Local Privilege Escalation Vulnerability in TIA Portal
Plan Patch7.8SSA-629512Jan 14, 2020
Attack VectorLocal
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary
A local privilege escalation vulnerability in TIA Portal allows a user with a standard Windows account to execute arbitrary code with SYSTEM privileges. The vulnerability stems from improper file permissions. Siemens has released updates for V15, V16, and V17. Note: Initial patches only correctly set permissions on English Windows versions; users with non-English Windows should verify fix status. TIA Portal V14 is end-of-life with no fix planned.
What this means
What could happen
An attacker with local access to a system running TIA Portal could escalate their privileges to run commands as SYSTEM, potentially allowing them to modify PLC programs, steal engineering credentials, or disrupt engineering workstations used to manage your control systems.
Who's at risk
Engineering teams and control system integrators using TIA Portal on Windows workstations. This affects anyone who uses Siemens TIA Portal to program and maintain S7-1200, S7-1500, or other Siemens PLCs and automation equipment. TIA Portal versions 14, 15, 16, and 17 are in scope.
How it could be exploited
An attacker with a standard user account on a Windows machine running TIA Portal could exploit a file permissions flaw to escalate their privileges to SYSTEM level, gaining the ability to execute arbitrary code with the highest Windows privileges and access sensitive engineering data.
Prerequisites
- Local user account on a Windows machine running vulnerable TIA Portal
- No authentication bypass required—exploits existing user privilege level
Local privilege escalation vulnerabilityAffects engineering workstations directly connected to PLCsPotential path to PLC program modificationAccess to engineering credentials and project filesTIA Portal V14 has no fix available—requires migration
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (4)
3 with fix1 EOL
ProductAffected VersionsFix Status
TIA Portal V15< V15.1 Update 715.1 Update 7
TIA Portal V16< V16 Update 616 Update 6
TIA Portal V17< V17 Update 417 Update 4
TIA Portal V14All versionsNo fix (EOL)
Remediation & Mitigation
0/4
Schedule — requires maintenance window
0/3Patching may require device reboot — plan for process interruption
TIA Portal V15
HOTFIXUpdate TIA Portal V15 to version 15.1 Update 7 or later
TIA Portal V16
HOTFIXUpdate TIA Portal V16 to version 16 Update 6 or later
TIA Portal V17
HOTFIXUpdate TIA Portal V17 to version 17 Update 4 or later
Long-term hardening
0/1TIA Portal V14
HOTFIXDiscontinue use of TIA Portal V14 and migrate to a supported version, as no patch is available for this end-of-life product
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/fb276e5b-ec66-4b30-b11f-b045e44cdc69