A vulnerability was reported in Siemens TIA Portal. TIA Portal is part of the installation packages of several Festo Didactic products.

TP 260 before June 2023 and MES PC based on DELL XE3 contain a vulnerable versions of TIA Portal V15 to V18.

Affected products of TIA Portal contain a path traversal vulnerability that could allow the creation or overwrite of arbitrary files in the engineering system.



An attacker with administrative privileges which can access sensitive files can additionally access them in an unintended, undocumented way.



Several Pilz products use the 3rd party component "CodeMeter Runtime" from WIBU-SYSTEM AG to manage software licenses. This component is affected by a vulnerability, which may enable an attacker to gain full control over the system running the software product. The vulnerability can be exploited locally or over the network.

Update A, 2023-12-05

  • changed affected version of "Software PASvisu < 1.15.0" to "Software PASvisu < 1.14.1"
  • removed CVE-2023-4701 because it was revoked.



Feeds

Nach Hersteller

Archiv

2024
2023
2022
2021
2020
2019
2018
2017

Legende

(Scoring für CVSS 2.0,3.0+3.1)
keine
Kein CVE verfügbar
Niedrig
0.1 <= 3.9
Mittel
4.0 <= 6.9
Hoch
7.0 <= 8.9
Kritisch
9.0 <= 10.0