CVE-2023-38533

June 11, 2024, 1:54 p.m.

Awaiting Analysis
CVE has been recently published to the CVE List and has been received by the NVD.

Products

TIA Administrator

  • All versions < V3 SP2

TIA Administrator

  • 3
  • before V3 SP2

Source

productcert@siemens.com

Tags

CVE-2023-38533 details

Published : June 11, 2024, 12:15 p.m.
Last Modified : June 11, 2024, 1:54 p.m.

Description

A vulnerability has been identified in TIA Administrator (All versions < V3 SP2). The affected component creates temporary download files in a directory with insecure permissions. This could allow any authenticated attacker on Windows to disrupt the update process.

CVSS Score

1 2 3.3 4 5 6 7 8 9 10

CVSS Data

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

Base Score

3.3

Base Severity

LOW

Vector String : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

References

URL Source
https://cert-portal.siemens.com/productcert/html/ssa-319319.html productcert@siemens.com
This website uses the NVD API, but is not approved or certified by it.