CVE-2023-30757
Severity CVSS v4.0:
Pending analysis
Type:
CWE-693
Protection Mechanism Failure
Publication date:
13/06/2023
Last modified:
10/12/2024
Description
A vulnerability has been identified in Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions), Totally Integrated Automation Portal (TIA Portal) V20 (All versions). The know-how protection feature in affected products does not properly update the encryption of existing program blocks when a project file is updated.<br />
<br />
This could allow attackers with access to the project file to recover previous - yet unprotected - versions of the project without the knowledge of the know-how protection password.
Impact
Base Score 3.x
6.20
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:siemens:totally_integrated_automation_portal:14.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:siemens:totally_integrated_automation_portal:15:*:*:*:*:*:*:* | ||
| cpe:2.3:a:siemens:totally_integrated_automation_portal:15.1:-:*:*:*:*:*:* | ||
| cpe:2.3:a:siemens:totally_integrated_automation_portal:16:*:*:*:*:*:*:* | ||
| cpe:2.3:a:siemens:totally_integrated_automation_portal:17:*:*:*:*:*:*:* | ||
| cpe:2.3:a:siemens:totally_integrated_automation_portal:18:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page