CVE-2023-26293
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability has been identified in Totally Integrated Automation Portal (TIA Portal) V15 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 6), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 1). Affected products contain a path traversal vulnerability that could allow the creation or overwrite of arbitrary files in the engineering system. If the user is tricked to open a malicious PC system configuration file, an attacker could exploit this vulnerability to achieve arbitrary code execution.
A vulnerability has been identified in Totally Integrated Automation Portal (TIA Portal) V15 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions < V16 Update 7), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 6), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 1). Affected products contain a path traversal vulnerability that could allow the creation or overwrite of arbitrary files in the engineering system. If the user is tricked to open a malicious PC system configuration file, an attacker could exploit this vulnerability to achieve arbitrary code execution.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-02-21 CVE Reserved
- 2023-04-11 CVE Published
- 2024-08-13 CVE Updated
- 2024-11-01 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (2)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-116924.pdf | 2024-02-01 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Siemens Search vendor "Siemens" | Tia Portal Search vendor "Siemens" for product "Tia Portal" | 15 Search vendor "Siemens" for product "Tia Portal" and version "15" | - |
Affected
| ||||||
| Siemens Search vendor "Siemens" | Tia Portal Search vendor "Siemens" for product "Tia Portal" | 16 Search vendor "Siemens" for product "Tia Portal" and version "16" | - |
Affected
| ||||||
| Siemens Search vendor "Siemens" | Tia Portal Search vendor "Siemens" for product "Tia Portal" | 17 Search vendor "Siemens" for product "Tia Portal" and version "17" | - |
Affected
| ||||||
| Siemens Search vendor "Siemens" | Tia Portal Search vendor "Siemens" for product "Tia Portal" | 17 Search vendor "Siemens" for product "Tia Portal" and version "17" | update1 |
Affected
| ||||||
| Siemens Search vendor "Siemens" | Tia Portal Search vendor "Siemens" for product "Tia Portal" | 17 Search vendor "Siemens" for product "Tia Portal" and version "17" | update2 |
Affected
| ||||||
| Siemens Search vendor "Siemens" | Tia Portal Search vendor "Siemens" for product "Tia Portal" | 17 Search vendor "Siemens" for product "Tia Portal" and version "17" | update3 |
Affected
| ||||||
| Siemens Search vendor "Siemens" | Tia Portal Search vendor "Siemens" for product "Tia Portal" | 17 Search vendor "Siemens" for product "Tia Portal" and version "17" | update4 |
Affected
| ||||||
| Siemens Search vendor "Siemens" | Tia Portal Search vendor "Siemens" for product "Tia Portal" | 17 Search vendor "Siemens" for product "Tia Portal" and version "17" | update5 |
Affected
| ||||||
| Siemens Search vendor "Siemens" | Tia Portal Search vendor "Siemens" for product "Tia Portal" | 18 Search vendor "Siemens" for product "Tia Portal" and version "18" | - |
Affected
| ||||||