ID

VAR-202312-0235


CVE

CVE-2023-46281


TITLE

Overly permissive cross-domain whitelisting vulnerability in multiple Siemens products

Trust: 0.8

sources: JVNDB: JVNDB-2023-019623

DESCRIPTION

A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). When accessing the UMC Web-UI from affected products, UMC uses an overly permissive CORS policy. This could allow an attacker to trick a legitimate user to trigger unwanted behavior. Opcenter Quality , SIMATIC PCS neo , sinumerik integrate runmyhmi /automotive Multiple Siemens products are vulnerable to overly permissive cross-domain whitelisting.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Opcenter Quality is a quality management system (QMS) that enables organizations to ensure compliance, optimize quality, reduce defect and rework costs, and achieve operational excellence by increasing process stability. SIMATIC PCS neo is a distributed control system (DCS). The SINUMERIK integrated product suite facilitates simple networking of machine tools in IT in production environments. User Management Component (UMC) is an integrated component that enables system-wide centralized maintenance of users

Trust: 2.16

sources: NVD: CVE-2023-46281 // JVNDB: JVNDB-2023-019623 // CNVD: CNVD-2023-97278

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2023-97278

AFFECTED PRODUCTS

vendor:siemensmodel:simatic pcs neoscope:ltversion:4.1

Trust: 1.6

vendor:siemensmodel:totally integrated automation portalscope:ltversion:17

Trust: 1.0

vendor:siemensmodel:totally integrated automation portalscope:ltversion:15

Trust: 1.0

vendor:siemensmodel:totally integrated automation portalscope:ltversion:18

Trust: 1.0

vendor:siemensmodel:totally integrated automation portalscope:eqversion:18

Trust: 1.0

vendor:siemensmodel:totally integrated automation portalscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:totally integrated automation portalscope:gteversion:17

Trust: 1.0

vendor:siemensmodel:totally integrated automation portalscope:gteversion:15

Trust: 1.0

vendor:siemensmodel:opcenter qualityscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:totally integrated automation portalscope:ltversion:16

Trust: 1.0

vendor:siemensmodel:totally integrated automation portalscope:gteversion:16

Trust: 1.0

vendor:siemensmodel:totally integrated automation portalscope:gteversion:14.0

Trust: 1.0

vendor:siemensmodel:sinumerik integrate runmyhmi \/automotivescope:eqversion: -

Trust: 1.0

vendor:シーメンスmodel:simatic pcs neoscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:opcenter qualityscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:totally integrated automation portalscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:sinumerik integrate runmyhmi /automotivescope: - version: -

Trust: 0.8

vendor:siemensmodel:totally integrated automation portalscope:eqversion:v16

Trust: 0.6

vendor:siemensmodel:totally integrated automation portalscope:eqversion:v17

Trust: 0.6

vendor:siemensmodel:totally integrated automation portalscope:eqversion:v14

Trust: 0.6

vendor:siemensmodel:totally integrated automation portalscope:eqversion:v15.1

Trust: 0.6

vendor:siemensmodel:opcenter qualityscope: - version: -

Trust: 0.6

vendor:siemensmodel:sinumerik integrate runmyhmi /automotivescope: - version: -

Trust: 0.6

vendor:siemensmodel:totally integrated automation portal updatescope:eqversion:v18<v183

Trust: 0.6

sources: CNVD: CNVD-2023-97278 // JVNDB: JVNDB-2023-019623 // NVD: CVE-2023-46281

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-46281
value: HIGH

Trust: 1.0

productcert@siemens.com: CVE-2023-46281
value: HIGH

Trust: 1.0

NVD: CVE-2023-46281
value: HIGH

Trust: 0.8

CNVD: CNVD-2023-97278
value: HIGH

Trust: 0.6

CNVD: CNVD-2023-97278
severity: HIGH
baseScore: 7.3
vectorString: AV:N/AC:H/AU:N/C:C/I:C/A:P
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: PARTIAL
exploitabilityScore: 4.9
impactScore: 9.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2023-46281
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

productcert@siemens.com: CVE-2023-46281
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: LOW
exploitabilityScore: 1.6
impactScore: 5.5
version: 3.1

Trust: 1.0

NVD: CVE-2023-46281
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2023-97278 // JVNDB: JVNDB-2023-019623 // NVD: CVE-2023-46281 // NVD: CVE-2023-46281

PROBLEMTYPE DATA

problemtype:CWE-942

Trust: 1.0

problemtype:Overly permissive cross-domain whitelisting (CWE-942) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-019623 // NVD: CVE-2023-46281

PATCH

title:Patch for Siemens User Management Component (UMC) has an unspecified vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/500431

Trust: 0.6

sources: CNVD: CNVD-2023-97278

EXTERNAL IDS

db:NVDid:CVE-2023-46281

Trust: 3.2

db:SIEMENSid:SSA-999588

Trust: 2.4

db:JVNid:JVNVU98271228

Trust: 0.8

db:ICS CERTid:ICSA-23-348-03

Trust: 0.8

db:JVNDBid:JVNDB-2023-019623

Trust: 0.8

db:CNVDid:CNVD-2023-97278

Trust: 0.6

sources: CNVD: CNVD-2023-97278 // JVNDB: JVNDB-2023-019623 // NVD: CVE-2023-46281

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-999588.pdf

Trust: 1.8

url:https://cert-portal.siemens.com/productcert/html/ssa-999588.html

Trust: 1.6

url:https://jvn.jp/vu/jvnvu98271228/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2023-46281

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-03

Trust: 0.8

sources: CNVD: CNVD-2023-97278 // JVNDB: JVNDB-2023-019623 // NVD: CVE-2023-46281

SOURCES

db:CNVDid:CNVD-2023-97278
db:JVNDBid:JVNDB-2023-019623
db:NVDid:CVE-2023-46281

LAST UPDATE DATE

2024-10-08T23:01:26.373000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2023-97278date:2023-12-13T00:00:00
db:JVNDBid:JVNDB-2023-019623date:2024-01-15T02:22:00
db:NVDid:CVE-2023-46281date:2024-10-08T09:15:09.133

SOURCES RELEASE DATE

db:CNVDid:CNVD-2023-97278date:2023-12-15T00:00:00
db:JVNDBid:JVNDB-2023-019623date:2024-01-15T00:00:00
db:NVDid:CVE-2023-46281date:2023-12-12T12:15:13.653