Details of VAR-202312-0259

ID

VAR-202312-0259

CVE

CVE-2023-46156

TITLE

Use of Freed Memory Vulnerability in Multiple Siemens Products

Trust: 0.8

sources: JVNDB: JVNDB-2023-019859

DESCRIPTION

Affected devices improperly handle specially crafted packets sent to port 102/tcp. This could allow an attacker to create a denial of service condition. A restart is needed to restore normal operations. SIMATIC Drive Controller CPU 1504D TF firmware, SIMATIC Drive Controller CPU 1507D TF firmware, simatic et 200sp open control 1515sp pc2 Multiple Siemens products, including firmware, contain vulnerabilities related to the use of freed memory.Service operation interruption (DoS) It may be in a state. SINUMERIK MC is a CNC system for customized machine solutions. SINUMERIK ONE is a digitally native CNC system

Trust: 2.16

sources: NVD: CVE-2023-46156 // JVNDB: JVNDB-2023-019859 // CNVD: CNVD-2023-97274

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2023-97274

AFFECTED PRODUCTS

vendor:	siemens	model:	simatic s7-1500 cpu 1513r-1 pn	scope:	lt	version:	3.1.0	Trust: 1.0
vendor:	siemens	model:	simatic s7-1500 cpu 1510sp f-1 pn	scope:	lt	version:	3.1.0	Trust: 1.0
vendor:	siemens	model:	simatic s7-1500 cpu 1514sp-2 pn	scope:	lt	version:	3.1.0	Trust: 1.0
vendor:	siemens	model:	siplus s7-1500 cpu 1515f-2 pn	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	simatic et 200sp open control 1515sp pc2	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	simatic s7-1500 et 200pro\: cpu 1516pro f-2 pn	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	simatic s7-1500 et 200pro\: cpu 1513pro-2 pn	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	siplus s7-1500 cpu 1515f-2 pn t2 rail	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	siplus s7-1500 cpu 1515r-2 pn	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	simatic s7-1500 cpu 1517tf-3 pn\/dp	scope:	lt	version:	3.1.0	Trust: 1.0
vendor:	siemens	model:	simatic s7-1500 et 200pro\: cpu 1513pro f-2 pn	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	simatic s7-plcsim advanced	scope:	lt	version:	6.0	Trust: 1.0
vendor:	siemens	model:	siplus s7-1500 cpu 1516-3 pn\/dp	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	simatic s7-1500 cpu 1516t-3 pn\/dp	scope:	lt	version:	3.1.0	Trust: 1.0
vendor:	siemens	model:	simatic s7-1500 et 200pro\:cpu 1516pro-2 pn	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	simatic s7-1500 cpu 1516-3 pn\/dp	scope:	lt	version:	3.1.0	Trust: 1.0
vendor:	siemens	model:	siplus et 200sp cpu 1512sp-1 pn	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	siplus et 200sp cpu 1510sp f-1 pn rail	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	siplus s7-1500 cpu 1516-3 pn\/dp tx rail	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	siplus s7-1500 cpu 1516f-3 pn\/dp rail	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	sinumerik one	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	siplus et 200sp cpu 1510sp f-1 pn	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	simatic s7-1500 cpu 1515tf-2 pn	scope:	lt	version:	3.1.0	Trust: 1.0
vendor:	siemens	model:	siplus et 200sp cpu 1510sp-1 pn rail	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	simatic s7-1500 cpu 1511f-1 pn	scope:	lt	version:	3.1.0	Trust: 1.0
vendor:	siemens	model:	simatic s7-1500 cpu 1518-4 pn\/dp	scope:	lt	version:	3.1.0	Trust: 1.0
vendor:	siemens	model:	simatic s7-1500 cpu s7-1518-4 pn\/dp odk	scope:	lt	version:	3.1.0	Trust: 1.0
vendor:	siemens	model:	simatic s7-1500 cpu 1518t-4 pn\/dp	scope:	lt	version:	3.1.0	Trust: 1.0
