ID

VAR-202306-0965


CVE

CVE-2023-30897


TITLE

Siemens SIMATIC WinCC Native Code Execution Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2023-48549

DESCRIPTION

A vulnerability has been identified in SIMATIC WinCC (All versions < V7.5.2.13). Affected applications fail to set proper access rights for their installation folder if a non-default installation path was chosen during installation. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges. SIMATIC WinCC is a supervisory control and data acquisition (SCADA) system

Trust: 1.53

sources: NVD: CVE-2023-30897 // CNVD: CNVD-2023-48549 // VULMON: CVE-2023-30897

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2023-48549

AFFECTED PRODUCTS

vendor:siemensmodel:winccscope:ltversion:7.5.2.13

Trust: 1.0

vendor:siemensmodel:simatic winccscope:ltversion:7.5.2.13

Trust: 0.6

sources: CNVD: CNVD-2023-48549 // NVD: CVE-2023-30897

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-30897
value: HIGH

Trust: 1.0

productcert@siemens.com: CVE-2023-30897
value: HIGH

Trust: 1.0

CNVD: CNVD-2023-48549
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202306-880
value: HIGH

Trust: 0.6

CNVD: CNVD-2023-48549
severity: MEDIUM
baseScore: 6.8
vectorString: AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.1
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2023-30897
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 2.0

sources: CNVD: CNVD-2023-48549 // CNNVD: CNNVD-202306-880 // NVD: CVE-2023-30897 // NVD: CVE-2023-30897

PROBLEMTYPE DATA

problemtype:CWE-732

Trust: 1.0

sources: NVD: CVE-2023-30897

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202306-880

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202306-880

PATCH

title:Patch for Siemens SIMATIC WinCC Native Code Execution Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/433506

Trust: 0.6

title:Siemens SIMATIC WinCC Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=243027

Trust: 0.6

sources: CNVD: CNVD-2023-48549 // CNNVD: CNNVD-202306-880

EXTERNAL IDS

db:NVDid:CVE-2023-30897

Trust: 2.3

db:SIEMENSid:SSA-914026

Trust: 2.3

db:CNVDid:CNVD-2023-48549

Trust: 0.6

db:CNNVDid:CNNVD-202306-880

Trust: 0.6

db:VULMONid:CVE-2023-30897

Trust: 0.1

sources: CNVD: CNVD-2023-48549 // VULMON: CVE-2023-30897 // CNNVD: CNNVD-202306-880 // NVD: CVE-2023-30897

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-914026.pdf

Trust: 1.7

url:https://cert-portal.siemens.com/productcert/html/ssa-914026.html

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2023-30897/

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2023-48549 // VULMON: CVE-2023-30897 // CNNVD: CNNVD-202306-880 // NVD: CVE-2023-30897

SOURCES

db:CNVDid:CNVD-2023-48549
db:VULMONid:CVE-2023-30897
db:CNNVDid:CNNVD-202306-880
db:NVDid:CVE-2023-30897

LAST UPDATE DATE

2024-08-14T15:26:35.146000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2023-48549date:2023-06-14T00:00:00
db:VULMONid:CVE-2023-30897date:2023-06-13T00:00:00
db:CNNVDid:CNNVD-202306-880date:2023-06-27T00:00:00
db:NVDid:CVE-2023-30897date:2023-06-26T17:41:04.607

SOURCES RELEASE DATE

db:CNVDid:CNVD-2023-48549date:2023-06-14T00:00:00
db:VULMONid:CVE-2023-30897date:2023-06-13T00:00:00
db:CNNVDid:CNNVD-202306-880date:2023-06-13T00:00:00
db:NVDid:CVE-2023-30897date:2023-06-13T09:15:17.703