CVE-2023-30757

A vulnerability has been identified in Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions), Totally Integrated Automation Portal (TIA Portal) V20 (All versions). The know-how protection feature in affected products does not properly update the encryption of existing program blocks when a project file is updated. This could allow attackers with access to the project file to recover previous - yet unprotected - versions of the project without the knowledge of the know-how protection password.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:siemens:totally_integrated_automation_portal:14.0:*:*:*:*:*:*:*
cpe:2.3:a:siemens:totally_integrated_automation_portal:15:*:*:*:*:*:*:*
cpe:2.3:a:siemens:totally_integrated_automation_portal:15.1:-:*:*:*:*:*:*
cpe:2.3:a:siemens:totally_integrated_automation_portal:16:*:*:*:*:*:*:*
cpe:2.3:a:siemens:totally_integrated_automation_portal:17:*:*:*:*:*:*:*
cpe:2.3:a:siemens:totally_integrated_automation_portal:18:*:*:*:*:*:*:*

History

10 Dec 2024, 14:30

Type Values Removed Values Added
References
  • () https://cert-portal.siemens.com/productcert/html/ssa-042050.html -
Summary (en) A vulnerability has been identified in Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions). The know-how protection feature in affected products does not properly update the encryption of existing program blocks when a project file is updated. This could allow attackers with access to the project file to recover previous - yet unprotected - versions of the project without the knowledge of the know-how protection password. (en) A vulnerability has been identified in Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions), Totally Integrated Automation Portal (TIA Portal) V20 (All versions). The know-how protection feature in affected products does not properly update the encryption of existing program blocks when a project file is updated. This could allow attackers with access to the project file to recover previous - yet unprotected - versions of the project without the knowledge of the know-how protection password.

21 Nov 2024, 08:00

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 5.5
v2 : unknown
v3 : 6.2
References () https://cert-portal.siemens.com/productcert/pdf/ssa-042050.pdf - Vendor Advisory () https://cert-portal.siemens.com/productcert/pdf/ssa-042050.pdf - Vendor Advisory

12 Dec 2023, 10:15

Type Values Removed Values Added
Summary A vulnerability has been identified in Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions). The know-how protection feature in affected products does not properly update the encryption of existing program blocks when a project file is updated. This could allow attackers with access to the project file to recover previous - yet unprotected - versions of the project without the knowledge of the know-how protection password. A vulnerability has been identified in Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions). The know-how protection feature in affected products does not properly update the encryption of existing program blocks when a project file is updated. This could allow attackers with access to the project file to recover previous - yet unprotected - versions of the project without the knowledge of the know-how protection password.

05 Jul 2023, 17:01

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.5
CWE NVD-CWE-noinfo
CPE cpe:2.3:a:siemens:totally_integrated_automation_portal:15.1:-:*:*:*:*:*:*
cpe:2.3:a:siemens:totally_integrated_automation_portal:15:*:*:*:*:*:*:*
cpe:2.3:a:siemens:totally_integrated_automation_portal:14.0:*:*:*:*:*:*:*
cpe:2.3:a:siemens:totally_integrated_automation_portal:17:*:*:*:*:*:*:*
cpe:2.3:a:siemens:totally_integrated_automation_portal:16:*:*:*:*:*:*:*
cpe:2.3:a:siemens:totally_integrated_automation_portal:18:*:*:*:*:*:*:*
References (MISC) https://cert-portal.siemens.com/productcert/pdf/ssa-042050.pdf - (MISC) https://cert-portal.siemens.com/productcert/pdf/ssa-042050.pdf - Vendor Advisory

13 Jun 2023, 09:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-06-13 09:15

Updated : 2024-12-10 14:30


NVD link : CVE-2023-30757

Mitre link : CVE-2023-30757

CVE.ORG link : CVE-2023-30757


JSON object : View

Products Affected

siemens

  • totally_integrated_automation_portal
CWE
CWE-693

Protection Mechanism Failure

NVD-CWE-noinfo