Siemens SIMATIC STEP 7 Untrusted Path Lets Local Users Gain Elevated Privileges Vulnerabilities
10 Jul. 2015
Untrusted search path vulnerability in Siemens SIMATIC ProSave before 13 SP1; SIMATIC CFC before 8.0 SP4 Upd9 and 8.1 before Upd1; SIMATIC STEP 7 before 5.5 SP1 HF2, 5.5 SP2 before HF7, 5.5 SP3, and 5.5 SP4 before HF4; SIMOTION Scout before 4.4; and STARTER before 4.4 HF3 allows local users to gain privileges via a Trojan horse application file.
The information has been provided by Ivan Sanchez.
* Siemens SIMATIC ProSave before 13 SP1
* SIMATIC CFC before 8.0 SP4 Upd9 and 8.1 before Upd1
* SIMATIC STEP 7 before 5.5 SP1 HF2, 5.5 SP2 before HF7, 5.5 SP3, and 5.5 SP4 before HF4
* SIMOTION Scout before 4.4
* STARTER before 4.4 HF3
* Siemens SIMATIC ProSave after 13 SP1
* SIMATIC CFC after 8.1 after Upd1
* SIMATIC STEP 7 after 5.5 SP4
* SIMOTION Scout after 4.4
* STARTER after 4.4 HF3
A vulnerability was reported in Siemens SIMATIC STEP 7. A local user can obtain elevated privileges on the target system. A local user can place a specially crafted file on the target system or on a connected network share to exploit an untrusted search path flaw and cause the SIMATIC STEP 7 application to execute arbitrary code.