up to the original advisory titled ICSA-18-226-01 Siemens SIMATIC STEP 7 and SIMATIC WinCC that was published August 14, 2018, on the NCCIC/ICS-CERT website.

WinCC (TIA Portal) V13 SP1 2.2.2 Components used The following components were used to create the application: Hardware components Table 2-1 Component Qty Article number Note SIMATIC CPU 1513-1 PN 1 6ES7513-1AL01-0AB0 Not relevant for user administration in WinCC (TIA Portal). Memory card 24 MB 2 6ES7954 -8FL02 -0AA0 SIMATIC HMI. Tia Portal V13 Sp1 4 Update 4 E; Tia Portal V13 Sp1 4 Update 4 E. Guarda io lo sto usando da qualche giorno con update 4 e non da alcun problema. Tia Portal 13 Sp1 Update4 - Step(Tia) - PLC Forum Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.

3. RISK EVALUATION

Successful exploitation of these vulnerabilities may allow an attacker with local file write access to manipulate files and cause a denial-of-service-condition, or execute code both on the manipulated installation as well as devices configured using the manipulated installation.

4. TECHNICAL DETAILS

4.1 AFFECTED PRODUCTS

Siemens reports these vulnerabilities affect the following SIMATIC STEP 7 products:

SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) v10, v11, v12: All versions,

--------- Begin Update A Part 1 of 2 --------

SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) v13: All versions prior to v13 SP2 Update 2,

SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) v14: All versions < v14 SP1 Update 6, and
SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) v15: All versions < v15 Update 2.

4.2 VULNERABILITY OVERVIEW

4.2.1 INCORRECT DEFAULT PERMISSIONS CWE-276

Improper file permissions in the default installation of TIA Portal may allow an attacker with local file system access to insert specially crafted files, which may prevent TIA Portal startup (denial-of-service) or lead to local code execution. No special privileges are required, but the victim needs to attempt to start TIA Portal after the manipulation.

CVE-2018-11453 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).

4.2.2 INCORRECT DEFAULT PERMISSIONS CWE-276

Improper file permissions in the default installation of TIA Portal may allow an attacker with local file system access to manipulate resources, which may be transferred to devices and executed there by a different user. No special privileges are required, but the victim needs to transfer the manipulated files to a device. Execution is caused on the target device rather than on the PG device.

CVE-2018-11454 has been assigned to this vulnerability. A CVSS v3 base score of 8.6 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).

4.3 BACKGROUND

CRITICAL INFRASTRUCTURE SECTORS: Chemical, Energy, Food and Agriculture, and Water and Wastewater Systems
COUNTRIES/AREAS DEPLOYED: Worldwide
COMPANY HEADQUARTERS LOCATION: Germany

4.4 RESEARCHER

Younes Dragoni from Nozomi Networks reported these vulnerabilities to NCCIC.

5. MITIGATIONS

--------- Begin Update A Part 2 of 2 --------

Siemens recommends users of SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) v10, v11, or v12 upgrade to v13 SP2 Update 2 to resolve these vulnerabilities:

Siemens recommends users of SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) v13, v14, or v15 update to the following versions to resolve these vulnerabilities:

v13 SP2 Update 2

v14 SP1 Update 6

v15 Update 2

Siemens has identified the following specific workarounds and mitigations that users can apply to reduce the risk:

Restrict operating system access to authorized personnel.
Validate GSD files for legitimacy and process GSD files only from trusted sources.

Siemens strongly recommends users protect network access to devices with appropriate mechanisms. Siemens also advises that users configure the operational environment according to Siemens’ Operational Guidelines for Industrial Security:

For more information on these vulnerabilities and more detailed mitigation instructions, please see Siemens Security Advisory SSA-979106 at the following location:

NCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

NCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Additional mitigation guidance and recommended practices are publicly available on the ICS-CERT website in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.

No known public exploits specifically target these vulnerabilities.

Contact Information

For any questions related to this report, please contact the CISA at:
Email: CISAservicedesk@cisa.dhs.gov
Toll Free: 1-888-282-0870

For industrial control systems cybersecurity information: https://us-cert.cisa.gov/ics
or incident reporting: https://us-cert.cisa.gov/report

CISA continuously strives to improve its products and services. You can help by choosing one of the links below to provide feedback about this product.

This product is provided subject to this Notification and this Privacy & Use policy.

Please share your thoughts.

We recently updated our anonymous product survey; we'd welcome your feedback.

Siemens Industry Inc. has announced the release of Update 7 for the TIA Portal Step 7 V13 SP1 and WinCC V13 SP1. The new features of Update 7 include:

For TIA Portal Step 7 V13 SP1:

Changing set points with STRING data type in the online mode is now also possible when they have a higher character value than ~, e.g., ä, ö, ü.
The scanning of accessible devices has been stabilized for online access.
The assignment of a structured Input/Output/InOut to a local ANY pointer is permitted in FCs, as well as in SCL for the S7-1500 series controllers.
Continued improvement to the stability of TIA Portal.

For TIA Portal WinCC V13 SP1:

The display and operability of screen objects in Runtime for Slide-in Screens and System diagnostic view have been improved.
The name of the tag is always displayed correctly in system event for the alarm that provides information for a limit violation of a tag.
Runtime professional communication with the S7-1200, S7-1500, and between OPC server/clients has been improved for Runtime Professional.
Improvement for the Basic Panels with this update, including:
- Runtime improvement when a password is changed
- Improvement of the alarm view
- Improvement of the importing and exporting of recipes
- Improvement of trend view behavior
- Improvement of bit-based evaluation of text list and graphics lists
Improvement for the Comfort Panel with this update, including:
- Runtime improvement when a password is changed
- Sporadically occurring system time jumps are suppressed
- Performance for the “ActivateCleanScreen” works correctly
- The restart, when used in conjunction with a USB stick, has been improved
The operability of multi-touch devices has been improved.
Access to the SD card using “File Browse” has been corrected when using Web Server or Runtime Advance and the Panels.
For WinCC DataMonitor, the display of Excel workbooks has been improved.