Siemens Mendix Forgot Password Module
Plan Patch7.3ICS-CERT ICSA-23-103-08Apr 18, 2023
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary
Siemens TIA Portal's Forgot Password module contains an input validation flaw (CWE-20) that allows an attacker with local access to retrieve sensitive information. The vulnerability affects TIA Portal V15, V16, V17 (before Update 6), and V18 (before Update 1). Successful exploitation could expose confidential data used in industrial automation engineering.
What this means
What could happen
An attacker with physical or local network access to an engineering workstation could retrieve password reset information or other sensitive credentials, potentially gaining unauthorized access to PLC programming systems and altering automation logic or process parameters.
Who's at risk
Engineering teams and automation technicians using Siemens TIA Portal for PLC and automation system programming. Affects organizations running V15 or V16 with no available patch, and those running V17/V18 that have not yet updated. The risk is primarily to confidentiality of engineering credentials and project files, which could lead to unauthorized system modification.
How it could be exploited
An attacker needs local or adjacent network access to the TIA Portal installation. They exploit improper input validation in the Forgot Password module to extract sensitive information, likely password recovery tokens or cached credentials that could be used to reset authentication or access engineering functions remotely.
Prerequisites
- Local or network access to a machine running vulnerable TIA Portal version
- User interaction required (user must initiate password reset or similar action)
- No valid credentials needed for initial exploitation
Local/adjacent network exploitableLow complexity attackInput validation flaw (CWE-20)Affects engineering workstations (not directly control logic, but access to PLC programming)No patch available for V15 and V16
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (4)
2 with fix2 EOL
ProductAffected VersionsFix Status
Totally Integrated Automation Portal (TIA Portal) V17<V17 Update 617 Update 6
Totally Integrated Automation Portal (TIA Portal) V15All versionsNo fix (EOL)
Totally Integrated Automation Portal (TIA Portal) V18<V18 Update 118 Update 1
Totally Integrated Automation Portal (TIA Portal) V16All versionsNo fix (EOL)
Remediation & Mitigation
0/5
Do now
0/1Totally Integrated Automation Portal (TIA Portal) V17
WORKAROUNDFor TIA Portal V15 and V16 (no patch available), restrict local and network access to engineering workstations running these versions using firewalls and access control lists
Schedule — requires maintenance window
0/2Patching may require device reboot — plan for process interruption
Totally Integrated Automation Portal (TIA Portal) V17
HOTFIXUpdate TIA Portal V17 to Update 6 or later
HOTFIXUpdate TIA Portal V18 to Update 1 or later
Mitigations - no patch available
0/2The following products have reached End of Life with no planned fix: Totally Integrated Automation Portal (TIA Portal) V15, Totally Integrated Automation Portal (TIA Portal) V16. Apply the following compensating controls:
HARDENINGIsolate TIA Portal engineering workstations from business networks and the Internet
HARDENINGImplement VPN or secure remote access controls if remote engineering access is required
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/1a4fd483-f73f-45de-ab7b-683a730dedb9