Details of VAR-202304-0844

ID

VAR-202304-0844

CVE

CVE-2023-26293

TITLE

Siemens' tia portal Input verification vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2023-006565

DESCRIPTION

A vulnerability has been identified in Totally Integrated Automation Portal (TIA Portal) V15 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions < V16 Update 7), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 6), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 1). Affected products contain a path traversal vulnerability that could allow the creation or overwrite of arbitrary files in the engineering system. If the user is tricked to open a malicious PC system configuration file, an attacker could exploit this vulnerability to achieve arbitrary code execution. Siemens' tia portal There is an input validation vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2023-26293 // JVNDB: JVNDB-2023-006565

AFFECTED PRODUCTS

vendor:	siemens	model:	tia portal	scope:	eq	version:	15	Trust: 1.0
vendor:	siemens	model:	tia portal	scope:	eq	version:	18	Trust: 1.0
vendor:	siemens	model:	tia portal	scope:	eq	version:	16	Trust: 1.0
vendor:	siemens	model:	tia portal	scope:	eq	version:	17	Trust: 1.0
vendor:	シーメンス	model:	tia portal	scope:	eq	version:	17	Trust: 0.8
vendor:	シーメンス	model:	tia portal	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	tia portal	scope:	eq	version:	18	Trust: 0.8
vendor:	シーメンス	model:	tia portal	scope:	eq	version:	-	Trust: 0.8
vendor:	シーメンス	model:	tia portal	scope:	eq	version:	16	Trust: 0.8
vendor:	シーメンス	model:	tia portal	scope:	eq	version:	15	Trust: 0.8

sources: JVNDB: JVNDB-2023-006565 // NVD: CVE-2023-26293

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com:	CVE-2023-26293
value:	HIGH
Trust: 1.0
nvd@nist.gov:	CVE-2023-26293
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2023-006565
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202304-722
value:	HIGH
Trust: 0.6

productcert@siemens.com:	CVE-2023-26293
baseSeverity:	HIGH
baseScore:	7.3
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	LOW
exploitabilityScore:	1.8
impactScore:	5.5
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2023-26293
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2023-006565
baseSeverity:	HIGH
baseScore:	7.3
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	LOW
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2023-006565 // CNNVD: CNNVD-202304-722 // NVD: CVE-2023-26293 // NVD: CVE-2023-26293

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.0
problemtype:	CWE-22	Trust: 1.0
problemtype:	Inappropriate input confirmation (CWE-20) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-006565 // NVD: CVE-2023-26293

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202304-722

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202304-722

PATCH

title:

Siemens TIA Portal Enter the fix for the verification error vulnerability

url:

http://123.124.177.30/web/xxk/bdxqById.tag?id=236715

Trust: 0.6

sources: CNNVD: CNNVD-202304-722

EXTERNAL IDS

db:	NVD	id:	CVE-2023-26293	Trust: 3.2
db:	SIEMENS	id:	SSA-116924	Trust: 2.4
db:	ICS CERT	id:	ICSA-23-103-04	Trust: 0.8
db:	JVN	id:	JVNVU94715153	Trust: 0.8
db:	JVNDB	id:	JVNDB-2023-006565	Trust: 0.8
db:	CNNVD	id:	CNNVD-202304-722	Trust: 0.6

sources: JVNDB: JVNDB-2023-006565 // CNNVD: CNNVD-202304-722 // NVD: CVE-2023-26293

REFERENCES

url:	https://cert-portal.siemens.com/productcert/pdf/ssa-116924.pdf	Trust: 2.4
url:	https://cert-portal.siemens.com/productcert/html/ssa-116924.html	Trust: 1.0
url:	https://jvn.jp/vu/jvnvu94715153/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2023-26293	Trust: 0.8
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-23-103-04	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2023-26293/	Trust: 0.6

sources: JVNDB: JVNDB-2023-006565 // CNNVD: CNNVD-202304-722 // NVD: CVE-2023-26293

SOURCES

db:	JVNDB	id:	JVNDB-2023-006565
db:	CNNVD	id:	CNNVD-202304-722
db:	NVD	id:	CVE-2023-26293

LAST UPDATE DATE

2024-08-14T12:11:50.760000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2023-006565	date:	2023-11-15T05:44:00
db:	CNNVD	id:	CNNVD-202304-722	date:	2023-05-10T00:00:00
db:	NVD	id:	CVE-2023-26293	date:	2024-08-13T08:15:05.880

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2023-006565	date:	2023-11-15T00:00:00
db:	CNNVD	id:	CNNVD-202304-722	date:	2023-04-11T00:00:00
db:	NVD	id:	CVE-2023-26293	date:	2023-04-11T10:15:18.157