PT-2023-9231 · Siemens · Tia Administrator
Publicado
2023-07-19
·
Atualizado
2024-06-11
·
CVE-2023-38533
CVSS v4.0
4.8
Média
| Vetor | AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
TIA Administrator versions prior to V3 SP2
Description
A vulnerability has been identified in the affected component of TIA Administrator, which creates temporary download files in a directory with insecure permissions. This could allow any authenticated attacker on Windows to disrupt the update process. The issue is related to the creation of temporary files with insecure permissions, potentially allowing an attacker to interfere with the update process.
Recommendations
For versions prior to V3 SP2, update to version V3 SP2 or later to resolve the issue. As a temporary workaround, consider restricting access to the directory where temporary download files are created to minimize the risk of exploitation.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Tia Administrator