ID

VAR-202309-0636


CVE

CVE-2023-28831


TITLE

Integer overflow vulnerability in multiple Siemens products

Trust: 0.8

sources: JVNDB: JVNDB-2023-012685

DESCRIPTION

The OPC UA implementations (ANSI C and C++) in affected products contain an integer overflow vulnerability that could cause the application to run into an infinite loop during certificate validation. This could allow an unauthenticated remote attacker to create a denial of service condition by sending a specially crafted certificate. simatic cloud connect 7 cc712 firmware, simatic cloud connect 7 cc716 firmware, SIMATIC Drive Controller CPU 1504D TF Multiple Siemens products, including firmware, contain an integer overflow vulnerability.Service operation interruption (DoS) It may be in a state. SIMATIC Cloud Connect 7 is an IoT gateway for connecting programmable logic controllers to cloud services and allows field devices to interface with OPC UA servers as OPC UA clients. SIMATIC Drive Controllers are designed for the automation of production machines and combine the functions of the SIMATIC S7-1500 CPU and the SINAMICS S120 drive control. The SIMATIC ET 200SP Open Controller is a PC-based version of the SIMATIC S7-1500 controller and includes optional visualization combined with central I/O in a compact device. SIMATIC S7-1200 CPU products are designed for discrete and continuous control in industrial environments such as global manufacturing, food and beverage, and chemical industries. SIMATIC S7-1500 CPU products are designed for discrete and continuous control in industrial environments such as global manufacturing, food and beverage, and chemical industries. SIMATIC S7-1500 ODK CPUs offer the functionality of a standard S7-1500 CPU, but also offer the possibility to run C/C++ code within the CPU runtime to execute your own functions/algorithms implemented in C/C++. They are designed for discrete and continuous control in industrial environments such as the manufacturing, food and beverage, and chemical industries around the world. SIMATIC S7-1500 Software Controller is the SIMATIC software controller for PC-based automation solutions. SIMATIC S7-PLCSIM Advanced simulates S7-1200, S7-1500 and some other PLC derivatives. Includes full network access to simulated PLCs, even in virtualized environments. Siemens SIMATIC product ANSI C OPC UA SDK has a denial of service vulnerability

Trust: 2.25

sources: NVD: CVE-2023-28831 // JVNDB: JVNDB-2023-012685 // CNVD: CNVD-2023-69803 // VULMON: CVE-2023-28831

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2023-69803

AFFECTED PRODUCTS

vendor:siemensmodel:siplus s7-1500 cpu pnscope:eqversion:1511-1<v2.9.7

Trust: 1.8

vendor:siemensmodel:simatic s7-1500 cpu pnscope:eqversion:1511-1<v2.9.7

Trust: 1.2

vendor:siemensmodel:simatic s7-1500 cpu 1511c-1 pnscope:ltversion:v2.9.7

Trust: 1.2

vendor:siemensmodel:simatic s7-1500 cpu 1511f-1 pnscope:ltversion:v2.9.7

Trust: 1.2

vendor:siemensmodel:siplus s7-1500 cpu 1516f-3 pn\/dpscope:ltversion:2.9.7

Trust: 1.0

vendor:siemensmodel:siplus s7-1500 cpu 1511-1 pn tx railscope:ltversion:2.9.7

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1512c-1 pnscope:ltversion:3.0.3

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1517-3 pn\/dpscope:ltversion:3.0.3

Trust: 1.0

vendor:siemensmodel:simatic s7-1200 cpuscope:ltversion:3.0.3

Trust: 1.0

vendor:siemensmodel:siplus s7-1500 cpu 1518hf-4 pnscope:ltversion:3.0.3

Trust: 1.0

vendor:siemensmodel:siplus s7-1500 cpu 1516-3 pn\/dp railscope:ltversion:2.9.7

Trust: 1.0

vendor:siemensmodel:siplus s7-1500 cpu 1511f-1 pnscope:ltversion:2.9.7

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1510sp f-1 pnscope:ltversion:3.0.3

Trust: 1.0

vendor:siemensmodel:siplus s7-1500 cpu 1513f-1 pnscope:ltversion:2.9.7

Trust: 1.0

vendor:siemensmodel:siplus s7-1500 cpu 1513-1 pnscope:ltversion:2.9.7

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1518hf-4 pnscope:ltversion:2.9.7

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu s7-1518-4 pn\/dp odkscope:ltversion:2.9.7

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1518t-4 pn\/dpscope:ltversion:2.9.7

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1510sp-1 pnscope:ltversion:2.9.7

