OTPulse
FeedAboutContact

Siemens SIMATIC STEP 7 (TIA Portal) Information Disclosure Vulnerabilities

Low Risk2.5ICS-CERT ICSA-16-287-03Jul 17, 2016
Attack VectorLocal
Auth RequiredLow
ComplexityHigh
User InteractionNone needed
Summary

SIMATIC STEP 7 (TIA Portal) versions prior to V14 contain information disclosure vulnerabilities related to weak encryption (CWE-326) and improper access control (CWE-200). An attacker with local access and low-privilege credentials could read sensitive information such as encryption keys, configuration data, or other protected content from the engineering workstation. This does not allow remote access, modification of control logic, or disruption of industrial operations.

What this means
What could happen
An attacker with local access and low-privilege credentials could read sensitive information from the engineering workstation, such as encryption keys or configuration data, but cannot modify systems or halt operations.
Who's at risk
This affects Siemens SIMATIC STEP 7 (TIA Portal) engineering workstations used by control system engineers and technicians to program and configure industrial automation systems. Organizations using STEP 7 for PLC, HMI, and SCADA programming should evaluate their environment.
How it could be exploited
An attacker must have local logon access to the engineering workstation running SIMATIC STEP 7 TIA Portal. They then exploit a weakness in the encryption or data storage mechanisms to read sensitive information from configuration files or memory that should be protected.
Prerequisites
  • Local logon access to the engineering workstation
  • Low-privilege user account on the workstation
  • SIMATIC STEP 7 (TIA Portal) version prior to V14 installed
Local access required (not remotely exploitable)Requires low-privilege credentialsNo patch currently availableLow CVSS score indicates limited immediate risk
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
SIMATIC STEP 7 (TIA Portal): <V14<V14No fix (EOL)
Remediation & Mitigation
0/3
Do now
0/1
HARDENINGProtect the engineering workstation with physical security controls and endpoint security tools to prevent unauthorized local access
Long-term hardening
0/1
HOTFIXUpgrade SIMATIC STEP 7 (TIA Portal) to V14 or later if a fixed version becomes available through Siemens
Mitigations - no patch available
0/1
SIMATIC STEP 7 (TIA Portal): <V14 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGRestrict local logon access to engineering workstations to authorized personnel only; implement strong access controls and audit logon attempts
View full CISA ICS-CERT advisory
โ†‘โ†“ Navigate ยท Esc Close
API: /api/v1/advisories/18c65424-a749-4d26-ab2f-87a156e36a46
Siemens SIMATIC STEP 7 (TIA Portal) Information Disclosure Vulnerabilities | CVSS 2.5 - OTPulse