CVE-2023-30757: TIA Portal Know-How Pro fails to reencrypt on update (V14V20)
CVE-2023-30757 Published on June 13, 2023

A vulnerability has been identified in Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions), Totally Integrated Automation Portal (TIA Portal) V20 (All versions). The know-how protection feature in affected products does not properly update the encryption of existing program blocks when a project file is updated. This could allow attackers with access to the project file to recover previous - yet unprotected - versions of the project without the knowledge of the know-how protection password.

NVD

Weakness Type

Protection Mechanism Failure

The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product. This weakness covers three distinct situations. A "missing" protection mechanism occurs when the application does not define any mechanism against a certain class of attack. An "insufficient" protection mechanism might provide some defenses - for example, against the most common attacks - but it does not protect against everything that is intended. Finally, an "ignored" mechanism occurs when a mechanism is available and in active use within the product, but the developer has not applied it in some code path.


Products Associated with CVE-2023-30757

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2023-30757 are published in Siemens Totally Integrated Automation Portal:

Siemens Totally Integrated Automation Portal
 

Affected Versions

Siemens Totally Integrated Automation Portal (TIA Portal) V14: Siemens Totally Integrated Automation Portal (TIA Portal) V15: Siemens Totally Integrated Automation Portal (TIA Portal) V15.1: Siemens Totally Integrated Automation Portal (TIA Portal) V16: Siemens Totally Integrated Automation Portal (TIA Portal) V17: Siemens Totally Integrated Automation Portal (TIA Portal) V18: Siemens Totally Integrated Automation Portal (TIA Portal) V19: Siemens Totally Integrated Automation Portal (TIA Portal) V20:

Exploit Probability

EPSS
0.06%
Percentile
19.59%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.