Trust: 1.0

vendor:siemensmodel:siplus et 200sp cpu 1510sp-1 pnscope:ltversion:2.9.7

Trust: 1.0

vendor:siemensmodel:siplus s7-1500 cpu 1511-1 pnscope:ltversion:2.9.7

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1516t-3 pn\/dpscope:ltversion:3.0.3

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1514spt f-2 pnscope:ltversion:2.9.7

Trust: 1.0

vendor:siemensmodel:siplus s7-1500 cpu 1511-1 pn t1 railscope:ltversion:2.9.7

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1516-3 pn\/dpscope:ltversion:3.0.3

Trust: 1.0

vendor:siemensmodel:simatic cloud connect 7 cc716scope:ltversion:2.2

Trust: 1.0

vendor:siemensmodel:simatic et 200sp open controller cpuscope:ltversion:2.9.7

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1516tf-3 pn\/dpscope:ltversion:3.0.3

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1517f-3 pn\/dpscope:ltversion:2.9.7

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1515tf-2 pnscope:ltversion:3.0.3

Trust: 1.0

vendor:siemensmodel:siplus et 200sp cpu 1512sp f-1 pnscope:ltversion:2.9.7

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1515r-2 pnscope:ltversion:2.9.7

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1518tf-4 pn\/dpscope:ltversion:2.9.7

Trust: 1.0

vendor:siemensmodel:siplus s7-1500 cpu 1515r-2 pnscope:ltversion:2.9.7

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1514spt-2 pnscope:ltversion:2.9.7

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1512sp f-1 pnscope:ltversion:3.0.3

Trust: 1.0

vendor:siemensmodel:siplus s7-1500 cpu 1516-3 pn\/dp tx railscope:ltversion:2.9.7

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1511tf-1 pnscope:ltversion:3.0.3

Trust: 1.0

vendor:siemensmodel:siplus s7-1500 cpu 1516-3 pn\/dpscope:ltversion:2.9.7

Trust: 1.0

vendor:siemensmodel:simatic cloud connect 7 cc712scope:ltversion:2.2

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1511t-1 pnscope:ltversion:2.9.7

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1518-4 pn\/dpscope:ltversion:21.9.7

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1518-4 pn\/dp mfpscope:ltversion:2.9.7

Trust: 1.0

vendor:siemensmodel:siplus s7-1500 cpu 1516f-3 pn\/dp railscope:ltversion:2.9.7

Trust: 1.0

vendor:siemensmodel:siplus et 200sp cpu 1510sp f-1 pnscope:ltversion:2.9.7

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1513r-1 pnscope:ltversion:2.9.7

Trust: 1.0

vendor:siemensmodel:siplus s7-1500 cpu 1515f-2 pn railscope:ltversion:2.9.7

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1511-1 pnscope:ltversion:21.9.7

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1517tf-3 pn\/dpscope:ltversion:2.9.7

Trust: 1.0

vendor:siemensmodel:siplus s7-1500 cpu 1515r-2 pn tx railscope:ltversion:2.9.7

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 software controllerscope:ltversion:2.9.7

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1514sp-2 pnscope:ltversion:3.0.3

Trust: 1.0

vendor:siemensmodel:siplus et 200sp cpu 1512sp f-1 pn railscope:ltversion:2.9.7

Trust: 1.0

vendor:siemensmodel:simatic drive controller cpu 1504d tfscope:ltversion:2.2

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1511f-1 pnscope:ltversion:2.9.7

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1511c-1 pnscope:ltversion:30.0.0

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1513-1 pnscope:ltversion:2.9.7

Trust: 1.0

vendor:siemensmodel:siplus s7-1500 cpu 1517h-3 pnscope:ltversion:3.0.3

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 et 200proscope:ltversion:2.9.7

Trust: 1.0

vendor:siemensmodel:siplus s7-1500 cpu 1515f-2 pnscope:ltversion:2.9.7

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu s7-1518f-4 pn\/dp odkscope:ltversion:2.9.7

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1517t-3 pn\/dpscope:ltversion:2.9.7

Trust: 1.0

vendor:siemensmodel:siplus s7-1500 cpu 1518f-4 pn\/dpscope:ltversion:3.0.3

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1515t-2 pnscope:ltversion:3.0.3

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1518f-4 pn\/dp mfpscope:ltversion:2.9.7

