ID

VAR-202311-0458


CVE

CVE-2023-46097


TITLE

Siemens'  SIMATIC PCS neo  In  SQL  Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2023-017480

DESCRIPTION

A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). The PUD Manager of affected products does not properly neutralize user provided inputs. This could allow an authenticated adjacent attacker to execute SQL statements in the underlying database. Siemens' SIMATIC PCS neo for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. SIMATIC PCS neo is a distributed control system (DCS)

Trust: 2.16

sources: NVD: CVE-2023-46097 // JVNDB: JVNDB-2023-017480 // CNVD: CNVD-2023-86337

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2023-86337

AFFECTED PRODUCTS

vendor:siemensmodel:simatic pcs neoscope:ltversion:4.1

Trust: 1.6

vendor:シーメンスmodel:simatic pcs neoscope:eqversion: -

Trust: 0.8

vendor:シーメンスmodel:simatic pcs neoscope:eqversion:4.1

Trust: 0.8

vendor:シーメンスmodel:simatic pcs neoscope: - version: -

Trust: 0.8

sources: CNVD: CNVD-2023-86337 // JVNDB: JVNDB-2023-017480 // NVD: CVE-2023-46097

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-46097
value: HIGH

Trust: 1.0

productcert@siemens.com: CVE-2023-46097
value: MEDIUM

Trust: 1.0

NVD: CVE-2023-46097
value: HIGH

Trust: 0.8

CNVD: CNVD-2023-86337
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2023-86337
severity: MEDIUM
baseScore: 6.2
vectorString: AV:A/AC:L/AU:S/C:N/I:C/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: PARTIAL
exploitabilityScore: 5.1
impactScore: 7.8
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2023-46097
baseSeverity: HIGH
baseScore: 8.0
vectorString: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.1
impactScore: 5.9
version: 3.1

Trust: 1.0

productcert@siemens.com: CVE-2023-46097
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: LOW
exploitabilityScore: 2.1
impactScore: 4.2
version: 3.1

Trust: 1.0

NVD: CVE-2023-46097
baseSeverity: HIGH
baseScore: 8.0
vectorString: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2023-86337 // JVNDB: JVNDB-2023-017480 // NVD: CVE-2023-46097 // NVD: CVE-2023-46097

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.0

problemtype:SQL injection (CWE-89) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-017480 // NVD: CVE-2023-46097

PATCH

title:Patch for Siemens SIMATIC PCS neo SQL injection vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/481896

Trust: 0.6

sources: CNVD: CNVD-2023-86337

EXTERNAL IDS

db:NVDid:CVE-2023-46097

Trust: 3.2

db:SIEMENSid:SSA-456933

Trust: 2.4

db:ICS CERTid:ICSA-23-320-06

Trust: 0.8

db:JVNid:JVNVU92598492

Trust: 0.8

db:JVNDBid:JVNDB-2023-017480

Trust: 0.8

db:CNVDid:CNVD-2023-86337

Trust: 0.6

sources: CNVD: CNVD-2023-86337 // JVNDB: JVNDB-2023-017480 // NVD: CVE-2023-46097

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-456933.pdf

Trust: 1.8

url:https://jvn.jp/vu/jvnvu92598492/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2023-46097

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-23-320-06

Trust: 0.8

url:https://cert-portal.siemens.com/productcert/html/ssa-456933.html

Trust: 0.6

sources: CNVD: CNVD-2023-86337 // JVNDB: JVNDB-2023-017480 // NVD: CVE-2023-46097

SOURCES

db:CNVDid:CNVD-2023-86337
db:JVNDBid:JVNDB-2023-017480
db:NVDid:CVE-2023-46097

LAST UPDATE DATE

2024-08-14T13:06:19.557000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2023-86337date:2023-11-15T00:00:00
db:JVNDBid:JVNDB-2023-017480date:2024-01-09T03:18:00
db:NVDid:CVE-2023-46097date:2023-11-20T14:38:29.960

SOURCES RELEASE DATE

db:CNVDid:CNVD-2023-86337date:2023-11-15T00:00:00
db:JVNDBid:JVNDB-2023-017480date:2024-01-09T00:00:00
db:NVDid:CVE-2023-46097date:2023-11-14T11:15:14.360