CVE-2023-26293

Name of the Vulnerable Software and Affected Versions Totally Integrated Automation Portal (TIA Portal) versions V15 through V18 Update 1, with the following specifics: TIA Portal versions V15 TIA Portal versions V16 through V16 Update 7 TIA Portal versions V17 through V17 Update 6 TIA Portal versions V18 through V18 Update 1

Description A path traversal vulnerability has been identified in the Totally Integrated Automation Portal (TIA Portal) that could allow the creation or overwrite of arbitrary files in the engineering system. If a user is tricked into opening a malicious PC system configuration file, an attacker could exploit this vulnerability to achieve arbitrary code execution.

Recommendations For TIA Portal version V15, update to a version later than V15. For TIA Portal versions V16 through V16 Update 7, update to V16 Update 7 or later. For TIA Portal versions V17 through V17 Update 6, update to V17 Update 6 or later. For TIA Portal versions V18 through V18 Update 1, update to V18 Update 1 or later.