Arbitrary file overwrite in Siemens TIA Portal
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2023-26293 |
| CWE-ID | CWE-73 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
TIA Portal Server applications / SCADA systems |
| Vendor | Siemens |
Security Bulletin
This security bulletin contains one high risk vulnerability.
1) External Control of File Name or Path
EUVDB-ID: #VU74816
Risk: High
CVSSv4.0: 5.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2023-26293
CWE-ID:
CWE-73 - External Control of File Name or Path
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to create or overwrite arbitrary files.
The vulnerability exists due to improper input validation of path names inside PC system configuration files. A remote attacker can trick the victim to open a specially crafted PC system configuration file and create or overwrite arbitrary files on the system.
Install updates from vendor's website.
Vulnerable software versionsTIA Portal: 15 - 18
CPE2.3- cpe:2.3:a:siemens:tia_portal:15:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:tia_portal:15.1:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:tia_portal:15.1 Upd 4:*:*:*:*:*:*:*
https://cert-portal.siemens.com/productcert/txt/ssa-116924.txt
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
