Lucene search

K
cve[email protected]CVE-2023-26293
HistoryApr 11, 2023 - 10:15 a.m.

CVE-2023-26293

2023-04-1110:15:18
CWE-20
CWE-22
web.nvd.nist.gov
22
cve-2023-26293
vulnerability
tia portal
path traversal
arbitrary file creation
arbitrary code execution
nvd

7.3 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L

7.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.1%

A vulnerability has been identified in Totally Integrated Automation Portal (TIA Portal) V15 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 6), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 1). Affected products contain a path traversal vulnerability that could allow the creation or overwrite of arbitrary files in the engineering system. If the user is tricked to open a malicious PC system configuration file, an attacker could exploit this vulnerability to achieve arbitrary code execution.

Affected configurations

NVD
Node
siemenstia_portalMatch15
OR
siemenstia_portalMatch16
OR
siemenstia_portalMatch17-
OR
siemenstia_portalMatch17update1
OR
siemenstia_portalMatch17update2
OR
siemenstia_portalMatch17update3
OR
siemenstia_portalMatch17update4
OR
siemenstia_portalMatch17update5
OR
siemenstia_portalMatch18-

CNA Affected

[
  {
    "vendor": "Siemens",
    "product": "Totally Integrated Automation Portal (TIA Portal) V15",
    "versions": [
      {
        "version": "All versions",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Totally Integrated Automation Portal (TIA Portal) V16",
    "versions": [
      {
        "version": "All versions",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Totally Integrated Automation Portal (TIA Portal) V17",
    "versions": [
      {
        "version": "All versions < V17 Update 6",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Totally Integrated Automation Portal (TIA Portal) V18",
    "versions": [
      {
        "version": "All versions < V18 Update 1",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  }
]

7.3 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L

7.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.1%

Related for CVE-2023-26293