CVE-2023-30757

MEDIUM

Totally Integrated Automation Portal <18 - Info Disclosure

Title source: llm

Description

A vulnerability has been identified in Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions), Totally Integrated Automation Portal (TIA Portal) V20 (All versions). The know-how protection feature in affected products does not properly update the encryption of existing program blocks when a project file is updated. This could allow attackers with access to the project file to recover previous - yet unprotected - versions of the project without the knowledge of the know-how protection password.

References (2)

Core 2

Core References

Vendor Advisory

https://cert-portal.siemens.com/productcert/html/ssa-042050.html

Vendor Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-042050.pdf

Scores

CVSS v3 6.2

EPSS 0.0007

EPSS Percentile 22.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-693

Status published

Products (6)

siemens/totally_integrated_automation_portal 14.0

siemens/totally_integrated_automation_portal 15

siemens/totally_integrated_automation_portal 15.1

siemens/totally_integrated_automation_portal 16

siemens/totally_integrated_automation_portal 17

siemens/totally_integrated_automation_portal 18

Published Jun 13, 2023

Tracked Since Feb 18, 2026