Siemens SIMATIC PCS7 < V9.1 and TIA Portal < 15.2 Unrestricted Upload of File with Dangerous Type (ICSA-19-192-02)

Medium Nessus Network Monitor Plugin ID 720309

Synopsis

A remotely exploitable Unrestricted Upload of File with Dangerous Type vulnerability has been identified in SIMATIC PCS7 v8 through v9.0, SIMATIC WinCC (TIA Portal) v14 through v15.1.

Description

The SIMATIC WinCC DataMonitor web application of the affected products allows an authenticated user with network access to the WinCC DataMonitor application to upload arbitrary ASPX code. Successful exploitation requires no user interaction and may impact the confidentiality, integrity, and availability of the affected device. The vulnerability is relevant only in situations where an attacker has access via the web interface but not to the directory structure.

Solution

Perform vendor recommended mitigations and apply available vendor upgrades.

See Also

https://www.us-cert.gov/ics/advisories/icsa-19-192-02

Plugin Details

Severity: Medium

ID: 720309

Family: SCADA

Published: 2019/10/28

Updated: 2019/10/28

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 6.5

Temporal Score: 4.8

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSS v3.0

Base Score: 7.2

Temporal Score: 6.3

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Patch Publication Date: 2019/10/10

Vulnerability Publication Date: 2019/07/11

Reference Information

CVE: CVE-2019-10935