CVE-2023-30757

MEDIUM

Totally Integrated Automation Portal <18 - Info Disclosure

Title source: llm

Description

A vulnerability has been identified in Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions), Totally Integrated Automation Portal (TIA Portal) V20 (All versions). The know-how protection feature in affected products does not properly update the encryption of existing program blocks when a project file is updated. This could allow attackers with access to the project file to recover previous - yet unprotected - versions of the project without the knowledge of the know-how protection password.

References (2)

[Vendor Advisory] https://cert-portal.siemens.com/productcert/html/ssa-042050.html

[Vendor Advisory] https://cert-portal.siemens.com/productcert/pdf/ssa-042050.pdf

Scores

CVSS v3 6.2

EPSS 0.0007

EPSS Percentile 21.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-693

Status published

Affected Products (6)

siemens/totally_integrated_automation_portal

Timeline

Published Jun 13, 2023

Tracked Since Feb 18, 2026