Lucene search

[email protected]CVE-2023-30757

HistoryJun 13, 2023 - 9:15 a.m.

CVE-2023-30757

2023-06-1309:15:17

CWE-693

[email protected]

web.nvd.nist.gov

cve-2023-30757

totally integrated automation portal

tia portal

vulnerability

know-how protection

encryption

project file

nvd

6.2 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:T/RC:C

5.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

A vulnerability has been identified in Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions). The know-how protection feature in affected products does not properly update the encryption of existing program blocks when a project file is updated.

This could allow attackers with access to the project file to recover previous - yet unprotected - versions of the project without the knowledge of the know-how protection password.

Affected configurations

NVD

Node

siemenstotally_integrated_automation_portalMatch14.0

siemenstotally_integrated_automation_portalMatch15

siemenstotally_integrated_automation_portalMatch15.1-

siemenstotally_integrated_automation_portalMatch16

siemenstotally_integrated_automation_portalMatch17

siemenstotally_integrated_automation_portalMatch18

CPENameOperatorVersion
siemens:totally_integrated_automation_portalsiemens totally integrated automation portaleq14.0
siemens:totally_integrated_automation_portalsiemens totally integrated automation portaleq15
siemens:totally_integrated_automation_portalsiemens totally integrated automation portaleq15.1
siemens:totally_integrated_automation_portalsiemens totally integrated automation portaleq16
siemens:totally_integrated_automation_portalsiemens totally integrated automation portaleq17
siemens:totally_integrated_automation_portalsiemens totally integrated automation portaleq18

CPE	Name	Operator	Version
siemens:totally_integrated_automation_portal	siemens totally integrated automation portal	eq	14.0
siemens:totally_integrated_automation_portal	siemens totally integrated automation portal	eq	15
siemens:totally_integrated_automation_portal	siemens totally integrated automation portal	eq	15.1
siemens:totally_integrated_automation_portal	siemens totally integrated automation portal	eq	16
siemens:totally_integrated_automation_portal	siemens totally integrated automation portal	eq	17
siemens:totally_integrated_automation_portal	siemens totally integrated automation portal	eq	18

CNA Affected

[
  {
    "vendor": "Siemens",
    "product": "Totally Integrated Automation Portal (TIA Portal) V14",
    "versions": [
      {
        "version": "All versions",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Totally Integrated Automation Portal (TIA Portal) V15",
    "versions": [
      {
        "version": "All versions",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Totally Integrated Automation Portal (TIA Portal) V15.1",
    "versions": [
      {
        "version": "All versions",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Totally Integrated Automation Portal (TIA Portal) V16",
    "versions": [
      {
        "version": "All versions",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Totally Integrated Automation Portal (TIA Portal) V17",
    "versions": [
      {
        "version": "All versions",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Totally Integrated Automation Portal (TIA Portal) V18",
    "versions": [
      {
        "version": "All versions",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Totally Integrated Automation Portal (TIA Portal) V19",
    "versions": [
      {
        "version": "All versions",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  }
]