CVE-2019-10934 — Path Traversal in Siemens Totally Integrated Automation Portal

CWE-22 — Path Traversal4 documents4 sources

Severity

7.8HIGHNVD

EPSS

0.1%

top 71.78%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Totally Integrated Automation Portal Siemens TIA Portal V14 Siemens TIA Portal V15 +2 more

Timeline

PublishedJan 16

Latest updateMay 24

Description

A vulnerability has been identified in TIA Portal V14 (All versions), TIA Portal V15 (All versions < V15.1 Update 7), TIA Portal V16 (All versions < V16 Update 6), TIA Portal V17 (All versions < V17 Update 4). Changing the contents of a configuration file could allow an attacker to execute arbitrary code with SYSTEM privileges. The security vulnerability could be exploited by an attacker with a valid account and limited access rights on the system. No user interaction is required. At the time of…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages5 packages

▶NVDsiemens/totally_integrated_automation_portal14 — 17

▶CVEListV5siemens/tia_portal_v14All versions

▶CVEListV5siemens/tia_portal_v15All versions < V15.1 Update 7

▶CVEListV5siemens/tia_portal_v16All versions < V16 Update 6

▶CVEListV5siemens/tia_portal_v17All versions < V17 Update 4

🔴Vulnerability Details

GHSA

GHSA-62j2-rqpv-q83g: A vulnerability has been identified in TIA Portal V14 (All versions), TIA Portal V15 (All versions < V15↗2022-05-24

▶

CVEList

CVE-2019-10934: A vulnerability has been identified in TIA Portal V14 (All versions), TIA Portal V15 (All versions < V15↗2020-01-16

▶