Detections
Analytics
Siemens TIA Portal 13 Arbitrary File Read
medium Nessus Network Monitor Plugin ID 720204
Synopsis
Siemens TIA Portal allows remote attackers to read arbitrary files via crafted packets.Description
The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through SP4, 8.0 through SP2, and 8.1; and TIA Portal 13 before Update 6 allows remote attackers to read arbitrary files via crafted packets.Solution
Perform vendor recommended mitigations and apply available vendor upgrades.See Also
https://cert-portal.siemens.com/productcert/pdf/ssa-134508.pdf
Plugin Details
Severity: Medium
ID: 720204
Family: SCADA
Published: 5/8/2019
Updated: 9/30/2019
Risk Information
VPR
Risk Factor: Low
Score: 3.4
CVSS v2
Risk Factor: Medium
Base Score: 5
Temporal Score: 3.7
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N
Vulnerability Information
Patch Publication Date: 11/21/2014
Vulnerability Publication Date: 11/21/2014
Reference Information
CVE: CVE-2014-8552