Full Report
TIA Administrator creates temporary download files in a directory with insecure permissions. This could allow any authenticated attacker on Windows to disrupt the update process. Siemens has released a new version for TIA Administrator and recommends to update to the latest version.
Analysis Summary
# Vulnerability: Denial of Service via Insecure Temporary File Permissions in TIA Administrator
## CVE Details
- CVE ID: CVE-2023-38533
- CVSS Score: 3.3 (CVSS v3.1 Low) / 4.8 (CVSS v4.0 Low)
- CWE: CWE-379: Creation of Temporary File in Directory with Insecure Permissions
## Affected Systems
- Products: TIA Administrator
- Versions: All versions < V3 SP2
- Configurations: Windows environment, authenticated user required.
## Vulnerability Description
The affected component within TIA Administrator insecurely creates temporary download files in a directory that possesses insufficient permissions. This flaw could be leveraged by an authenticated attacker on the Windows system to disrupt the software's update process, resulting in a Denial of Service (DoS) condition specific to updates.
## Exploitation
- Status: Information regarding widespread exploitation is not provided; assumed PoC or technical exploit may exist based on the nature of the flaw.
- Complexity: Low (Implied by CVSS vector AV:L/AC:L/PR:L)
- Attack Vector: Local (AV:L)
## Impact
- Confidentiality: No Impact (C:N)
- Integrity: No Impact (I:N)
- Availability: Low Impact (A:L) - Disruption of the update process.
## Remediation
### Patches
- Update to **V3 SP2 or later version**. Siemens references the following support link for the update: `https://support.industry.siemens.com/cs/ww/en/view/109825038/`
### Workarounds
- Remove write permissions for non-administrative users on files and folders located under the TIA Administrator installation path.
- Follow general security recommendations provided by Siemens, including protecting network access to devices.
## Detection
- **Indicators of Compromise:** Look for unauthorized modifications or deletions within the temporary file directories used by TIA Administrator during update operations.
- **Detection Methods and Tools:** Monitor file system access controls (ACLs) on the TIA Administrator installation directory, specifically looking for unexpected write access by non-administrative users to temporary file locations.
## References
- Vendor Advisories: SSA-319319
- Relevant links:
- Siemens ProductCERT Advisory Index: `https://www.siemens.com/cert/advisories`
- Siemens Operational Guidelines: `https://www.siemens.com/cert/operational-guidelines-industrial-security`