Executive Summary
Summary | |
---|---|
Title | Siemens Totally Integrated Automation Portal vulnerable to privilege escalation due to Node.js paths |
Informations | |||
---|---|---|---|
Name | VU#466044 | First vendor Publication | 2021-02-09 |
Vendor | VU-CERT | Last vendor Modification | 2021-02-09 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | |||
---|---|---|---|
Overall CVSS Score | 7.8 | ||
Base Score | 7.8 | Environmental Score | 7.8 |
impact SubScore | 5.9 | Temporal Score | 7.8 |
Exploitabality Sub Score | 1.8 | ||
Attack Vector | Local | Attack Complexity | Low |
Privileges Required | Low | User Interaction | None |
Scope | Unchanged | Confidentiality Impact | High |
Integrity Impact | High | Availability Impact | High |
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.2 | Attack Range | Local |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
OverviewSiemens Totally Integrated Administrator (TIA) fails to properly set the module search path to be used by a privileged Node.js component, which can allow an unprivileged Windows user to run arbitrary code with SYSTEM privileges. The PCS neo administration console is reported to be affected as well. DescriptionSiemens TIA runs a privileged Node.js component. The Node.js server fails to properly set the module search path. Because of this, Node.js will look for modules in the ImpactBy placing a specially-crafted JS file in the SolutionApply an updateThis issue is addressed in TIA Administrator V1.0 SP2 Upd2. PCS neo administration console users should apply the mitigations described in Industrial Security in SIMATIC PCS neo. For more details see Siemens Security Advisory SSA-428051. AcknowledgementsThis vulnerability was reported by Will Dormann of the CERT/CC. This document was written by Will Dormann. |
Original Source
Url : https://kb.cert.org/vuls/id/466044 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-427 | Uncontrolled Search Path Element |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 2 | |
Application | 3 |
Alert History
Date | Informations |
---|---|
2021-09-23 17:17:47 |
|
2021-02-13 05:29:15 |
|
2021-02-09 21:29:36 |
|
2021-02-09 17:17:37 |
|