Zurück zur Übersicht

Festo: Vulnerable Siemens TIA-Portal in multiple Festo Didactic products

VDE-2023-047
Last update
01.10.2025 08:00
Published at
17.10.2023 08:00
Vendor(s)
Festo SE & Co. KG
External ID
FSA-202303
CSAF Document

Summary

A vulnerability was reported in Siemens TIA Portal. TIA Portal is part of the installation packages of several Festo Didactic products.

TP 260 before June 2023 and MES PC based on DELL XE3 contain a vulnerable versions of TIA Portal V15 to V18.

Affected products of TIA Portal contain a path traversal vulnerability that could allow the creation or overwrite of arbitrary files in the engineering system.

Impact

Affected Product(s)

Model no. Product name Affected versions
MES PC DELL XE3 TIA-Portal V15<V17Update6, TIA-Portal V18<V18Update1
8107242 TP260 <June2023 TIA-Portal V18<V18Update1, TIA-Portal V15<V17Update6

Vulnerabilities

Expand / Collapse all

Published
06.10.2025 14:04
Weakness
Improper Input Validation (CWE-20)
Summary

A vulnerability has been identified in Totally Integrated Automation Portal (TIA Portal) V15 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 6), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 1). Affected products contain a path traversal vulnerability that could allow the creation or overwrite of arbitrary files in the engineering system. If the user is tricked to open a malicious PC system configuration file, an attacker could exploit this vulnerability to achieve arbitrary code execution.

References

Remediation

Update TIA-Portal. Please refer to Siemens SSA-116924 for more details.

Acknowledgments

Festo SE & Co. KG thanks the following parties for their efforts:

Revision History

Version Date Summary
1.0.0 17.10.2023 08:00 Initial revision.
1.0.1 01.10.2025 08:00 Adjusted to VDE template. Changed title from "Vulnerable Siemens TIA-Portal in several Festo Didactic Products" to "Festo: Vulnerable Siemens TIA-Portal in multiple Festo Didactic products".