Insecure Temporary Download Files Could Disrupt Update Process
CVE-2023-38533

3.3LOW

Key Information:

Vendor: Siemens
Status: Tia Administrator
Vendor: CVE Published:; 11 June 2024

Summary

A security issue has been identified in TIA Administrator affecting all versions prior to V3 SP2. This vulnerability arises from the improper handling of temporary download files which are created in a directory with insecure permissions. As a result, any authenticated attacker operating within the Windows environment could exploit this vulnerability to disrupt the update process, potentially leading to system instability and service interruptions. Organizations utilizing TIA Administrator should take necessary precautions to mitigate risks associated with this vulnerability.

Affected Version(s)

TIA Administrator 0

References

https://cert-portal.siemens.com/productcert/html/ssa-3193...

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 11, 2024
Vulnerability Reserved
Jul 19, 2023