ID

VAR-202309-0571


CVE

CVE-2023-41846


TITLE

Siemens Tecnomatix Plant Simulation Buffer Overflow Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2023-71231

DESCRIPTION

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application is vulnerable to memory corruption while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process. Siemens Tecnomatix Plant Simulation is an industrial control equipment from Germany's Siemens Company. It uses discrete event simulation to conduct production volume analysis and optimization, thereby improving manufacturing system performance

Trust: 1.53

sources: NVD: CVE-2023-41846 // CNVD: CNVD-2023-71231 // VULMON: CVE-2023-41846

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2023-71231

AFFECTED PRODUCTS

vendor:siemensmodel:tecnomatixscope:ltversion:2201.0008

Trust: 1.0

vendor:siemensmodel:tecnomatixscope:gteversion:2201

Trust: 1.0

vendor:siemensmodel:tecnomatixscope:gteversion:2302

Trust: 1.0

vendor:siemensmodel:tecnomatixscope:ltversion:2302.0002

Trust: 1.0

vendor:siemensmodel:tecnomatix plant simulationscope:eqversion:v2201<v2201.0008

Trust: 0.6

vendor:siemensmodel:tecnomatix plant simulationscope:eqversion:v2302<v2302.0002

Trust: 0.6

sources: CNVD: CNVD-2023-71231 // NVD: CVE-2023-41846

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-41846
value: HIGH

Trust: 1.0

productcert@siemens.com: CVE-2023-41846
value: HIGH

Trust: 1.0

CNVD: CNVD-2023-71231
value: HIGH

Trust: 0.6

CNVD: CNVD-2023-71231
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2023-41846
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 2.0

sources: CNVD: CNVD-2023-71231 // NVD: CVE-2023-41846 // NVD: CVE-2023-41846

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.0

sources: NVD: CVE-2023-41846

PATCH

title:Patch for Siemens Tecnomatix Plant Simulation Buffer Overflow Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/463426

Trust: 0.6

sources: CNVD: CNVD-2023-71231

EXTERNAL IDS

db:NVDid:CVE-2023-41846

Trust: 1.7

db:SIEMENSid:SSA-764801

Trust: 1.7

db:CNVDid:CNVD-2023-71231

Trust: 0.6

db:VULMONid:CVE-2023-41846

Trust: 0.1

sources: CNVD: CNVD-2023-71231 // VULMON: CVE-2023-41846 // NVD: CVE-2023-41846

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-764801.pdf

Trust: 1.7

url:https://cwe.mitre.org/data/definitions/119.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2023-71231 // VULMON: CVE-2023-41846 // NVD: CVE-2023-41846

SOURCES

db:CNVDid:CNVD-2023-71231
db:VULMONid:CVE-2023-41846
db:NVDid:CVE-2023-41846

LAST UPDATE DATE

2024-08-14T12:29:54.393000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2023-71231date:2023-09-21T00:00:00
db:VULMONid:CVE-2023-41846date:2023-09-12T00:00:00
db:NVDid:CVE-2023-41846date:2023-09-14T18:00:49.853

SOURCES RELEASE DATE

db:CNVDid:CNVD-2023-71231date:2023-09-22T00:00:00
db:VULMONid:CVE-2023-41846date:2023-09-12T00:00:00
db:NVDid:CVE-2023-41846date:2023-09-12T10:15:29.880