OTPulse
FeedAboutContact

Information Disclosure Vulnerability in SIMATIC STEP 7 (TIA Portal)

Monitor4.2SSA-887801Dec 12, 2023
Attack VectorLocal
Auth RequiredHigh
ComplexityLow
User InteractionRequired
Summary

Information disclosure vulnerability in SIMATIC STEP 7 (TIA Portal) versions prior to V19. A local attacker with high privilege level on an engineering workstation could extract the access level password for SIMATIC S7-1200 and S7-1500 CPUs when the password is entered during hardware configuration. The extracted password could enable unauthorized remote access to the PLC.

What this means
What could happen
A local attacker with access to an engineering workstation could steal the access level password for S7-1200 and S7-1500 PLCs during hardware configuration, allowing unauthorized remote access to modify PLC settings and logic.
Who's at risk
Water and electric utilities operating Siemens S7-1200 or S7-1500 programmable logic controllers (PLCs) that use STEP 7 TIA Portal for engineering and configuration are affected. Risk is highest for facilities where engineering workstations are shared or have elevated local access risks.
How it could be exploited
An attacker with local access to the engineering workstation monitors password entry or memory during hardware configuration of SIMATIC CPUs. Once the password is obtained, it can be used to authenticate to the PLC remotely and modify control logic or setpoints.
Prerequisites
  • Local access to the engineering workstation running STEP 7 TIA Portal
  • High privilege level on the workstation (PR:H rating)
  • Observation or interception of password entry during legitimate hardware configuration activity
Local access required (not remotely exploitable)High privilege account neededAffects PLC authentication mechanismDefault credentials not involved
Exploitability
Low exploit probability (EPSS 0.0%)
Affected products (1)
ProductAffected VersionsFix Status
SIMATIC STEP 7 (TIA Portal)<V1919
Remediation & Mitigation
0/1
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate SIMATIC STEP 7 (TIA Portal) to version 19 or later
View full Siemens ProductCERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/26932cb5-4eed-49e9-81ae-30570b0580a6