Details of VAR-202304-0737

ID

VAR-202304-0737

CVE

CVE-2023-28766

TITLE

in multiple Siemens products NULL Pointer dereference vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2023-006553

DESCRIPTION

A vulnerability has been identified in SIPROTEC 5 6MD85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 6MD86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 6MD89 (CP300) (All versions >= V7.80 < V9.64), SIPROTEC 5 6MU85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7KE85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SA82 (CP100) (All versions), SIPROTEC 5 7SA82 (CP150) (All versions < V9.40), SIPROTEC 5 7SA86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SA87 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SD82 (CP100) (All versions), SIPROTEC 5 7SD82 (CP150) (All versions < V9.40), SIPROTEC 5 7SD86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SD87 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SJ81 (CP100) (All versions < V8.89), SIPROTEC 5 7SJ81 (CP150) (All versions < V9.40), SIPROTEC 5 7SJ82 (CP100) (All versions < V8.89), SIPROTEC 5 7SJ82 (CP150) (All versions < V9.40), SIPROTEC 5 7SJ85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SJ86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SK82 (CP100) (All versions < V8.89), SIPROTEC 5 7SK82 (CP150) (All versions < V9.40), SIPROTEC 5 7SK85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SL82 (CP100) (All versions), SIPROTEC 5 7SL82 (CP150) (All versions < V9.40), SIPROTEC 5 7SL86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SL87 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SS85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7ST85 (CP300) (All versions >= V7.80 < V9.64), SIPROTEC 5 7ST86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SX82 (CP150) (All versions < V9.40), SIPROTEC 5 7SX85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7UM85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7UT82 (CP100) (All versions), SIPROTEC 5 7UT82 (CP150) (All versions < V9.40), SIPROTEC 5 7UT85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7UT86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7UT87 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7VE85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7VK87 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7VU85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 Communication Module ETH-BA-2EL (All versions < V9.40 installed on CP150 and CP300 devices), SIPROTEC 5 Communication Module ETH-BA-2EL (All versions < V8.89 installed on CP100 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (All versions < V9.40 installed on CP150 and CP300 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (All versions < V8.89 installed on CP100 devices), SIPROTEC 5 Communication Module ETH-BD-2FO (All versions < V9.40), SIPROTEC 5 Compact 7SX800 (CP050) (All versions < V9.40). Affected devices lack proper validation of http request parameters of the hosted web service. An unauthenticated remote attacker could send specially crafted packets that could cause denial of service condition of the target device. siprotec 5 6md85 firmware, SIPROTEC 5 6MD86 firmware, SIPROTEC 5 6MD89 Several Siemens products, such as firmware, NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2023-28766 // JVNDB: JVNDB-2023-006553

AFFECTED PRODUCTS

vendor:	siemens	model:	siprotec 5 7sl82	scope:	lt	version:	9.40	Trust: 1.0
vendor:	siemens	model:	siprotec 5 7sd84	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	siprotec 5 7vk87	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	siprotec 5 7sd87	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	siprotec 5 7sd82	scope:	lt	version:	9.40	Trust: 1.0
vendor:	siemens	model:	siprotec 5 7sa87	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	siprotec 5 6md86	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	siprotec 5 7sa82	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	siprotec 5 7sd86	scope:	lt	version:	9.40	Trust: 1.0
vendor:	siemens	model:	siprotec 5 7sl86	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	siprotec 5 7sl87	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	siprotec 5 7ke85	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	siprotec 5 7sj81	scope:	lt	version:	9.40	Trust: 1.0
vendor:	siemens	model:	siprotec 5 7sa84	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	siprotec 5 7sx82	scope:	lt	version:	9.40	Trust: 1.0
vendor:	siemens	model:	siprotec 5 7sa86	scope:	lt	version:	9.40	Trust: 1.0
vendor:	siemens	model:	siprotec 5 7sk82	scope:	lt	version:	9.40	Trust: 1.0
vendor:	siemens	model:	siprotec 5 7sj86	scope:	lt	version:	9.40	Trust: 1.0
vendor:	siemens	model:	siprotec 5 6mu85	scope:	lt	version:	9.40	Trust: 1.0
vendor:	siemens	model:	siprotec 5 7vu85	scope:	lt	version:	9.40	Trust: 1.0
vendor:	siemens	model:	siprotec 5 7sx85	scope:	lt	version:	9.40	Trust: 1.0
vendor:	siemens	model:	siprotec 5 7ut85	scope:	lt	version:	9.40	Trust: 1.0
vendor:	siemens	model:	siprotec 5 6md86	scope:	lt	version:	9.40	Trust: 1.0
vendor:	siemens	model:	siprotec 5 7ut87	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	siprotec 5 7sj82	scope:	lt	version:	9.40	Trust: 1.0
vendor:	siemens	model:	siprotec 5 6md85	scope:	lt	version:	9.40	Trust: 1.0
vendor:	siemens	model:	siprotec 5 7sj85	scope:	lt	version:	9.40	Trust: 1.0
vendor:	siemens	model:	siprotec 5 7sk85	scope:	lt	version:	9.40	Trust: 1.0
vendor:	siemens	model:	siprotec 5 7sd82	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	siprotec 5 7st85	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	siprotec 5 7ss85	scope:	lt	version:	9.40	Trust: 1.0
vendor:	siemens	model:	siprotec 5 7sd86	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	siprotec 5 7ut86	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	siprotec 5 7sj81	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	siprotec 5 7sl86	scope:	lt	version:	9.40	Trust: 1.0
vendor:	siemens	model:	siprotec 5 7ut82	scope:	lt	version:	9.40	Trust: 1.0
vendor:	siemens	model:	siprotec 5 7vk87	scope:	lt	version:	9.40	Trust: 1.0
vendor:	siemens	model:	siprotec 5 7sa86	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	siprotec 5 communication module ethbb2fo	scope:	lt	version:	9.40	Trust: 1.0
vendor:	siemens	model:	siprotec 5 7sk82	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	siprotec 5 7sd87	scope:	lt	version:	9.40	Trust: 1.0
vendor:	siemens	model:	siprotec 5 7st86	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	siprotec 5 7sa87	scope:	lt	version:	9.40	Trust: 1.0
vendor:	siemens	model:	siprotec 5 7sa82	scope:	lt	version:	9.40	Trust: 1.0
vendor:	siemens	model:	siprotec 5 7sl87	scope:	lt	version:	9.40	Trust: 1.0
vendor:	siemens	model:	siprotec 5 7ve85	scope:	lt	version:	9.40	Trust: 1.0
vendor:	siemens	model:	siprotec 5 communication module ethba2el	scope:	lt	version:	9.40	Trust: 1.0
vendor:	siemens	model:	siprotec 5 7ke85	scope:	lt	version:	9.40	Trust: 1.0
vendor:	siemens	model:	siprotec 5 7sl82	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	siprotec 5 7sj85	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	siprotec 5 7sj86	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	siprotec 5 7ut87	scope:	lt	version:	9.40	Trust: 1.0
vendor:	siemens	model:	siprotec 5 7sk85	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	siprotec 5 compact 7sx800	scope:	lt	version:	9.40	Trust: 1.0
vendor:	siemens	model:	siprotec 5 7sj82	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	siprotec 5 7ut85	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	siprotec 5 7um85	scope:	lt	version:	9.40	Trust: 1.0
vendor:	siemens	model:	siprotec 5 7ut86	scope:	lt	version:	9.40	Trust: 1.0
vendor:	siemens	model:	siprotec 5 6md85	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	siprotec 5 7ss85	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	siprotec 5 7ut82	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	siprotec 5 communication module ethbd2fo	scope:	lt	version:	9.40	Trust: 1.0
vendor:	siemens	model:	siprotec 5 6md89	scope:	eq	version:	*	Trust: 1.0
vendor:	シーメンス	model:	siprotec 5 7sd82	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	siprotec 5 6md86	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	siprotec 5 6md89	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	siprotec 5 7sa86	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	siprotec 5 6mu85	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	siprotec 5 7sa82	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	siprotec 5 7sa87	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	siprotec 5 7sd86	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	siprotec 5 7sd87	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	siprotec 5 6md85	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	siprotec 5 7ke85	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2023-006553 // NVD: CVE-2023-28766

