Festo Didactic products

Monitor7.8ICS-CERT ICSA-25-324-05Oct 17, 2023

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

A path traversal vulnerability exists in Siemens TIA Portal versions 15 through 18 (before specific update versions). TIA Portal is bundled in several Festo Didactic products including TP 260 and MES PC systems based on DELL XE3. The vulnerability could allow creation or overwriting of arbitrary files on the engineering system.

What this means

What could happen

An attacker with local access to an engineering workstation could create or overwrite arbitrary files, potentially compromising project files, configurations, or introducing malicious code that could be deployed to field devices. This directly threatens the integrity of your control system programming and operational configurations.

Who's at risk

Festo Didactic TP 260 training/educational systems and MES PC systems (based on DELL XE3 hardware) used for control system engineering and training. This affects organizations using these platforms for PLC programming, configuration, and engineering work. Educational institutions and training facilities using Festo equipment are directly impacted.

How it could be exploited

An attacker with physical or local network access to an engineering workstation running TIA Portal could supply a malicious file or project that exploits the path traversal flaw to write files outside the intended directory. This could overwrite critical control system project files or inject code that gets deployed to PLCs and other field devices.

Prerequisites

- Local access to the affected engineering workstation or network file share - User interaction (victim must open or import a malicious file or project) - Affected TIA Portal version installed on the engineering system (V15-V18 before specified updates)

- Local access only (not remotely exploitable) - User interaction required (file must be opened) - No patch available for affected versions - Affects engineering systems (could compromise program integrity) - Festo Didactic products are often used for training and education

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (4)

4 pending

ProductAffected VersionsFix Status

MES PC DELL XE3V15<V17Update6No fix yet

MES PC DELL XE3V18<V18Update1No fix yet

TP260 <June2023V15<V17Update6No fix yet

TP260 <June2023V18<V18Update1No fix yet

Remediation & Mitigation

0/5

Do now

0/2

HARDENINGIf your Festo Didactic product cannot be upgraded, restrict local access to engineering workstations to authorized personnel only and implement physical security controls to prevent unauthorized access

WORKAROUNDTrain users not to open or import project files from untrusted sources; validate file sources before importing into TIA Portal

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate TIA Portal to a version after V17Update6 (for V15-V17 branch) or V18Update1 (for V18 branch) as referenced in Siemens SSA-116924

HARDENINGReview and validate all deployed control system programs to ensure they have not been altered by this vulnerability

Long-term hardening

0/1

HARDENINGImplement file integrity monitoring on engineering workstations to detect unauthorized file modifications

CVEs (1)

CVE-2023-26293

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/ad314b5b-f960-4971-9880-f6fa32d070e7