ID

VAR-202312-0238


CVE

CVE-2023-46285


TITLE

Vulnerabilities in multiple Siemens products

Trust: 0.8

sources: JVNDB: JVNDB-2023-019619

DESCRIPTION

A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an improper input validation vulnerability that could allow an attacker to bring the service into a Denial-of-Service state by sending a specifically crafted message to 4004/tcp. The corresponding service is auto-restarted after the crash is detected by a watchdog. Opcenter Quality , SIMATIC PCS neo , sinumerik integrate runmyhmi /automotive Unspecified vulnerabilities exist in multiple Siemens products.Service operation interruption (DoS) It may be in a state. Opcenter Quality is a quality management system (QMS) that enables organizations to ensure compliance, optimize quality, reduce defect and rework costs, and achieve operational excellence by increasing process stability. SIMATIC PCS neo is a distributed control system (DCS). The SINUMERIK integrated product suite facilitates simple networking of machine tools in IT in production environments. User Management Component (UMC) is an integrated component that enables system-wide centralized maintenance of users. There is an improper input validation vulnerability in Siemens User Management Component (UMC)

Trust: 2.16

sources: NVD: CVE-2023-46285 // JVNDB: JVNDB-2023-019619 // CNVD: CNVD-2023-97279

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2023-97279

AFFECTED PRODUCTS

vendor:siemensmodel:simatic pcs neoscope:ltversion:4.1

Trust: 1.6

vendor:siemensmodel:totally integrated automation portalscope:ltversion:17

Trust: 1.0

vendor:siemensmodel:totally integrated automation portalscope:ltversion:15

Trust: 1.0

vendor:siemensmodel:totally integrated automation portalscope:ltversion:18

Trust: 1.0

vendor:siemensmodel:totally integrated automation portalscope:eqversion:18

Trust: 1.0

vendor:siemensmodel:totally integrated automation portalscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:totally integrated automation portalscope:gteversion:17

Trust: 1.0

vendor:siemensmodel:totally integrated automation portalscope:gteversion:15

Trust: 1.0

vendor:siemensmodel:opcenter qualityscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:totally integrated automation portalscope:ltversion:16

Trust: 1.0

vendor:siemensmodel:totally integrated automation portalscope:gteversion:16

Trust: 1.0

vendor:siemensmodel:totally integrated automation portalscope:gteversion:14.0

Trust: 1.0

vendor:siemensmodel:sinumerik integrate runmyhmi \/automotivescope:eqversion: -

Trust: 1.0

vendor:シーメンスmodel:simatic pcs neoscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:opcenter qualityscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:totally integrated automation portalscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:sinumerik integrate runmyhmi /automotivescope: - version: -

Trust: 0.8

vendor:siemensmodel:totally integrated automation portalscope:eqversion:v16

Trust: 0.6

vendor:siemensmodel:totally integrated automation portalscope:eqversion:v17

Trust: 0.6

vendor:siemensmodel:totally integrated automation portalscope:eqversion:v14

Trust: 0.6

vendor:siemensmodel:opcenter qualityscope: - version: -

Trust: 0.6

vendor:siemensmodel:sinumerik integrate runmyhmi /automotivescope: - version: -

Trust: 0.6

vendor:siemensmodel:totally integrated automation portal updatescope:eqversion:v18<v183

Trust: 0.6

sources: CNVD: CNVD-2023-97279 // JVNDB: JVNDB-2023-019619 // NVD: CVE-2023-46285

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com: CVE-2023-46285
value: HIGH

Trust: 1.0

OTHER: JVNDB-2023-019619
value: HIGH

Trust: 0.8

CNVD: CNVD-2023-97279
value: HIGH

Trust: 0.6

CNVD: CNVD-2023-97279
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

productcert@siemens.com: CVE-2023-46285
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

OTHER: JVNDB-2023-019619
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2023-97279 // JVNDB: JVNDB-2023-019619 // NVD: CVE-2023-46285

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-20

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-019619 // NVD: CVE-2023-46285

PATCH

title:Patch for Siemens User Management Component (UMC) Improper Input Validation Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/500461

Trust: 0.6

sources: CNVD: CNVD-2023-97279

EXTERNAL IDS

db:NVDid:CVE-2023-46285

Trust: 3.2

db:SIEMENSid:SSA-999588

Trust: 2.4

db:ICS CERTid:ICSA-23-348-03

Trust: 0.8

db:JVNid:JVNVU98271228

Trust: 0.8

db:JVNDBid:JVNDB-2023-019619

Trust: 0.8

db:CNVDid:CNVD-2023-97279

Trust: 0.6

sources: CNVD: CNVD-2023-97279 // JVNDB: JVNDB-2023-019619 // NVD: CVE-2023-46285

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-999588.pdf

Trust: 1.8

url:https://cert-portal.siemens.com/productcert/html/ssa-999588.html

Trust: 1.6

url:https://jvn.jp/vu/jvnvu98271228/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2023-46285

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-03

Trust: 0.8

sources: CNVD: CNVD-2023-97279 // JVNDB: JVNDB-2023-019619 // NVD: CVE-2023-46285

SOURCES

db:CNVDid:CNVD-2023-97279
db:JVNDBid:JVNDB-2023-019619
db:NVDid:CVE-2023-46285

LAST UPDATE DATE

2024-10-08T20:05:47.501000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2023-97279date:2023-12-13T00:00:00
db:JVNDBid:JVNDB-2023-019619date:2024-01-15T02:22:00
db:NVDid:CVE-2023-46285date:2024-10-08T09:15:09.907

SOURCES RELEASE DATE

db:CNVDid:CNVD-2023-97279date:2023-12-15T00:00:00
db:JVNDBid:JVNDB-2023-019619date:2024-01-15T00:00:00
db:NVDid:CVE-2023-46285date:2023-12-12T12:15:14.477