Details of VAR-202309-0571

ID

VAR-202309-0571

CVE

CVE-2023-41846

TITLE

Siemens Tecnomatix Plant Simulation Buffer Overflow Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2023-71231

DESCRIPTION

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application is vulnerable to memory corruption while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process. Siemens Tecnomatix Plant Simulation is an industrial control equipment from Germany's Siemens Company. It uses discrete event simulation to conduct production volume analysis and optimization, thereby improving manufacturing system performance

Trust: 1.53

sources: NVD: CVE-2023-41846 // CNVD: CNVD-2023-71231 // VULMON: CVE-2023-41846

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2023-71231

AFFECTED PRODUCTS

vendor:	siemens	model:	tecnomatix	scope:	lt	version:	2201.0008	Trust: 1.0
vendor:	siemens	model:	tecnomatix	scope:	gte	version:	2201	Trust: 1.0
vendor:	siemens	model:	tecnomatix	scope:	gte	version:	2302	Trust: 1.0
vendor:	siemens	model:	tecnomatix	scope:	lt	version:	2302.0002	Trust: 1.0
vendor:	siemens	model:	tecnomatix plant simulation	scope:	eq	version:	v2201<v2201.0008	Trust: 0.6
vendor:	siemens	model:	tecnomatix plant simulation	scope:	eq	version:	v2302<v2302.0002	Trust: 0.6

sources: CNVD: CNVD-2023-71231 // NVD: CVE-2023-41846

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2023-41846
value:	HIGH
Trust: 1.0
productcert@siemens.com:	CVE-2023-41846
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2023-71231
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2023-71231
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2023-41846
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 2.0

sources: CNVD: CNVD-2023-71231 // NVD: CVE-2023-41846 // NVD: CVE-2023-41846

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.0

sources: NVD: CVE-2023-41846

PATCH

title:

Patch for Siemens Tecnomatix Plant Simulation Buffer Overflow Vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/463426

Trust: 0.6

sources: CNVD: CNVD-2023-71231

EXTERNAL IDS

db:	NVD	id:	CVE-2023-41846	Trust: 1.7
db:	SIEMENS	id:	SSA-764801	Trust: 1.7
db:	CNVD	id:	CNVD-2023-71231	Trust: 0.6
db:	VULMON	id:	CVE-2023-41846	Trust: 0.1

sources: CNVD: CNVD-2023-71231 // VULMON: CVE-2023-41846 // NVD: CVE-2023-41846

REFERENCES

url:	https://cert-portal.siemens.com/productcert/pdf/ssa-764801.pdf	Trust: 1.7
url:	https://cwe.mitre.org/data/definitions/119.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2023-71231 // VULMON: CVE-2023-41846 // NVD: CVE-2023-41846

SOURCES

db:	CNVD	id:	CNVD-2023-71231
db:	VULMON	id:	CVE-2023-41846
db:	NVD	id:	CVE-2023-41846

LAST UPDATE DATE

2024-08-14T12:29:54.393000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2023-71231	date:	2023-09-21T00:00:00
db:	VULMON	id:	CVE-2023-41846	date:	2023-09-12T00:00:00
db:	NVD	id:	CVE-2023-41846	date:	2023-09-14T18:00:49.853

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2023-71231	date:	2023-09-22T00:00:00
db:	VULMON	id:	CVE-2023-41846	date:	2023-09-12T00:00:00
db:	NVD	id:	CVE-2023-41846	date:	2023-09-12T10:15:29.880