Lucene search

SiemensCVE-2023-38533

HistoryJun 11, 2024 - 12:15 p.m.

CVE-2023-38533

2024-06-1112:15:12

CWE-379

siemens

web.nvd.nist.gov

vulnerability

tia administrator

disruption

update process

insecure permissions

windows

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CVSS4

4.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/SC:N/VI:N/SI:N/VA:L/SA:N

AI Score

6.6

Confidence

Low

EPSS

Percentile

9.0%

JSON

A vulnerability has been identified in TIA Administrator (All versions < V3 SP2). The affected component creates temporary download files in a directory with insecure permissions. This could allow any authenticated attacker on Windows to disrupt the update process.

CNA Affected

[
  {
    "vendor": "Siemens",
    "product": "TIA Administrator",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V3 SP2",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

cert-portal.siemens.com/productcert/html/ssa-319319.html

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CVSS4

4.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/SC:N/VI:N/SI:N/VA:L/SA:N

AI Score

6.6

Confidence

Low

EPSS

Percentile

9.0%

JSON

Related for CVE-2023-38533