Trust: 1.0

vendor:siemensmodel:simatic drive controller cpu 1507d tfscope:ltversion:2.9.7

Trust: 1.0

vendor:siemensmodel:simatic s7-plcsim advancedscope:ltversion:2.9.7

Trust: 1.0

vendor:siemensmodel:siplus s7-1500 cpu 1518-4 pn\/dp mfpscope:ltversion:3.0.3

Trust: 1.0

vendor:siemensmodel:siplus s7-1500 cpu 1515f-2 pn t2 railscope:ltversion:2.9.7

Trust: 1.0

vendor:siemensmodel:siplus et 200sp cpu 1510sp-1 pn railscope:ltversion:2.9.7

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1512sp-1 pnscope:ltversion:2.9.7

Trust: 1.0

vendor:siemensmodel:siplus s7-1500 cpu 1518-4 pn\/dpscope:ltversion:3.0.3

Trust: 1.0

vendor:siemensmodel:siplus et 200sp cpu 1512sp-1 pnscope:ltversion:2.9.7

Trust: 1.0

vendor:siemensmodel:siplus et 200sp cpu 1510sp f-1 pn railscope:ltversion:2.9.7

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1515f-2 pnscope:ltversion:3.0.3

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1513f-1 pnscope:ltversion:2.9.7

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1517h-3 pnscope:ltversion:2.9.7

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1518f-4 pn\/dpscope:ltversion:2.9.7

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1514sp f-2 pnscope:ltversion:2.9.7

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1515-2 pnscope:ltversion:2.9.7

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1516f-3 pn\/dpscope:ltversion:3.0.3

Trust: 1.0

vendor:siemensmodel:siplus et 200sp cpu 1512sp-1 pn railscope:ltversion:2.9.7

Trust: 1.0

vendor:シーメンスmodel:simatic s7-1500 cpu 1510sp f-1 pnscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic s7 1500 cpu 1513-1 pnscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic s7-1500 cpu 1514sp-2 pnscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic s7-1500 cpu 1511f-1 pnscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic s7-1500 cpu 1512sp-1 pnscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic s7-1500 cpu 1513r-1 pnscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic et 200sp open controller cpuscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic s7-1200 cpuscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic s7-1500 cpu 1510sp-1 pnscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic s7-1500 cpu 1513f-1 pnscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic cloud connect 7 cc712scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic s7-1500 cpu 1512sp f-1 pnscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic s7-1500 cpu 1511-1 pnscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic s7-1500 cpu 1511tf-1 pnscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic cloud connect 7 cc716scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic s7-1500 cpu 1511c-1 pnscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic drive controller cpu 1504d tfscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic drive controller cpu 1507d tfscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic s7-1500 cpu 1511t-1 pnscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic s7-1500 cpu 1512c-1 pnscope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic s7-plcsim advancedscope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic s7-1200 cpu familyscope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic cloud connect cc712scope:eqversion:7<v2.2

Trust: 0.6

vendor:siemensmodel:simatic cloud connect cc716scope:eqversion:7<v2.2

Trust: 0.6

vendor:siemensmodel:simatic drive controller cpu 1504d tfscope:ltversion:v2.9.7

Trust: 0.6

vendor:siemensmodel:simatic drive controller cpu 1504d tfscope:gteversion:v3.0.1,<v3.0.3

Trust: 0.6

vendor:siemensmodel:simatic drive controller cpu 1507d tfscope:ltversion:v2.9.7

Trust: 0.6

vendor:siemensmodel:simatic drive controller cpu 1507d tfscope:gteversion:v3.0.1,<v3.0.3

Trust: 0.6

vendor:siemensmodel:simatic et 200sp open controller cpu 1515sp pc2scope:ltversion:v21.9.7

Trust: 0.6

vendor:siemensmodel:simatic s7-1500 cpu 1510sp f-1 pnscope:ltversion:v2.9.7

Trust: 0.6

vendor:siemensmodel:simatic s7-1500 cpu 1510sp f-1 pnscope:ltversion:v3.0.3

Trust: 0.6

vendor:siemensmodel:simatic s7-1500 cpu 1510sp-1 pnscope:ltversion:v2.9.7

Trust: 0.6

vendor:siemensmodel:simatic s7-1500 cpu 1510sp-1 pnscope:ltversion:v3.0.3

Trust: 0.6

vendor:siemensmodel:simatic s7-1500 cpu pnscope:eqversion:1511-1<v3.0.3

Trust: 0.6

vendor:siemensmodel:simatic s7-1500 cpu 1511f-1 pnscope:ltversion:v3.0.3

Trust: 0.6

vendor:siemensmodel:simatic s7-1500 cpu 1511t-1 pnscope:ltversion:v2.9.7

Trust: 0.6

vendor:siemensmodel:simatic s7-1500 cpu 1511t-1 pnscope:ltversion:v3.0.3

Trust: 0.6

vendor:siemensmodel:simatic s7-1500 software controllerscope:eqversion:v2<v21.9.7

