PT-2023-9231 · Siemens · Tia Administrator
Published
2023-07-19
·
Updated
2024-06-11
·
CVE-2023-38533
CVSS v4.0
4.8
Medium
| Vector | AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
TIA Administrator versions prior to V3 SP2
Description
A vulnerability has been identified in the affected component of TIA Administrator, which creates temporary download files in a directory with insecure permissions. This could allow any authenticated attacker on Windows to disrupt the update process. The issue is related to the creation of temporary files with insecure permissions, potentially allowing an attacker to interfere with the update process.
Recommendations
For versions prior to V3 SP2, update to version V3 SP2 or later to resolve the issue. As a temporary workaround, consider restricting access to the directory where temporary download files are created to minimize the risk of exploitation.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tia Administrator