Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-30757

A vulnerability has been identified in Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions), Totally Integrated Automation Portal (TIA Portal) V20 (All versions). The know-how protection feature in affected products does not properly update the encryption of existing program blocks when a project file is updated. This could allow attackers with access to the project file to recover previous - yet unprotected - versions of the project without the knowledge of the know-how protection password.

Published

2023-06-13T09:15:17.323

Last Modified

2024-12-10T14:30:34.017

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.2 (MEDIUM)

Weaknesses

Type: Secondary
CWE-693
Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	siemens	totally_integrated_automation_portal	14.0	Yes
Application	siemens	totally_integrated_automation_portal	15	Yes
Application	siemens	totally_integrated_automation_portal	15.1	Yes
Application	siemens	totally_integrated_automation_portal	16	Yes
Application	siemens	totally_integrated_automation_portal	17	Yes
Application	siemens	totally_integrated_automation_portal	18	Yes

References

https://cert-portal.siemens.com/productcert/html/ssa-042050.html ([email protected])
https://cert-portal.siemens.com/productcert/pdf/ssa-042050.pdf Vendor Advisory ([email protected])
https://cert-portal.siemens.com/productcert/pdf/ssa-042050.pdf Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)