External Control of File Name or Path in TIA Portal

#VU74816 External Control of File Name or Path in TIA Portal

Published: 2023-04-11

Vulnerability identifier: #VU74816

Vulnerability risk: High

CVSSv3.1: 7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-26293

CWE-ID: CWE-73

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
TIA Portal
Server applications / SCADA systems

Vendor: Siemens

Description

The vulnerability allows a remote attacker to create or overwrite arbitrary files.

The vulnerability exists due to improper input validation of path names inside PC system configuration files. A remote attacker can trick the victim to open a specially crafted PC system configuration file and create or overwrite arbitrary files on the system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

TIA Portal: 15 - 18

External links
http://cert-portal.siemens.com/productcert/txt/ssa-116924.txt

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Arbitrary file overwrite in Siemens TIA Portal