Lucene search

K
cve[email protected]CVE-2023-30757
HistoryJun 13, 2023 - 9:15 a.m.

CVE-2023-30757

2023-06-1309:15:17
CWE-693
web.nvd.nist.gov
15
cve-2023-30757
totally integrated automation portal
tia portal
vulnerability
know-how protection
encryption
project file
nvd

6.2 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:T/RC:C

5.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

A vulnerability has been identified in Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions). The know-how protection feature in affected products does not properly update the encryption of existing program blocks when a project file is updated.

This could allow attackers with access to the project file to recover previous - yet unprotected - versions of the project without the knowledge of the know-how protection password.

Affected configurations

NVD
Node
siemenstotally_integrated_automation_portalMatch14.0
OR
siemenstotally_integrated_automation_portalMatch15
OR
siemenstotally_integrated_automation_portalMatch15.1-
OR
siemenstotally_integrated_automation_portalMatch16
OR
siemenstotally_integrated_automation_portalMatch17
OR
siemenstotally_integrated_automation_portalMatch18

CNA Affected

[
  {
    "vendor": "Siemens",
    "product": "Totally Integrated Automation Portal (TIA Portal) V14",
    "versions": [
      {
        "version": "All versions",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Totally Integrated Automation Portal (TIA Portal) V15",
    "versions": [
      {
        "version": "All versions",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Totally Integrated Automation Portal (TIA Portal) V15.1",
    "versions": [
      {
        "version": "All versions",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Totally Integrated Automation Portal (TIA Portal) V16",
    "versions": [
      {
        "version": "All versions",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Totally Integrated Automation Portal (TIA Portal) V17",
    "versions": [
      {
        "version": "All versions",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Totally Integrated Automation Portal (TIA Portal) V18",
    "versions": [
      {
        "version": "All versions",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Totally Integrated Automation Portal (TIA Portal) V19",
    "versions": [
      {
        "version": "All versions",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  }
]

6.2 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:T/RC:C

5.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

Related for CVE-2023-30757