ID

VAR-202304-0737


CVE

CVE-2023-28766


TITLE

in multiple Siemens products  NULL  Pointer dereference vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2023-006553

DESCRIPTION

A vulnerability has been identified in SIPROTEC 5 6MD85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 6MD86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 6MD89 (CP300) (All versions >= V7.80 < V9.64), SIPROTEC 5 6MU85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7KE85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SA82 (CP100) (All versions), SIPROTEC 5 7SA82 (CP150) (All versions < V9.40), SIPROTEC 5 7SA86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SA87 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SD82 (CP100) (All versions), SIPROTEC 5 7SD82 (CP150) (All versions < V9.40), SIPROTEC 5 7SD86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SD87 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SJ81 (CP100) (All versions < V8.89), SIPROTEC 5 7SJ81 (CP150) (All versions < V9.40), SIPROTEC 5 7SJ82 (CP100) (All versions < V8.89), SIPROTEC 5 7SJ82 (CP150) (All versions < V9.40), SIPROTEC 5 7SJ85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SJ86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SK82 (CP100) (All versions < V8.89), SIPROTEC 5 7SK82 (CP150) (All versions < V9.40), SIPROTEC 5 7SK85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SL82 (CP100) (All versions), SIPROTEC 5 7SL82 (CP150) (All versions < V9.40), SIPROTEC 5 7SL86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SL87 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SS85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7ST85 (CP300) (All versions >= V7.80 < V9.64), SIPROTEC 5 7ST86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SX82 (CP150) (All versions < V9.40), SIPROTEC 5 7SX85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7UM85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7UT82 (CP100) (All versions), SIPROTEC 5 7UT82 (CP150) (All versions < V9.40), SIPROTEC 5 7UT85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7UT86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7UT87 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7VE85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7VK87 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7VU85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 Communication Module ETH-BA-2EL (All versions < V9.40 installed on CP150 and CP300 devices), SIPROTEC 5 Communication Module ETH-BA-2EL (All versions < V8.89 installed on CP100 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (All versions < V9.40 installed on CP150 and CP300 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (All versions < V8.89 installed on CP100 devices), SIPROTEC 5 Communication Module ETH-BD-2FO (All versions < V9.40), SIPROTEC 5 Compact 7SX800 (CP050) (All versions < V9.40). Affected devices lack proper validation of http request parameters of the hosted web service. An unauthenticated remote attacker could send specially crafted packets that could cause denial of service condition of the target device. siprotec 5 6md85 firmware, SIPROTEC 5 6MD86 firmware, SIPROTEC 5 6MD89 Several Siemens products, such as firmware, NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2023-28766 // JVNDB: JVNDB-2023-006553

AFFECTED PRODUCTS

vendor:siemensmodel:siprotec 5 7sl82scope:ltversion:9.40

Trust: 1.0

vendor:siemensmodel:siprotec 5 7sd84scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:siprotec 5 7vk87scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:siprotec 5 7sd87scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:siprotec 5 7sd82scope:ltversion:9.40

Trust: 1.0

vendor:siemensmodel:siprotec 5 7sa87scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:siprotec 5 6md86scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:siprotec 5 7sa82scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:siprotec 5 7sd86scope:ltversion:9.40

Trust: 1.0

vendor:siemensmodel:siprotec 5 7sl86scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:siprotec 5 7sl87scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:siprotec 5 7ke85scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:siprotec 5 7sj81scope:ltversion:9.40

Trust: 1.0

vendor:siemensmodel:siprotec 5 7sa84scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:siprotec 5 7sx82scope:ltversion:9.40

Trust: 1.0

vendor:siemensmodel:siprotec 5 7sa86scope:ltversion:9.40

Trust: 1.0

vendor:siemensmodel:siprotec 5 7sk82scope:ltversion:9.40

Trust: 1.0

vendor:siemensmodel:siprotec 5 7sj86scope:ltversion:9.40

Trust: 1.0

vendor:siemensmodel:siprotec 5 6mu85scope:ltversion:9.40

Trust: 1.0

vendor:siemensmodel:siprotec 5 7vu85scope:ltversion:9.40

Trust: 1.0

vendor:siemensmodel:siprotec 5 7sx85scope:ltversion:9.40

Trust: 1.0

vendor:siemensmodel:siprotec 5 7ut85scope:ltversion:9.40

Trust: 1.0

vendor:siemensmodel:siprotec 5 6md86scope:ltversion:9.40

Trust: 1.0

vendor:siemensmodel:siprotec 5 7ut87scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:siprotec 5 7sj82scope:ltversion:9.40

Trust: 1.0

vendor:siemensmodel:siprotec 5 6md85scope:ltversion:9.40

Trust: 1.0

vendor:siemensmodel:siprotec 5 7sj85scope:ltversion:9.40

Trust: 1.0

vendor:siemensmodel:siprotec 5 7sk85scope:ltversion:9.40

Trust: 1.0

vendor:siemensmodel:siprotec 5 7sd82scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:siprotec 5 7st85scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:siprotec 5 7ss85scope:ltversion:9.40

Trust: 1.0

vendor:siemensmodel:siprotec 5 7sd86scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:siprotec 5 7ut86scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:siprotec 5 7sj81scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:siprotec 5 7sl86scope:ltversion:9.40

