CVE-2023-30757

A vulnerability has been identified in Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions). The know-how protection feature in affected products does not properly update the encryption of existing program blocks when a project file is updated. This could allow attackers with access to the project file to recover previous - yet unprotected - versions of the project without the knowledge of the know-how protection password.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-042050.pdf	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:siemens:totally_integrated_automation_portal:14.0:::::::*
	cpe:2.3:a:siemens:totally_integrated_automation_portal:15:::::::*
	cpe:2.3:a:siemens:totally_integrated_automation_portal:15.1:-::::::
	cpe:2.3:a:siemens:totally_integrated_automation_portal:16:::::::*
	cpe:2.3:a:siemens:totally_integrated_automation_portal:17:::::::*
	cpe:2.3:a:siemens:totally_integrated_automation_portal:18:::::::*

History

No history.

Information

Published : 2023-06-13 09:15

Updated : 2023-12-12 10:15

NVD link : CVE-2023-30757

Mitre link : CVE-2023-30757

CVE.ORG link : CVE-2023-30757

JSON object : View

Products Affected

siemens

totally_integrated_automation_portal

CWE

NVD-CWE-noinfo CWE-693

Protection Mechanism Failure

{"id": "CVE-2023-30757", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "productcert@siemens.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.5}]}, "published": "2023-06-13T09:15:17.323", "references": [{"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-042050.pdf", "tags": ["Vendor Advisory"], "source": "productcert@siemens.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "productcert@siemens.com", "description": [{"lang": "en", "value": "CWE-693"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions). The know-how protection feature in affected products does not properly update the encryption of existing program blocks when a project file is updated.\r\n\r\nThis could allow attackers with access to the project file to recover previous - yet unprotected - versions of the project without the knowledge of the know-how protection password."}], "lastModified": "2023-12-12T10:15:09.900", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:siemens:totally_integrated_automation_portal:14.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5FD9E56C-D5F9-4AAB-AD73-F7DF5D630BF0"}, {"criteria": "cpe:2.3:a:siemens:totally_integrated_automation_portal:15:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A5BC801E-9D78-4CD4-A457-00ABD5991515"}, {"criteria": "cpe:2.3:a:siemens:totally_integrated_automation_portal:15.1:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C36F0E09-C1BB-4ED2-9008-99DC761FDFAA"}, {"criteria": "cpe:2.3:a:siemens:totally_integrated_automation_portal:16:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2E1E7FB1-03AF-4AF0-B1A6-3AF65C818596"}, {"criteria": "cpe:2.3:a:siemens:totally_integrated_automation_portal:17:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7E0C3283-1FEA-4054-9D48-5F683FA9E4FF"}, {"criteria": "cpe:2.3:a:siemens:totally_integrated_automation_portal:18:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "68C7D9A3-9304-4A81-A970-717E5BA1ECF1"}], "operator": "OR"}]}], "sourceIdentifier": "productcert@siemens.com"}