ID

VAR-202304-0844


CVE

CVE-2023-26293


TITLE

Siemens'  tia portal  Input verification vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2023-006565

DESCRIPTION

A vulnerability has been identified in Totally Integrated Automation Portal (TIA Portal) V15 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions < V16 Update 7), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 6), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 1). Affected products contain a path traversal vulnerability that could allow the creation or overwrite of arbitrary files in the engineering system. If the user is tricked to open a malicious PC system configuration file, an attacker could exploit this vulnerability to achieve arbitrary code execution. Siemens' tia portal There is an input validation vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2023-26293 // JVNDB: JVNDB-2023-006565

AFFECTED PRODUCTS

vendor:siemensmodel:tia portalscope:eqversion:15

Trust: 1.0

vendor:siemensmodel:tia portalscope:eqversion:18

Trust: 1.0

vendor:siemensmodel:tia portalscope:eqversion:16

Trust: 1.0

vendor:siemensmodel:tia portalscope:eqversion:17

Trust: 1.0

vendor:シーメンスmodel:tia portalscope:eqversion:17

Trust: 0.8

vendor:シーメンスmodel:tia portalscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:tia portalscope:eqversion:18

Trust: 0.8

vendor:シーメンスmodel:tia portalscope:eqversion: -

Trust: 0.8

vendor:シーメンスmodel:tia portalscope:eqversion:16

Trust: 0.8

vendor:シーメンスmodel:tia portalscope:eqversion:15

Trust: 0.8

sources: JVNDB: JVNDB-2023-006565 // NVD: CVE-2023-26293

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com: CVE-2023-26293
value: HIGH

Trust: 1.0

nvd@nist.gov: CVE-2023-26293
value: HIGH

Trust: 1.0

OTHER: JVNDB-2023-006565
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202304-722
value: HIGH

Trust: 0.6

productcert@siemens.com: CVE-2023-26293
baseSeverity: HIGH
baseScore: 7.3
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: LOW
exploitabilityScore: 1.8
impactScore: 5.5
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2023-26293
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

OTHER: JVNDB-2023-006565
baseSeverity: HIGH
baseScore: 7.3
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-006565 // CNNVD: CNNVD-202304-722 // NVD: CVE-2023-26293 // NVD: CVE-2023-26293

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.0

problemtype:CWE-22

Trust: 1.0

problemtype:Inappropriate input confirmation (CWE-20) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-006565 // NVD: CVE-2023-26293

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202304-722

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202304-722

PATCH

title:Siemens TIA Portal Enter the fix for the verification error vulnerabilityurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=236715

Trust: 0.6

sources: CNNVD: CNNVD-202304-722

EXTERNAL IDS

db:NVDid:CVE-2023-26293

Trust: 3.2

db:SIEMENSid:SSA-116924

Trust: 2.4

db:ICS CERTid:ICSA-23-103-04

Trust: 0.8

db:JVNid:JVNVU94715153

Trust: 0.8

db:JVNDBid:JVNDB-2023-006565

Trust: 0.8

db:CNNVDid:CNNVD-202304-722

Trust: 0.6

sources: JVNDB: JVNDB-2023-006565 // CNNVD: CNNVD-202304-722 // NVD: CVE-2023-26293

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-116924.pdf

Trust: 2.4

url:https://cert-portal.siemens.com/productcert/html/ssa-116924.html

Trust: 1.0

url:https://jvn.jp/vu/jvnvu94715153/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2023-26293

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-23-103-04

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2023-26293/

Trust: 0.6

sources: JVNDB: JVNDB-2023-006565 // CNNVD: CNNVD-202304-722 // NVD: CVE-2023-26293

SOURCES

db:JVNDBid:JVNDB-2023-006565
db:CNNVDid:CNNVD-202304-722
db:NVDid:CVE-2023-26293

LAST UPDATE DATE

2024-08-14T12:11:50.760000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2023-006565date:2023-11-15T05:44:00
db:CNNVDid:CNNVD-202304-722date:2023-05-10T00:00:00
db:NVDid:CVE-2023-26293date:2024-08-13T08:15:05.880

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2023-006565date:2023-11-15T00:00:00
db:CNNVDid:CNNVD-202304-722date:2023-04-11T00:00:00
db:NVDid:CVE-2023-26293date:2023-04-11T10:15:18.157