ID

VAR-202310-0249


CVE

CVE-2023-37194


TITLE

Access control vulnerabilities in multiple Siemens products

Trust: 0.8

sources: JVNDB: JVNDB-2023-014725

DESCRIPTION

A vulnerability has been identified in SIMATIC CP 1604 (All versions), SIMATIC CP 1616 (All versions), SIMATIC CP 1623 (All versions), SIMATIC CP 1626 (All versions), SIMATIC CP 1628 (All versions). The kernel memory of affected devices is exposed to user-mode via direct memory access (DMA) which could allow a local attacker with administrative privileges to execute arbitrary code on the host system without any restrictions. SIMATIC CP 1604 firmware, SIMATIC CP 1616 firmware, simatic cp 1623 Multiple Siemens products, including firmware, contain vulnerabilities related to access control.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. SIMATIC CP 1623, CP 1626 and CP 1628 are PCI express cards for connecting Industrial Ethernet. SIMATIC CP 1604 and CP 1616 are PCI/PCI-104 cards for connecting field devices to PROFINET Industrial Ethernet. Siemens SIMATIC CP devices have an improper access control vulnerability

Trust: 2.16

sources: NVD: CVE-2023-37194 // JVNDB: JVNDB-2023-014725 // CNVD: CNVD-2023-75576

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2023-75576

AFFECTED PRODUCTS

vendor:siemensmodel:simatic cp 1623scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:simatic cp 1616scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:simatic cp 1628scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:simatic cp 1626scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:simatic cp 1604scope:eqversion: -

Trust: 1.0

vendor:シーメンスmodel:simatic cp 1626scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic cp 1616scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic cp 1623scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic cp 1604scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic cp 1628scope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic cpscope:eqversion:1604

Trust: 0.6

vendor:siemensmodel:simatic cpscope:eqversion:1616

Trust: 0.6

vendor:siemensmodel:simatic cpscope:eqversion:1623

Trust: 0.6

vendor:siemensmodel:simatic cpscope:eqversion:1626

Trust: 0.6

vendor:siemensmodel:simatic cpscope:eqversion:1628

Trust: 0.6

sources: CNVD: CNVD-2023-75576 // JVNDB: JVNDB-2023-014725 // NVD: CVE-2023-37194

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com: CVE-2023-37194
value: MEDIUM

Trust: 1.0

OTHER: JVNDB-2023-014725
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2023-75576
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2023-75576
severity: MEDIUM
baseScore: 6.5
vectorString: AV:L/AC:L/AU:M/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: MULTIPLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 2.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

productcert@siemens.com: CVE-2023-37194
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.1

Trust: 1.0

OTHER: JVNDB-2023-014725
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2023-75576 // JVNDB: JVNDB-2023-014725 // NVD: CVE-2023-37194

PROBLEMTYPE DATA

problemtype:CWE-284

Trust: 1.0

problemtype:Inappropriate access control (CWE-284) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-014725 // NVD: CVE-2023-37194

PATCH

title:Patch for Improper Access Control Vulnerability of Siemens SIMATIC CP Devicesurl:https://www.cnvd.org.cn/patchInfo/show/466711

Trust: 0.6

sources: CNVD: CNVD-2023-75576

EXTERNAL IDS

db:NVDid:CVE-2023-37194

Trust: 3.2

db:SIEMENSid:SSA-784849

Trust: 2.4

db:JVNid:JVNVU98753493

Trust: 0.8

db:ICS CERTid:ICSA-23-285-01

Trust: 0.8

db:JVNDBid:JVNDB-2023-014725

Trust: 0.8

db:CNVDid:CNVD-2023-75576

Trust: 0.6

sources: CNVD: CNVD-2023-75576 // JVNDB: JVNDB-2023-014725 // NVD: CVE-2023-37194

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-784849.pdf

Trust: 1.8

url:https://jvn.jp/vu/jvnvu98753493/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2023-37194

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-23-285-01

Trust: 0.8

url:https://cert-portal.siemens.com/productcert/html/ssa-784849.html

Trust: 0.6

sources: CNVD: CNVD-2023-75576 // JVNDB: JVNDB-2023-014725 // NVD: CVE-2023-37194

SOURCES

db:CNVDid:CNVD-2023-75576
db:JVNDBid:JVNDB-2023-014725
db:NVDid:CVE-2023-37194

LAST UPDATE DATE

2024-08-14T13:19:43.499000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2023-75576date:2023-10-11T00:00:00
db:JVNDBid:JVNDB-2023-014725date:2023-12-25T06:04:00
db:NVDid:CVE-2023-37194date:2023-10-16T18:28:22.733

SOURCES RELEASE DATE

db:CNVDid:CNVD-2023-75576date:2023-10-13T00:00:00
db:JVNDBid:JVNDB-2023-014725date:2023-12-25T00:00:00
db:NVDid:CVE-2023-37194date:2023-10-10T11:15:11.903