Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2019-10915Missing Authentication for Critical Function in AG TIA Administrator

CWE-306Missing Authentication for Critical Function7 documents5 sources
Severity
7.8HIGHNVD
EPSS
5.9%
top 9.42%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
Siemens AG TIA AdministratorSiemens SinetplanSiemens TIA Administrator
Timeline
PublishedJul 11
Latest updateMay 24

Description

A vulnerability has been identified in TIA Administrator (All versions < V1.0 SP1 Upd1). The integrated configuration web application (TIA Administrator) allows to execute certain application commands without proper authentication. The vulnerability could be exploited by an attacker with local access to the affected system. Successful exploitation requires no privileges and no user interaction. An attacker could use the vulnerability to compromise confidentiality and integrity and availability o

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

CVEListV5siemens_ag/tia_administratorAll versions < V1.0 SP1 Upd1

Patches

Patch: cert-portal.siemens.comPatch: cert-portal.siemens.comPatch: cert-portal.siemens.com

🔴Vulnerability Details

2
GHSA
GHSA-pvc7-g7m2-hrpc: A vulnerability has been identified in TIA Administrator (All versions < V12022-05-24
CVEList
CVE-2019-10915: A vulnerability has been identified in TIA Administrator (All versions < V12019-07-11

💥Exploits & PoCs

1
Exploit-DB
Siemens TIA Portal - Remote Command Execution2019-07-10

🕵️Threat Intelligence

1
Tenable
Tenable Research Discloses Critical Vulnerability in Siemens STEP 7 (CVE-2019-10915)2019-07-09
CVE-2019-10915 — AG TIA Administrator vulnerability | cvebase