Details of VAR-202303-0898

ID

VAR-202303-0898

CVE

CVE-2023-27402

TITLE

Siemens' Tecnomatix Plant Simulation Out-of-bounds read vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2023-004924

DESCRIPTION

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20334). Siemens' Tecnomatix Plant Simulation Exists in an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of SPP files. Siemens Tecnomatix Plant Simulation is an industrial control equipment of German Siemens (Siemens). Leverage the power of discrete event simulation for throughput analysis and optimization to improve manufacturing system performance

Trust: 2.79

sources: NVD: CVE-2023-27402 // JVNDB: JVNDB-2023-004924 // ZDI: ZDI-23-327 // CNVD: CNVD-2023-18932

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2023-18932

AFFECTED PRODUCTS

vendor:	siemens	model:	tecnomatix plant simulation	scope:	lt	version:	2201.0006	Trust: 1.0
vendor:	シーメンス	model:	tecnomatix plant simulation	scope:	eq	version:	-	Trust: 0.8
vendor:	シーメンス	model:	tecnomatix plant simulation	scope:	eq	version:	2201.0006	Trust: 0.8
vendor:	シーメンス	model:	tecnomatix plant simulation	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	tecnomatix plant simulation	scope:	-	version:	-	Trust: 0.7
vendor:	siemens	model:	tecnomatix plant simulation	scope:	lt	version:	v2201.0006	Trust: 0.6

sources: ZDI: ZDI-23-327 // CNVD: CNVD-2023-18932 // JVNDB: JVNDB-2023-004924 // NVD: CVE-2023-27402

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com:	CVE-2023-27402
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2023-004924
value:	HIGH
Trust: 0.8
ZDI:	CVE-2023-27402
value:	HIGH
Trust: 0.7
CNVD:	CNVD-2023-18932
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202303-1088
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2023-18932
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

productcert@siemens.com:	CVE-2023-27402
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2023-004924
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8
ZDI:	CVE-2023-27402
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 0.7

sources: ZDI: ZDI-23-327 // CNVD: CNVD-2023-18932 // JVNDB: JVNDB-2023-004924 // CNNVD: CNNVD-202303-1088 // NVD: CVE-2023-27402

PROBLEMTYPE DATA

problemtype:	CWE-125	Trust: 1.0
problemtype:	Out-of-bounds read (CWE-125) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-004924 // NVD: CVE-2023-27402

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202303-1088

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202303-1088

PATCH

title:	Siemens has issued an update to correct this vulnerability.	url:	https://cert-portal.siemens.com/productcert/pdf/ssa-847261.pdf	Trust: 0.7
title:	Patch for Siemens Tecnomatix Plant Simulation Out-of-Bounds Read Vulnerability (CNVD-2023-18932)	url:	https://www.cnvd.org.cn/patchInfo/show/415671	Trust: 0.6
title:	Siemens Tecnomatix Plant Simulation Buffer error vulnerability fix	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=228937	Trust: 0.6

sources: ZDI: ZDI-23-327 // CNVD: CNVD-2023-18932 // CNNVD: CNNVD-202303-1088

EXTERNAL IDS

db:	NVD	id:	CVE-2023-27402	Trust: 4.5
db:	SIEMENS	id:	SSA-847261	Trust: 3.0
db:	JVN	id:	JVNVU97514209	Trust: 0.8
db:	JVNDB	id:	JVNDB-2023-004924	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-20334	Trust: 0.7
db:	ZDI	id:	ZDI-23-327	Trust: 0.7
db:	CNVD	id:	CNVD-2023-18932	Trust: 0.6
db:	CNNVD	id:	CNNVD-202303-1088	Trust: 0.6

sources: ZDI: ZDI-23-327 // CNVD: CNVD-2023-18932 // JVNDB: JVNDB-2023-004924 // CNNVD: CNNVD-202303-1088 // NVD: CVE-2023-27402

REFERENCES

url:	https://cert-portal.siemens.com/productcert/pdf/ssa-847261.pdf	Trust: 3.7
url:	https://jvn.jp/vu/jvnvu97514209/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2023-27402	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2023-27402/	Trust: 0.6

sources: ZDI: ZDI-23-327 // CNVD: CNVD-2023-18932 // JVNDB: JVNDB-2023-004924 // CNNVD: CNNVD-202303-1088 // NVD: CVE-2023-27402

CREDITS

Dennis Herrmann (@dhn_)

Trust: 0.7

sources: ZDI: ZDI-23-327

SOURCES

db:	ZDI	id:	ZDI-23-327
db:	CNVD	id:	CNVD-2023-18932
db:	JVNDB	id:	JVNDB-2023-004924
db:	CNNVD	id:	CNNVD-202303-1088
db:	NVD	id:	CVE-2023-27402

LAST UPDATE DATE

2024-08-14T12:18:06.170000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-23-327	date:	2023-03-16T00:00:00
db:	CNVD	id:	CNVD-2023-18932	date:	2023-03-22T00:00:00
db:	JVNDB	id:	JVNDB-2023-004924	date:	2023-11-02T07:30:00
db:	CNNVD	id:	CNNVD-202303-1088	date:	2023-03-15T00:00:00
db:	NVD	id:	CVE-2023-27402	date:	2023-03-16T19:01:28.430

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-23-327	date:	2023-03-16T00:00:00
db:	CNVD	id:	CNVD-2023-18932	date:	2023-03-23T00:00:00
db:	JVNDB	id:	JVNDB-2023-004924	date:	2023-11-02T00:00:00
db:	CNNVD	id:	CNNVD-202303-1088	date:	2023-03-14T00:00:00
db:	NVD	id:	CVE-2023-27402	date:	2023-03-14T10:15:29.240