Siemens TIA Portal
Monitor6.2ICS-CERT ICSA-23-166-06Jun 13, 2023
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
The know-how protection feature in Totally Integrated Automation Portal (TIA Portal) does not properly update the encryption of existing program blocks when a project file is updated. An attacker with access to the project file could recover previous unencrypted versions of the project without knowing the know-how protection password.
What this means
What could happen
An attacker who gains access to a TIA Portal project file could extract unprotected versions of your automation logic, ladder code, and configuration data even if you've set a know-how protection password. This exposes your process designs and intellectual property to theft.
Who's at risk
Manufacturers and system integrators using Siemens TIA Portal (V14–V20) to develop automation projects, particularly those handling sensitive control logic or proprietary process designs. This affects engineering workstations and project repositories where TIA Portal files are stored and shared.
How it could be exploited
An attacker must obtain a copy of the TIA Portal project file (typically a .ap19, .ap18, or similar archive file). They can then analyze the file's contents to recover previous unencrypted versions of program blocks that were created before the know-how protection password was applied. No network access to a running system is required—only the project file itself.
Prerequisites
- Access to the TIA Portal project file stored on disk or shared storage
- File access permissions to the project archive
- Understanding of the TIA Portal project file format to extract unencrypted blocks
no patch availableaffects intellectual property protectionrequires file access rather than network accesslow EPSS score (unlikely to be exploited in the wild)
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (8)
8 EOL
ProductAffected VersionsFix Status
Totally Integrated Automation Portal (TIA Portal) V14All versionsNo fix (EOL)
Totally Integrated Automation Portal (TIA Portal) V15All versionsNo fix (EOL)
Totally Integrated Automation Portal (TIA Portal) V15.1All versionsNo fix (EOL)
Totally Integrated Automation Portal (TIA Portal) V16All versionsNo fix (EOL)
Totally Integrated Automation Portal (TIA Portal) V17All versionsNo fix (EOL)
Totally Integrated Automation Portal (TIA Portal) V18All versionsNo fix (EOL)
Totally Integrated Automation Portal (TIA Portal) V19All versionsNo fix (EOL)
Totally Integrated Automation Portal (TIA Portal) V20All versionsNo fix (EOL)
Remediation & Mitigation
0/5
Do now
0/1Totally Integrated Automation Portal (TIA Portal) V14
HARDENINGRestrict file system access to TIA Portal project directories and shared repositories to authorized engineering staff only
Schedule — requires maintenance window
0/2Patching may require device reboot — plan for process interruption
HARDENINGEnable and enforce strong know-how protection passwords on all new and existing projects
HARDENINGAudit who has access to project files and remove unnecessary permissions
Mitigations - no patch available
0/2The following products have reached End of Life with no planned fix: Totally Integrated Automation Portal (TIA Portal) V14, Totally Integrated Automation Portal (TIA Portal) V15, Totally Integrated Automation Portal (TIA Portal) V15.1, Totally Integrated Automation Portal (TIA Portal) V16, Totally Integrated Automation Portal (TIA Portal) V17, Totally Integrated Automation Portal (TIA Portal) V18, Totally Integrated Automation Portal (TIA Portal) V19, Totally Integrated Automation Portal (TIA Portal) V20. Apply the following compensating controls:
HARDENINGStore project files on encrypted drives or network shares with access controls
HARDENINGImplement regular backups of project files with restricted access to backup media
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/dd0c8747-97e9-49a4-8800-e129a19a23b4