SSA-629512 V1.6 (Last Update: 2022-08-09): Local Privilege Escalation Vulnerability in TIA Portal

Risk Summary

<p> The latest updates for TIA Portal fix a vulnerability that could allow a local attacker to execute arbitrary code with SYSTEM privileges. </p> <p> Update: The previously provided fixes only correctly set the permissions on English Windows versions. </p> <p> Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available. </p>

Remediations

• Refer to Siemens ProductCERT advisory for patch and remediation guidance.

Affected Vendors

Affected Products (1)