CVE-2023-30757

Name of the Vulnerable Software and Affected Versions Totally Integrated Automation Portal (TIA Portal) versions V14 through V20

Description The issue is related to a flaw in the know-how protection feature of the affected products, which does not properly update the encryption of existing program blocks when a project file is updated. This could allow attackers with access to the project file to recover previous, yet unprotected, versions of the project without the knowledge of the know-how protection password.

Recommendations For Totally Integrated Automation Portal (TIA Portal) versions V14 through V20, consider restricting access to project files to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid updating project files that contain sensitive information until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.