Festo Didactic products
Summary
The article details a critical vulnerability (CVE-2023-26293) in Festo Didactic products, specifically related to improper input validation in Siemens TIA-Portal versions V15 to V18, which could allow attackers to create or overwrite arbitrary files. With a CVSS v3.1 score of 7.8, this vulnerability poses significant risks to engineering systems and requires immediate attention from users to mitigate potential exploitation.
Impact
Affected products include Siemens TIA-Portal V15 prior to V17 Update 6, Siemens TIA-Portal V18 prior to V18 Update 1, all versions of Festo Hardware MES PC, and all versions of Festo Hardware TP260 (before June 2023). Vendor: Festo SE & Co. KG.
In the Wild
No
Timeline
Disclosed on [date]
Remediation
Festo recommends users of affected devices to update TIA-Portal to the latest versions. Specifically, users should update to Siemens TIA-Portal V17 Update 6 or later and Siemens TIA-Portal V18 Update 1 or later. For further details, refer to Siemens SSA-116924 and Festo's security advisory FSA-202303.