Privilege Escalation Vulnerability in TIA Administrator

Plan Patch7.8SSA-428051Feb 9, 2021

Attack VectorLocal

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

A privilege escalation vulnerability in TIA Administrator allows local users to escalate privileges and execute code as the local SYSTEM user. The vulnerability affects PCS neo Administration Console versions prior to V3.1 and TIA Portal versions V15, V15.1, and V16. Siemens has released updates for PCS neo and TIA Administrator, but TIA Portal versions V15, V15.1, and V16 have no patch available.

What this means

What could happen

A local user with standard privileges on an engineering workstation could escalate to SYSTEM-level access and run arbitrary code, potentially allowing them to modify PLC logic, project files, or steal control system configurations.

Who's at risk

Engineering teams and system integrators using Siemens TIA Portal and PCS neo Administration Console on workstations. Affects anyone deploying or maintaining Siemens S7 PLCs, TIA Portal projects, or PCS neo control systems.

How it could be exploited

An attacker with local access to an engineering workstation running TIA Portal or PCS neo could exploit this privilege escalation vulnerability in the TIA Administrator component to gain SYSTEM-level access without user interaction, then use that elevated access to run commands that modify or exfiltrate project files and control logic.

Prerequisites

Local access to engineering workstation running TIA Portal or PCS neo
Standard (non-administrator) user account on the workstation

Local exploitation only (not remotely exploitable)Low complexity attackLow privilege required (standard user)Affects engineering/administrative systemsTIA Portal V15/V15.1/V16 have no patch available

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (2)

1 with fix1 pending

ProductAffected VersionsFix Status

PCS neo (Administration Console)< V3.13.1

TIA PortalV15, V15.1 and V16No fix yet

Remediation & Mitigation

0/4

Do now

0/1

TIA Portal

WORKAROUNDFor TIA Portal V15, V15.1, and V16 (no patch available): restrict local workstation access to engineering staff with proven need; monitor command execution on engineering workstations for suspicious SYSTEM-level processes

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

PCS neo (Administration Console)

HOTFIXUpdate PCS neo Administration Console to version 3.1 or later

All products

HOTFIXUpdate TIA Administrator to version 1.0 SP2 Upd2 or later

Long-term hardening

0/1

HARDENINGImplement access controls and monitoring on engineering workstations to detect privilege escalation attempts and unauthorized code execution

CVEs (1)

CVE-2020-25238

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/faee3089-7f0a-4119-9877-29729698f279