CVE-2023-26293 – This path traversal vulnerability in Siemens TI... (How to Fix)

Q: How do I fix CVE-2023-26293?

1. Download appropriate update from Siemens Industry Online Support. 2. Close TIA Portal. 3. Run update installer. 4. Restart system. 5. Verify version in TIA Portal About dialog.

Q: What is the severity of CVE-2023-26293?

CVE-2023-26293 has a CVSS score of 7.3 (HIGH). This path traversal vulnerability in Siemens TIA Portal allows attackers to create or overwrite arbitrary files when users open malicious PC system configuration files. Successful exploitation could lead to arbitrary code execution on the engineering system. Affected users include those running TIA Portal V15, V16 (< Update 7), V17 (< Update 6), or V18 (< Update 1).

📋 TL;DR

This path traversal vulnerability in Siemens TIA Portal allows attackers to create or overwrite arbitrary files when users open malicious PC system configuration files. Successful exploitation could lead to arbitrary code execution on the engineering system. Affected users include those running TIA Portal V15, V16 (< Update 7), V17 (< Update 6), or V18 (< Update 1).

💻 Affected Systems

Products:

Siemens Totally Integrated Automation Portal (TIA Portal)

Versions: V15 (All versions), V16 (All versions < V16 Update 7), V17 (All versions < V17 Update 6), V18 (All versions < V18 Update 1)

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Requires user to open malicious PC system configuration file (.xml or similar format).

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise through arbitrary code execution leading to industrial control system manipulation, data theft, or ransomware deployment.

🟠

Likely Case

Local privilege escalation leading to unauthorized access to engineering projects and configuration files.

🟢

If Mitigated

Limited impact with proper user training and restricted file opening privileges.

🌐 Internet-Facing: LOW - Requires user interaction with malicious files, not directly network exploitable.

🏢 Internal Only: MEDIUM - Requires social engineering but could spread through internal file sharing.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires social engineering to trick user into opening malicious file. No public exploit code available as of analysis.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: V16 Update 7, V17 Update 6, V18 Update 1

Vendor Advisory: https://cert-portal.siemens.com/productcert/html/ssa-116924.html

Restart Required: Yes

Instructions:

1. Download appropriate update from Siemens Industry Online Support. 2. Close TIA Portal. 3. Run update installer. 4. Restart system. 5. Verify version in TIA Portal About dialog.

🔧 Temporary Workarounds

Restrict File Opening

windows

Only open PC system configuration files from trusted sources. Implement file extension filtering.

User Training

all

Train users to recognize suspicious files and avoid opening untrusted configuration files.

🧯 If You Can't Patch

Implement application whitelisting to prevent execution of unauthorized files.
Use least privilege accounts for TIA Portal users and restrict file system write permissions.

🔍 How to Verify

Check if Vulnerable:

Check TIA Portal version in Help > About dialog. If version matches affected ranges, system is vulnerable.

Check Version:

Open TIA Portal > Help > About > Check version number

Verify Fix Applied:

Verify version shows V16 Update 7 or higher, V17 Update 6 or higher, or V18 Update 1 or higher in About dialog.

📡 Detection & Monitoring

Log Indicators:

Unusual file creation/modification in system directories
TIA Portal crash logs after opening configuration files

Network Indicators:

Unusual outbound connections from TIA Portal process

SIEM Query:

Process: 'TIA Portal' AND FileOperation: ('Create' OR 'Modify') AND Path: contains '..' or unusual system paths

📊 Metadata

CVE ID: CVE-2023-26293

CVSS v3 Score: 7.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L

CWE: CWE-20

Published: April 11, 2023

Last Updated: November 21, 2024

🔗 References

https://cert-portal.siemens.com/productcert/html/ssa-116924.html
https://cert-portal.siemens.com/productcert/pdf/ssa-116924.pdf Patch,Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-116924.pdf Patch,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-26293, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Tia Portal by Siemens

Tia Portal by Siemens

Tia Portal by Siemens

Tia Portal by Siemens

Tia Portal by Siemens

Tia Portal by Siemens

Tia Portal by Siemens

Tia Portal by Siemens

Tia Portal by Siemens

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict File Opening

User Training

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities