CVE-2023-30757

A vulnerability has been identified in Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions), Totally Integrated Automation Portal (TIA Portal) V20 (All versions). The know-how protection feature in affected products does not properly update the encryption of existing program blocks when a project file is updated.

This could allow attackers with access to the project file to recover previous - yet unprotected - versions of the project without the knowledge of the know-how protection password.

Weakness

The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

Affected Software

Name	Vendor	Start Version	End Version
Totally_integrated_automation_portal	Siemens	14.0 (including)	14.0 (including)
Totally_integrated_automation_portal	Siemens	15 (including)	15 (including)
Totally_integrated_automation_portal	Siemens	15.1 (including)	15.1 (including)
Totally_integrated_automation_portal	Siemens	16 (including)	16 (including)
Totally_integrated_automation_portal	Siemens	17 (including)	17 (including)
Totally_integrated_automation_portal	Siemens	18 (including)	18 (including)

NVD	https://nvd.nist.gov/vuln/detail/CVE-2023-30757
CWE	https://cwe.mitre.org/data/definitions/693.html

Protection Mechanism Failure

Weakness

Affected Software

References

CVE-2023-30757

Protection Mechanism Failure

Weakness

Affected Software

Related Attack Patterns

References