Siemens released an update and provides workarounds and mitigations until the update can be applied for a missing authentication vulnerability in its TIA Administrator, according to a report from Siemens ProductCERT.
The vulnerability, discovered by Joseph Bingham from Tenable, could allow local users to execute arbitrary application commands without proper authentication.
The issue affects the TIA Administrator, all versions before V1.0 SP1 Upd1, the remediation is to update to V1.0 SP1 Upd1.
SIMATIC WinCC (TIA Portal) is an engineering software to configure and program SIMATIC Panels, SIMATIC Industrial PCs, and Standard PCs running WinCC Runtime Advanced or SCADA System WinCC Runtime Professional visualization software.
The integrated configuration web application (TIA Administrator) allows to execute certain application commands without proper authentication.
The vulnerability could be exploited by an attacker with local access to the affected system. Successful exploitation requires no privileges and no user interaction. An attacker could use the vulnerability to compromise confidentiality and integrity and availability of the affected system.
The vulnerability has a case number of CVE-2019-10915 and it has a CVSS v3.0 Base Score of 8.0.
Siemens has identified the following specific workarounds and mitigations: Restrict access to port 8888/tcp to localhost (default).
As a general security measure, Siemens recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens’ operational guidelines for Industrial Security, and to follow the recommendations in the product manuals.
Click here for additional information on Industrial Security by Siemens.