Path Traversal Vulnerability in Siemens Totally Integrated Automation Portal
CVE-2023-26293

7.3HIGH

Key Information:

Vendor
Siemens
Status
Totally Integrated Automation Portal (tia Portal) V15
Totally Integrated Automation Portal (tia Portal) V16
Totally Integrated Automation Portal (tia Portal) V17
Totally Integrated Automation Portal (tia Portal) V18
Vendor
CVE Published:
11 April 2023

Summary

A path traversal vulnerability has been discovered in Siemens' Totally Integrated Automation Portal, impacting various versions. This flaw could allow an attacker to write or modify arbitrary files within the engineering system. If users inadvertently open a compromised PC system configuration file, it may lead to unauthorized code execution, posing significant security risks.

Affected Version(s)

Totally Integrated Automation Portal (TIA Portal) V15 0

Totally Integrated Automation Portal (TIA Portal) V16 0

Totally Integrated Automation Portal (TIA Portal) V17 0

References

https://cert-portal.siemens.com/productcert/pdf/ssa-11692...
https://cert-portal.siemens.com/productcert/html/ssa-1169...

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.