CVE-2019-10934 is a vulnerability in Siemens Totally Integrated Automation Portal
Published on January 16, 2020
A vulnerability has been identified in TIA Portal V14 (All versions), TIA Portal V15 (All versions < V15.1 Update 7), TIA Portal V16 (All versions < V16 Update 6), TIA Portal V17 (All versions < V17 Update 4). Changing the contents of a configuration file could allow an attacker to execute arbitrary code with SYSTEM privileges. The security vulnerability could be exploited by an attacker with a valid account and limited access rights on the system. No user interaction is required. At the time of advisory publication no public exploitation of this security vulnerability was known.
Weakness Type
What is a Directory traversal Vulnerability?
The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
CVE-2019-10934 has been classified to as a Directory traversal vulnerability or weakness.
Products Associated with CVE-2019-10934
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2019-10934 are published in Siemens Totally Integrated Automation Portal:
Affected Versions
Siemens TIA Portal V14:- Version All versions is affected.
- Version All versions < V15.1 Update 7 is affected.
- Version All versions < V16 Update 6 is affected.
- Version All versions < V17 Update 4 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.