ID

VAR-202312-0236


CVE

CVE-2023-46284


TITLE

Out-of-bounds write vulnerabilities in multiple Siemens products

Trust: 0.8

sources: JVNDB: JVNDB-2023-019620

DESCRIPTION

A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer when handling specific requests on port 4002/tcp and 4004/tcp. This could allow an attacker to crash the application. The corresponding service is auto-restarted after the crash. Opcenter Quality , SIMATIC PCS neo , sinumerik integrate runmyhmi /automotive Several Siemens products contain an out-of-bounds write vulnerability.Service operation interruption (DoS) It may be in a state. Opcenter Quality is a quality management system (QMS) that enables organizations to ensure compliance, optimize quality, reduce defect and rework costs, and achieve operational excellence by increasing process stability. SIMATIC PCS neo is a distributed control system (DCS). The SINUMERIK integrated product suite facilitates simple networking of machine tools in IT in production environments. User Management Component (UMC) is an integrated component that enables system-wide centralized maintenance of users. A classic buffer overflow vulnerability exists in the Siemens User Management Component (UMC)

Trust: 2.16

sources: NVD: CVE-2023-46284 // JVNDB: JVNDB-2023-019620 // CNVD: CNVD-2023-97275

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2023-97275

AFFECTED PRODUCTS

vendor:siemensmodel:simatic pcs neoscope:ltversion:4.1

Trust: 1.6

vendor:siemensmodel:totally integrated automation portalscope:ltversion:17

Trust: 1.0

vendor:siemensmodel:totally integrated automation portalscope:ltversion:15

Trust: 1.0

vendor:siemensmodel:totally integrated automation portalscope:ltversion:18

Trust: 1.0

vendor:siemensmodel:totally integrated automation portalscope:eqversion:18

Trust: 1.0

vendor:siemensmodel:totally integrated automation portalscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:totally integrated automation portalscope:gteversion:17

Trust: 1.0

vendor:siemensmodel:totally integrated automation portalscope:gteversion:15

Trust: 1.0

vendor:siemensmodel:opcenter qualityscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:totally integrated automation portalscope:ltversion:16

Trust: 1.0

vendor:siemensmodel:totally integrated automation portalscope:gteversion:16

Trust: 1.0

vendor:siemensmodel:totally integrated automation portalscope:gteversion:14.0

Trust: 1.0

vendor:siemensmodel:sinumerik integrate runmyhmi \/automotivescope:eqversion: -

Trust: 1.0

vendor:シーメンスmodel:simatic pcs neoscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:opcenter qualityscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:totally integrated automation portalscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:sinumerik integrate runmyhmi /automotivescope: - version: -

Trust: 0.8

vendor:siemensmodel:totally integrated automation portalscope:eqversion:v16

Trust: 0.6

vendor:siemensmodel:totally integrated automation portalscope:eqversion:v17

Trust: 0.6

vendor:siemensmodel:totally integrated automation portalscope:eqversion:v14

Trust: 0.6

vendor:siemensmodel:opcenter qualityscope: - version: -

Trust: 0.6

vendor:siemensmodel:sinumerik integrate runmyhmi /automotivescope: - version: -

Trust: 0.6

vendor:siemensmodel:totally integrated automation portal updatescope:eqversion:v18<v183

Trust: 0.6

sources: CNVD: CNVD-2023-97275 // JVNDB: JVNDB-2023-019620 // NVD: CVE-2023-46284

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com: CVE-2023-46284
value: HIGH

Trust: 1.0

OTHER: JVNDB-2023-019620
value: HIGH

Trust: 0.8

CNVD: CNVD-2023-97275
value: HIGH

Trust: 0.6

CNVD: CNVD-2023-97275
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

productcert@siemens.com: CVE-2023-46284
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

OTHER: JVNDB-2023-019620
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2023-97275 // JVNDB: JVNDB-2023-019620 // NVD: CVE-2023-46284

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.0

problemtype:CWE-787

Trust: 1.0

problemtype:Out-of-bounds writing (CWE-787) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-019620 // NVD: CVE-2023-46284

PATCH

title:Patch for Siemens User Management Component (UMC) classic buffer overflow vulnerability (CNVD-2023-97275)url:https://www.cnvd.org.cn/patchInfo/show/500456

Trust: 0.6

sources: CNVD: CNVD-2023-97275

EXTERNAL IDS

db:NVDid:CVE-2023-46284

Trust: 3.2

db:SIEMENSid:SSA-999588

Trust: 2.4

db:JVNid:JVNVU98271228

Trust: 0.8

db:ICS CERTid:ICSA-23-348-03

Trust: 0.8

db:JVNDBid:JVNDB-2023-019620

Trust: 0.8

db:CNVDid:CNVD-2023-97275

Trust: 0.6

sources: CNVD: CNVD-2023-97275 // JVNDB: JVNDB-2023-019620 // NVD: CVE-2023-46284

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-999588.pdf

Trust: 1.8

url:https://cert-portal.siemens.com/productcert/html/ssa-999588.html

Trust: 1.6

url:https://jvn.jp/vu/jvnvu98271228/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2023-46284

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-03

Trust: 0.8

sources: CNVD: CNVD-2023-97275 // JVNDB: JVNDB-2023-019620 // NVD: CVE-2023-46284

SOURCES

db:CNVDid:CNVD-2023-97275
db:JVNDBid:JVNDB-2023-019620
db:NVDid:CVE-2023-46284

LAST UPDATE DATE

2024-10-08T20:06:28.239000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2023-97275date:2023-12-13T00:00:00
db:JVNDBid:JVNDB-2023-019620date:2024-01-15T02:22:00
db:NVDid:CVE-2023-46284date:2024-10-08T09:15:09.700

SOURCES RELEASE DATE

db:CNVDid:CNVD-2023-97275date:2023-12-15T00:00:00
db:JVNDBid:JVNDB-2023-019620date:2024-01-15T00:00:00
db:NVDid:CVE-2023-46284date:2023-12-12T12:15:14.273