Details of VAR-202312-0234

ID

VAR-202312-0234

CVE

CVE-2023-46283

TITLE

Classic buffer overflow vulnerability in multiple Siemens products

Trust: 0.8

sources: JVNDB: JVNDB-2023-019621

DESCRIPTION

A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer when handling specific requests on port 4002/tcp. This could allow an attacker to crash the application. The corresponding service is auto-restarted after the crash. Opcenter Quality , SIMATIC PCS neo , sinumerik integrate runmyhmi /automotive A classic buffer overflow vulnerability exists in several Siemens products.Service operation interruption (DoS) It may be in a state. Opcenter Quality is a quality management system (QMS) that enables organizations to ensure compliance, optimize quality, reduce defect and rework costs, and achieve operational excellence by increasing process stability. SIMATIC PCS neo is a distributed control system (DCS). The SINUMERIK integrated product suite facilitates simple networking of machine tools in IT in production environments. User Management Component (UMC) is an integrated component that enables system-wide centralized maintenance of users

Trust: 2.16

sources: NVD: CVE-2023-46283 // JVNDB: JVNDB-2023-019621 // CNVD: CNVD-2023-97276

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2023-97276

AFFECTED PRODUCTS

vendor:	siemens	model:	simatic pcs neo	scope:	lt	version:	4.1	Trust: 1.6
vendor:	siemens	model:	totally integrated automation portal	scope:	lt	version:	17	Trust: 1.0
vendor:	siemens	model:	totally integrated automation portal	scope:	gte	version:	17	Trust: 1.0
vendor:	siemens	model:	totally integrated automation portal	scope:	lt	version:	18	Trust: 1.0
vendor:	siemens	model:	sinumerik integrate runmyhmi \/automotive	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	totally integrated automation portal	scope:	gte	version:	15	Trust: 1.0
vendor:	siemens	model:	totally integrated automation portal	scope:	eq	version:	18	Trust: 1.0
vendor:	siemens	model:	opcenter quality	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	totally integrated automation portal	scope:	lt	version:	15	Trust: 1.0
vendor:	siemens	model:	totally integrated automation portal	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	totally integrated automation portal	scope:	lt	version:	16	Trust: 1.0
vendor:	siemens	model:	totally integrated automation portal	scope:	gte	version:	16	Trust: 1.0
vendor:	siemens	model:	totally integrated automation portal	scope:	gte	version:	14.0	Trust: 1.0
vendor:	シーメンス	model:	simatic pcs neo	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	opcenter quality	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	totally integrated automation portal	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	sinumerik integrate runmyhmi /automotive	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	totally integrated automation portal	scope:	eq	version:	v16	Trust: 0.6
vendor:	siemens	model:	totally integrated automation portal	scope:	eq	version:	v17	Trust: 0.6
vendor:	siemens	model:	totally integrated automation portal	scope:	eq	version:	v14	Trust: 0.6
vendor:	siemens	model:	totally integrated automation portal	scope:	eq	version:	v15.1	Trust: 0.6
vendor:	siemens	model:	opcenter quality	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	sinumerik integrate runmyhmi /automotive	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	totally integrated automation portal update	scope:	eq	version:	v18<v183	Trust: 0.6

sources: CNVD: CNVD-2023-97276 // JVNDB: JVNDB-2023-019621 // NVD: CVE-2023-46283

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com:	CVE-2023-46283
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2023-019621
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2023-97276
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2023-97276
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

productcert@siemens.com:	CVE-2023-46283
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2023-019621
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2023-97276 // JVNDB: JVNDB-2023-019621 // NVD: CVE-2023-46283

PROBLEMTYPE DATA

problemtype:	CWE-120	Trust: 1.0
problemtype:	Classic buffer overflow (CWE-120) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-019621 // NVD: CVE-2023-46283

PATCH

title:

Patch for Siemens User Management Component (UMC) classic buffer overflow vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/500451

Trust: 0.6

sources: CNVD: CNVD-2023-97276

EXTERNAL IDS

db:	NVD	id:	CVE-2023-46283	Trust: 3.2
db:	SIEMENS	id:	SSA-999588	Trust: 2.4
db:	JVN	id:	JVNVU98271228	Trust: 0.8
db:	ICS CERT	id:	ICSA-23-348-03	Trust: 0.8
db:	JVNDB	id:	JVNDB-2023-019621	Trust: 0.8
db:	CNVD	id:	CNVD-2023-97276	Trust: 0.6

sources: CNVD: CNVD-2023-97276 // JVNDB: JVNDB-2023-019621 // NVD: CVE-2023-46283

REFERENCES

url:	https://cert-portal.siemens.com/productcert/pdf/ssa-999588.pdf	Trust: 1.8
url:	https://cert-portal.siemens.com/productcert/html/ssa-999588.html	Trust: 1.6
url:	https://jvn.jp/vu/jvnvu98271228/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2023-46283	Trust: 0.8
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-03	Trust: 0.8

sources: CNVD: CNVD-2023-97276 // JVNDB: JVNDB-2023-019621 // NVD: CVE-2023-46283

SOURCES

db:	CNVD	id:	CNVD-2023-97276
db:	JVNDB	id:	JVNDB-2023-019621
db:	NVD	id:	CVE-2023-46283

LAST UPDATE DATE

2024-09-10T22:09:16.034000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2023-97276	date:	2023-12-13T00:00:00
db:	JVNDB	id:	JVNDB-2023-019621	date:	2024-01-15T02:22:00
db:	NVD	id:	CVE-2023-46283	date:	2024-09-10T10:15:08.353

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2023-97276	date:	2023-12-15T00:00:00
db:	JVNDB	id:	JVNDB-2023-019621	date:	2024-01-15T00:00:00
db:	NVD	id:	CVE-2023-46283	date:	2023-12-12T12:15:14.067