Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Siemens SIMATIC STEP 7 (TIA Portal) before 13 SP1 determines a user's privileges on the basis of project-file fields that lack integrity protection, which allows remote attackers to establish arbitrary authorization data via a modified file.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Siemens SIMATIC STEP 7 权限许可和访问控制漏洞
Vulnerability Description
Siemens SIMATIC STEP 7(TIA Portal)是德国西门子(Siemens)公司的一套用于SIMATIC控制器的编程软件。该软件提供PLC编程、设计选件包和先进的驱动器技术等。 Siemens SIMATIC STEP 7 (TIA Portal) 13.0及之前版本中存在安全漏洞,该漏洞源于程序基于缺少完整性保护的‘project-file’字段来确定用户的权限。远程攻击者可借助修改的文件利用该漏洞创建任意授权数据。
CVSS Information
N/A
Vulnerability Type
N/A