ID

VAR-202307-0641


CVE

CVE-2023-29130


TITLE

Siemens'  simatic cn 4100  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2023-021882

DESCRIPTION

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.5). Affected device consists of improper access controls in the configuration files that leads to privilege escalation. An attacker could gain admin access with this vulnerability leading to complete device control. Siemens' simatic cn 4100 Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siemens SIMATIC CN 4100 is a communication node of Siemens (Siemens) in Germany

Trust: 2.25

sources: NVD: CVE-2023-29130 // JVNDB: JVNDB-2023-021882 // CNVD: CNVD-2023-60605 // VULMON: CVE-2023-29130

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2023-60605

AFFECTED PRODUCTS

vendor:siemensmodel:simatic cn 4100scope:ltversion:2.5

Trust: 1.0

vendor:シーメンスmodel:simatic cn 4100scope:eqversion:2.5

Trust: 0.8

vendor:シーメンスmodel:simatic cn 4100scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic cn 4100scope:eqversion: -

Trust: 0.8

vendor:siemensmodel:simatic cnscope:eqversion:4100<v2.5

Trust: 0.6

sources: CNVD: CNVD-2023-60605 // JVNDB: JVNDB-2023-021882 // NVD: CVE-2023-29130

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-29130
value: CRITICAL

Trust: 1.0

productcert@siemens.com: CVE-2023-29130
value: CRITICAL

Trust: 1.0

NVD: CVE-2023-29130
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2023-60605
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202307-747
value: CRITICAL

Trust: 0.6

CNVD: CNVD-2023-60605
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2023-29130
baseSeverity: CRITICAL
baseScore: 10.0
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 6.0
version: 3.1

Trust: 1.0

productcert@siemens.com: CVE-2023-29130
baseSeverity: CRITICAL
baseScore: 9.9
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.1
impactScore: 6.0
version: 3.1

Trust: 1.0

NVD: CVE-2023-29130
baseSeverity: CRITICAL
baseScore: 10.0
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2023-60605 // JVNDB: JVNDB-2023-021882 // CNNVD: CNNVD-202307-747 // NVD: CVE-2023-29130 // NVD: CVE-2023-29130

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-284

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-021882 // NVD: CVE-2023-29130

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202307-747

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202307-747

PATCH

title:Patch for Siemens SIMATIC CN 4100 Improper Access Control Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/449026

Trust: 0.6

title:Siemens SIMATIC CN 4100 Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=246667

Trust: 0.6

sources: CNVD: CNVD-2023-60605 // CNNVD: CNNVD-202307-747

EXTERNAL IDS

db:NVDid:CVE-2023-29130

Trust: 3.9

db:SIEMENSid:SSA-313488

Trust: 3.1

db:ICS CERTid:ICSA-23-194-03

Trust: 0.8

db:JVNid:JVNVU95292697

Trust: 0.8

db:JVNDBid:JVNDB-2023-021882

Trust: 0.8

db:CNVDid:CNVD-2023-60605

Trust: 0.6

db:CNNVDid:CNNVD-202307-747

Trust: 0.6

db:VULMONid:CVE-2023-29130

Trust: 0.1

sources: CNVD: CNVD-2023-60605 // VULMON: CVE-2023-29130 // JVNDB: JVNDB-2023-021882 // CNNVD: CNNVD-202307-747 // NVD: CVE-2023-29130

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-313488.pdf

Trust: 2.5

url:https://jvn.jp/vu/jvnvu95292697/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2023-29130

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-23-194-03

Trust: 0.8

url:https://cert-portal.siemens.com/productcert/html/ssa-313488.html

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2023-29130/

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2023-60605 // VULMON: CVE-2023-29130 // JVNDB: JVNDB-2023-021882 // CNNVD: CNNVD-202307-747 // NVD: CVE-2023-29130

SOURCES

db:CNVDid:CNVD-2023-60605
db:VULMONid:CVE-2023-29130
db:JVNDBid:JVNDB-2023-021882
db:CNNVDid:CNNVD-202307-747
db:NVDid:CVE-2023-29130

LAST UPDATE DATE

2024-08-14T12:29:28.575000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2023-60605date:2023-08-02T00:00:00
db:VULMONid:CVE-2023-29130date:2023-07-11T00:00:00
db:JVNDBid:JVNDB-2023-021882date:2024-01-19T08:13:00
db:CNNVDid:CNNVD-202307-747date:2023-07-19T00:00:00
db:NVDid:CVE-2023-29130date:2023-07-18T15:53:09.663

SOURCES RELEASE DATE

db:CNVDid:CNVD-2023-60605date:2023-08-02T00:00:00
db:VULMONid:CVE-2023-29130date:2023-07-11T00:00:00
db:JVNDBid:JVNDB-2023-021882date:2024-01-19T00:00:00
db:CNNVDid:CNNVD-202307-747date:2023-07-11T00:00:00
db:NVDid:CVE-2023-29130date:2023-07-11T10:15:10.407