Trust: 0.6

vendor:siemensmodel:simatic s7-1500 software controllerscope:eqversion:v3

Trust: 0.6

vendor:siemensmodel:siplus et 200sp cpu 1510sp f-1 pnscope:ltversion:v2.9.7

Trust: 0.6

vendor:siemensmodel:siplus et 200sp cpu 1510sp f-1 pn railscope:ltversion:v2.9.7

Trust: 0.6

vendor:siemensmodel:siplus et 200sp cpu 1510sp-1 pnscope:ltversion:v2.9.7

Trust: 0.6

vendor:siemensmodel:siplus s7-1500 cpu 1518hf-4 pnscope:ltversion:v3.0.3

Trust: 0.6

sources: CNVD: CNVD-2023-69803 // JVNDB: JVNDB-2023-012685 // NVD: CVE-2023-28831

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com: CVE-2023-28831
value: HIGH

Trust: 1.0

OTHER: JVNDB-2023-012685
value: HIGH

Trust: 0.8

CNVD: CNVD-2023-69803
value: HIGH

Trust: 0.6

CNVD: CNVD-2023-69803
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

productcert@siemens.com: CVE-2023-28831
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

OTHER: JVNDB-2023-012685
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2023-69803 // JVNDB: JVNDB-2023-012685 // NVD: CVE-2023-28831

PROBLEMTYPE DATA

problemtype:CWE-190

Trust: 1.0

problemtype:Integer overflow or wraparound (CWE-190) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-012685 // NVD: CVE-2023-28831

PATCH

title:Patch for Siemens SIMATIC product ANSI C OPC UA SDK denial of service vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/460891

Trust: 0.6

sources: CNVD: CNVD-2023-69803

EXTERNAL IDS

db:NVDid:CVE-2023-28831

Trust: 3.3

db:SIEMENSid:SSA-711309

Trust: 2.5

db:SIEMENSid:SSA-118850

Trust: 1.8

db:JVNid:JVNVU98271228

Trust: 0.8

db:JVNid:JVNVU98137233

Trust: 0.8

db:ICS CERTid:ICSA-23-257-01

Trust: 0.8

db:ICS CERTid:ICSA-23-348-06

Trust: 0.8

db:JVNDBid:JVNDB-2023-012685

Trust: 0.8

db:CNVDid:CNVD-2023-69803

Trust: 0.6

db:VULMONid:CVE-2023-28831

Trust: 0.1

sources: CNVD: CNVD-2023-69803 // VULMON: CVE-2023-28831 // JVNDB: JVNDB-2023-012685 // NVD: CVE-2023-28831

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-711309.pdf

Trust: 1.9

url:https://cert-portal.siemens.com/productcert/pdf/ssa-118850.pdf

Trust: 1.8

url:https://cert-portal.siemens.com/productcert/html/ssa-711309.html

Trust: 1.6

url:https://cert-portal.siemens.com/productcert/html/ssa-118850.html

Trust: 1.0

url:https://jvn.jp/vu/jvnvu98137233/

Trust: 0.8

url:https://jvn.jp/vu/jvnvu98271228/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2023-28831

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-23-257-01

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-06

Trust: 0.8

url:https://cwe.mitre.org/data/definitions/190.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2023-69803 // VULMON: CVE-2023-28831 // JVNDB: JVNDB-2023-012685 // NVD: CVE-2023-28831

SOURCES

db:CNVDid:CNVD-2023-69803
db:VULMONid:CVE-2023-28831
db:JVNDBid:JVNDB-2023-012685
db:NVDid:CVE-2023-28831

LAST UPDATE DATE

2024-08-14T12:54:16.917000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2023-69803date:2023-09-15T00:00:00
db:VULMONid:CVE-2023-28831date:2023-09-12T00:00:00
db:JVNDBid:JVNDB-2023-012685date:2023-12-18T07:19:00
db:NVDid:CVE-2023-28831date:2024-02-13T09:15:43.637

SOURCES RELEASE DATE

db:CNVDid:CNVD-2023-69803date:2023-09-14T00:00:00
db:VULMONid:CVE-2023-28831date:2023-09-12T00:00:00
db:JVNDBid:JVNDB-2023-012685date:2023-12-18T00:00:00
db:NVDid:CVE-2023-28831date:2023-09-12T10:15:27.230