Skip to main content

Tia Portal CVE-2023-26293

HIGH
Improper Input Validation (CWE-20)
2023-04-11 productcert@siemens.com
7.3
CVSS 3.1 · Vendor: siemens
Share

Severity by source

Vendor (siemens) PRIMARY
7.3 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L

Primary rating from Vendor (siemens) · only source for this CVE.

CVSS VectorVendor: siemens

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
Low

Lifecycle Timeline

1
CVE Published
Apr 11, 2023 - 10:15 cve.org
HIGH 7.3

DescriptionCVE.org

A vulnerability has been identified in Totally Integrated Automation Portal (TIA Portal) V15 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions < V16 Update 7), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 6), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 1). Affected products contain a path traversal vulnerability that could allow the creation or overwrite of arbitrary files in the engineering system. If the user is tricked to open a malicious PC system configuration file, an attacker could exploit this vulnerability to achieve arbitrary code execution.

AnalysisAI

A vulnerability has been identified in Totally Integrated Automation Portal (TIA Portal) V15 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions < V16 Update 7),. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-20. A vulnerability has been identified in Totally Integrated Automation Portal (TIA Portal) V15 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions < V16 Update 7), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 6), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 1). Affected products contain a path traversal vulnerability that could allow the creation or overwrite of arbitrary files in the engineering system. If the user is tricked to open a malicious PC system configuration file, an attacker could exploit this vulnerability to achieve arbitrary code execution. Affected products include: Siemens Tia Portal.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

Share

CVE-2023-26293 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy