CVE-2023-30757

A vulnerability has been identified in Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions), Totally Integrated Automation Portal (TIA Portal) V20 (All versions). The know-how protection feature in affected products does not properly update the encryption of existing program blocks when a project file is updated. This could allow attackers with access to the project file to recover previous - yet unprotected - versions of the project without the knowledge of the know-how protection password.

CVSS v3 6.2 MEDIUM

6.2^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.5 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://cert-portal.siemens.com/productcert/html/ssa-042050.html
https://cert-portal.siemens.com/productcert/pdf/ssa-042050.pdf	Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-042050.pdf	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:siemens:totally_integrated_automation_portal:14.0:::::::*
	cpe:2.3:a:siemens:totally_integrated_automation_portal:15:::::::*
	cpe:2.3:a:siemens:totally_integrated_automation_portal:15.1:-::::::
	cpe:2.3:a:siemens:totally_integrated_automation_portal:16:::::::*
	cpe:2.3:a:siemens:totally_integrated_automation_portal:17:::::::*
	cpe:2.3:a:siemens:totally_integrated_automation_portal:18:::::::*

History

No history.

Information

Published : 2023-06-13 09:15

Updated : 2024-12-10 14:30

NVD link : CVE-2023-30757

Mitre link : CVE-2023-30757

CVE.ORG link : CVE-2023-30757

JSON object : View

Products Affected

siemens

totally_integrated_automation_portal

CWE

CWE-693

Protection Mechanism Failure

NVD-CWE-noinfo

{"id": "CVE-2023-30757", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.5}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2023-06-13T09:15:17.323", "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-042050.html", "source": "[email protected]"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-042050.pdf", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-042050.pdf", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-693"}]}, {"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions), Totally Integrated Automation Portal (TIA Portal) V20 (All versions). The know-how protection feature in affected products does not properly update the encryption of existing program blocks when a project file is updated.\r\n\r\nThis could allow attackers with access to the project file to recover previous - yet unprotected - versions of the project without the knowledge of the know-how protection password."}], "lastModified": "2024-12-10T14:30:34.017", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:siemens:totally_integrated_automation_portal:14.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5FD9E56C-D5F9-4AAB-AD73-F7DF5D630BF0"}, {"criteria": "cpe:2.3:a:siemens:totally_integrated_automation_portal:15:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A5BC801E-9D78-4CD4-A457-00ABD5991515"}, {"criteria": "cpe:2.3:a:siemens:totally_integrated_automation_portal:15.1:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C36F0E09-C1BB-4ED2-9008-99DC761FDFAA"}, {"criteria": "cpe:2.3:a:siemens:totally_integrated_automation_portal:16:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2E1E7FB1-03AF-4AF0-B1A6-3AF65C818596"}, {"criteria": "cpe:2.3:a:siemens:totally_integrated_automation_portal:17:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7E0C3283-1FEA-4054-9D48-5F683FA9E4FF"}, {"criteria": "cpe:2.3:a:siemens:totally_integrated_automation_portal:18:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "68C7D9A3-9304-4A81-A970-717E5BA1ECF1"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}