Trust: 1.0

vendor:siemensmodel:siprotec 5 7ut82scope:ltversion:9.40

Trust: 1.0

vendor:siemensmodel:siprotec 5 7vk87scope:ltversion:9.40

Trust: 1.0

vendor:siemensmodel:siprotec 5 7sa86scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:siprotec 5 communication module ethbb2foscope:ltversion:9.40

Trust: 1.0

vendor:siemensmodel:siprotec 5 7sk82scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:siprotec 5 7sd87scope:ltversion:9.40

Trust: 1.0

vendor:siemensmodel:siprotec 5 7st86scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:siprotec 5 7sa87scope:ltversion:9.40

Trust: 1.0

vendor:siemensmodel:siprotec 5 7sa82scope:ltversion:9.40

Trust: 1.0

vendor:siemensmodel:siprotec 5 7sl87scope:ltversion:9.40

Trust: 1.0

vendor:siemensmodel:siprotec 5 7ve85scope:ltversion:9.40

Trust: 1.0

vendor:siemensmodel:siprotec 5 communication module ethba2elscope:ltversion:9.40

Trust: 1.0

vendor:siemensmodel:siprotec 5 7ke85scope:ltversion:9.40

Trust: 1.0

vendor:siemensmodel:siprotec 5 7sl82scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:siprotec 5 7sj85scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:siprotec 5 7sj86scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:siprotec 5 7ut87scope:ltversion:9.40

Trust: 1.0

vendor:siemensmodel:siprotec 5 7sk85scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:siprotec 5 compact 7sx800scope:ltversion:9.40

Trust: 1.0

vendor:siemensmodel:siprotec 5 7sj82scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:siprotec 5 7ut85scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:siprotec 5 7um85scope:ltversion:9.40

Trust: 1.0

vendor:siemensmodel:siprotec 5 7ut86scope:ltversion:9.40

Trust: 1.0

vendor:siemensmodel:siprotec 5 6md85scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:siprotec 5 7ss85scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:siprotec 5 7ut82scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:siprotec 5 communication module ethbd2foscope:ltversion:9.40

Trust: 1.0

vendor:siemensmodel:siprotec 5 6md89scope:eqversion:*

Trust: 1.0

vendor:シーメンスmodel:siprotec 5 7sd82scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:siprotec 5 6md86scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:siprotec 5 6md89scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:siprotec 5 7sa86scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:siprotec 5 6mu85scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:siprotec 5 7sa82scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:siprotec 5 7sa87scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:siprotec 5 7sd86scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:siprotec 5 7sd87scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:siprotec 5 6md85scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:siprotec 5 7ke85scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2023-006553 // NVD: CVE-2023-28766

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com: CVE-2023-28766
value: HIGH

Trust: 1.0

OTHER: JVNDB-2023-006553
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202304-720
value: HIGH

Trust: 0.6

productcert@siemens.com: CVE-2023-28766
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

OTHER: JVNDB-2023-006553
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-006553 // CNNVD: CNNVD-202304-720 // NVD: CVE-2023-28766

PROBLEMTYPE DATA

problemtype:CWE-476

Trust: 1.0

problemtype:NULL Pointer dereference (CWE-476) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-006553 // NVD: CVE-2023-28766

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202304-720

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202304-720

PATCH

title:Siemens SIPROTEC 5 Fixes for code issue vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=233073

Trust: 0.6

sources: CNNVD: CNNVD-202304-720

EXTERNAL IDS

db:NVDid:CVE-2023-28766

Trust: 3.2

db:SIEMENSid:SSA-322980

Trust: 2.4

db:ICS CERTid:ICSA-23-103-06

Trust: 0.8

db:JVNid:JVNVU94715153

Trust: 0.8

db:JVNDBid:JVNDB-2023-006553

Trust: 0.8

db:AUSCERTid:ESB-2023.2156

Trust: 0.6

db:CNNVDid:CNNVD-202304-720

Trust: 0.6

sources: JVNDB: JVNDB-2023-006553 // CNNVD: CNNVD-202304-720 // NVD: CVE-2023-28766

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-322980.pdf

Trust: 2.4

url:https://cert-portal.siemens.com/productcert/html/ssa-322980.html

Trust: 1.0

url:https://jvn.jp/vu/jvnvu94715153/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2023-28766

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-23-103-06

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2023-28766/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2023.2156

Trust: 0.6

sources: JVNDB: JVNDB-2023-006553 // CNNVD: CNNVD-202304-720 // NVD: CVE-2023-28766

SOURCES

db:JVNDBid:JVNDB-2023-006553
db:CNNVDid:CNNVD-202304-720
db:NVDid:CVE-2023-28766

LAST UPDATE DATE

2024-08-14T13:18:12.204000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2023-006553date:2023-11-15T05:35:00
db:CNNVDid:CNNVD-202304-720date:2023-05-10T00:00:00
db:NVDid:CVE-2023-28766date:2024-05-14T16:15:30.030

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2023-006553date:2023-11-15T00:00:00
db:CNNVDid:CNNVD-202304-720date:2023-04-11T00:00:00
db:NVDid:CVE-2023-28766date:2023-04-11T10:15:18.337