PatchSiren cyber security CVE debrief
CVE-2023-26293 Festo CVE debrief
CVE-2023-26293 is a high-severity path traversal vulnerability in affected Totally Integrated Automation Portal (TIA Portal) versions used within Festo Didactic product environments. If a user is tricked into opening a malicious PC system configuration file, an attacker could create or overwrite arbitrary files in the engineering system and potentially achieve arbitrary code execution. The advisory was initially published on 2023-10-17 and later revised on 2025-10-01 for title/template updates.
- Vendor
- Festo
- Product
- Hardware
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2023-10-17
- Original CVE updated
- 2025-10-01
- Advisory published
- 2023-10-17
- Advisory updated
- 2025-10-01
Who should care
OT/industrial engineering teams using Festo Didactic systems that include TIA Portal V15, V16, V17 prior to Update 6, or V18 prior to Update 1, especially on the listed MES PC DELL XE3 and TP260 configurations. Security and operations teams responsible for engineering workstations should also prioritize this issue because exploitation depends on user interaction with a malicious configuration file.
Technical summary
The source advisory describes a path traversal flaw in affected TIA Portal installations. Successful exploitation can allow arbitrary file creation or overwrite on the engineering system. The attack requires the user to open a malicious PC system configuration file, and the supplied CVSS vector reflects local attack conditions with required user interaction (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, 7.8). The remediation guidance is to update TIA-Portal and follow Siemens SSA-116924.
Defensive priority
High. The issue can lead to code execution on an engineering workstation if malicious files are opened, so patching and handling controls should be prioritized before routine file exchange or project import activity.
Recommended defensive actions
- Update TIA-Portal to the vendor-fixed version referenced by Siemens SSA-116924.
- Confirm whether any deployed TIA Portal instances are V15, V16, V17 prior to Update 6, or V18 prior to Update 1.
- Treat PC system configuration files from untrusted or unverifiable sources as suspicious and restrict their use on engineering workstations.
- Apply CISA-recommended ICS defensive practices to engineering systems and adjacent OT networks.
- Review exposure on the listed Festo Didactic environments, including MES PC DELL XE3 and TP260 configurations where applicable.
Evidence notes
The supplied CISA CSAF advisory states that affected TIA Portal versions include V15 and V16 all versions, V17 before Update 6, and V18 before Update 1. It also states that the flaw is a path traversal issue that can allow creation or overwrite of arbitrary files and may lead to arbitrary code execution if a user opens a malicious PC system configuration file. The remediation entry says to update TIA-Portal and refers readers to Siemens SSA-116924. The advisory metadata shows initial publication on 2023-10-17 and a later revision on 2025-10-01.
Official resources
-
CVE-2023-26293 CVE record
CVE.org
-
CVE-2023-26293 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in the supplied CISA CSAF advisory on 2023-10-17. The advisory was revised on 2025-10-01 for a title/template update. No KEV listing was provided in the supplied corpus.