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com:	CVE-2023-28766
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2023-006553
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202304-720
value:	HIGH
Trust: 0.6

productcert@siemens.com:	CVE-2023-28766
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2023-006553
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2023-006553 // CNNVD: CNNVD-202304-720 // NVD: CVE-2023-28766

PROBLEMTYPE DATA

problemtype:	CWE-476	Trust: 1.0
problemtype:	NULL Pointer dereference (CWE-476) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-006553 // NVD: CVE-2023-28766

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202304-720

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202304-720

PATCH

title:

Siemens SIPROTEC 5 Fixes for code issue vulnerabilities

url:

http://123.124.177.30/web/xxk/bdxqById.tag?id=233073

Trust: 0.6

sources: CNNVD: CNNVD-202304-720

EXTERNAL IDS

db:	NVD	id:	CVE-2023-28766	Trust: 3.2
db:	SIEMENS	id:	SSA-322980	Trust: 2.4
db:	ICS CERT	id:	ICSA-23-103-06	Trust: 0.8
db:	JVN	id:	JVNVU94715153	Trust: 0.8
db:	JVNDB	id:	JVNDB-2023-006553	Trust: 0.8
db:	AUSCERT	id:	ESB-2023.2156	Trust: 0.6
db:	CNNVD	id:	CNNVD-202304-720	Trust: 0.6

sources: JVNDB: JVNDB-2023-006553 // CNNVD: CNNVD-202304-720 // NVD: CVE-2023-28766

REFERENCES

url:	https://cert-portal.siemens.com/productcert/pdf/ssa-322980.pdf	Trust: 2.4
url:	https://cert-portal.siemens.com/productcert/html/ssa-322980.html	Trust: 1.0
url:	https://jvn.jp/vu/jvnvu94715153/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2023-28766	Trust: 0.8
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-23-103-06	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2023-28766/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2023.2156	Trust: 0.6

sources: JVNDB: JVNDB-2023-006553 // CNNVD: CNNVD-202304-720 // NVD: CVE-2023-28766

SOURCES

db:	JVNDB	id:	JVNDB-2023-006553
db:	CNNVD	id:	CNNVD-202304-720
db:	NVD	id:	CVE-2023-28766

LAST UPDATE DATE

2024-08-14T13:18:12.204000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2023-006553	date:	2023-11-15T05:35:00
db:	CNNVD	id:	CNNVD-202304-720	date:	2023-05-10T00:00:00
db:	NVD	id:	CVE-2023-28766	date:	2024-05-14T16:15:30.030

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2023-006553	date:	2023-11-15T00:00:00
db:	CNNVD	id:	CNNVD-202304-720	date:	2023-04-11T00:00:00
db:	NVD	id:	CVE-2023-28766	date:	2023-04-11T10:15:18.337