CVE-2019-10934

Name of the Vulnerable Software and Affected Versions TIA Portal V14 (All versions) TIA Portal V15 (All versions < V15.1 Update 7) TIA Portal V16 (All versions < V16 Update 6) TIA Portal V17 (All versions < V17 Update 4)

Description A vulnerability has been identified that could allow an attacker to execute arbitrary code with SYSTEM privileges by changing the contents of a configuration file. The issue can be exploited by an attacker with a valid account and limited access rights on the system, and no user interaction is required. The vulnerability is related to incorrect restriction of a directory path with limited access, which could allow an attacker to elevate their privileges.

Recommendations For TIA Portal V14, update to a version that includes the necessary security fixes. For TIA Portal V15, update to V15.1 Update 7 or later. For TIA Portal V16, update to V16 Update 6 or later. For TIA Portal V17, update to V17 Update 4 or later.