vendor:	siemens	model:	simatic s7-1500 cpu 1510sp-1 pn	scope:	lt	version:	3.1.0	Trust: 1.0
vendor:	siemens	model:	simatic s7-1500 cpu 1513-1 pn	scope:	lt	version:	3.1.0	Trust: 1.0
vendor:	siemens	model:	simatic s7-1500 cpu 1514spt f-2 pn	scope:	lt	version:	3.1.0	Trust: 1.0
vendor:	siemens	model:	siplus et 200sp cpu 1512sp-1 pn rail	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	siplus s7-1500 cpu 1518f-4 pn\/dp	scope:	lt	version:	3.1.0	Trust: 1.0
vendor:	siemens	model:	simatic s7-1500 cpu 1515t-2 pn	scope:	lt	version:	3.1.0	Trust: 1.0
vendor:	siemens	model:	simatic s7-1500 cpu 1512sp f-1 pn	scope:	lt	version:	3.1.0	Trust: 1.0
vendor:	siemens	model:	siplus s7-1500 cpu 1516f-3 pn\/dp	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	siplus s7-1500 cpu 1515f-2 pn rail	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	siplus s7-1500 cpu 1518-4 pn\/dp mfp	scope:	lt	version:	3.1.0	Trust: 1.0
vendor:	siemens	model:	simatic s7-1500 cpu 1511tf-1 pn	scope:	lt	version:	3.1.0	Trust: 1.0
vendor:	siemens	model:	simatic s7-1500 cpu 1517f-3 pn\/dp	scope:	lt	version:	3.1.0	Trust: 1.0
vendor:	siemens	model:	siplus s7-1500 cpu 1518hf-4 pn	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	simatic s7-1500 cpu 1511c-1 pn	scope:	lt	version:	3.1.0	Trust: 1.0
vendor:	siemens	model:	siplus s7-1500 cpu 1517h-3 pn	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	simatic s7-1500 cpu 1515r-2 pn	scope:	lt	version:	3.1.0	Trust: 1.0
vendor:	siemens	model:	siplus s7-1500 cpu 1511f-1 pn	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	simatic s7-1500 cpu 1511-1 pn	scope:	lt	version:	3.1.0	Trust: 1.0
vendor:	siemens	model:	simatic s7-1500 cpu 1518tf-4 pn\/dp	scope:	lt	version:	3.1.0	Trust: 1.0
vendor:	siemens	model:	simatic s7-1500 cpu 1514spt-2 pn	scope:	lt	version:	3.1.0	Trust: 1.0
vendor:	siemens	model:	simatic s7-1500 cpu 1517t-3 pn\/dp	scope:	lt	version:	3.1.0	Trust: 1.0
vendor:	siemens	model:	simatic drive controller cpu 1507d tf	scope:	lt	version:	3.1.0	Trust: 1.0
vendor:	siemens	model:	simatic s7-1500 cpu s7-1518f-4 pn\/dp odk	scope:	lt	version:	3.1.0	Trust: 1.0
vendor:	siemens	model:	siplus s7-1500 cpu 1511-1 pn tx rail	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	siplus s7-1500 cpu 1513-1 pn	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	siplus s7-1500 cpu 1515r-2 pn tx rail	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	siplus s7-1500 cpu 1518-4 pn\/dp	scope:	lt	version:	3.1.0	Trust: 1.0
vendor:	siemens	model:	simatic s7-1500 cpu 1515f-2 pn	scope:	lt	version:	3.1.0	Trust: 1.0
vendor:	siemens	model:	simatic s7-1500 cpu 1516f-3 pn\/dp	scope:	lt	version:	3.1.0	Trust: 1.0
vendor:	siemens	model:	siplus et 200sp cpu 1510sp-1 pn	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	siplus s7-1500 cpu 1511-1 pn t1 rail	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	siplus et 200sp 1512sp f-1 pn	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	siplus s7-1500 cpu 1513f-1 pn	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	simatic s7-1500 cpu 1512sp-1 pn	scope:	lt	version:	3.1.0	Trust: 1.0
vendor:	siemens	model:	simatic s7-1500 cpu 1511t-1 pn	scope:	lt	version:	3.1.0	Trust: 1.0
vendor:	siemens	model:	simatic drive controller cpu 1504d tf	scope:	lt	version:	3.1.0	Trust: 1.0
vendor:	siemens	model:	sinumerik mc	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	simatic s7-1500 cpu 1512c-1 pn	scope:	lt	version:	3.1.0	Trust: 1.0
vendor:	siemens	model:	siplus s7-1500 cpu 1511-1 pn	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	simatic s7-1500 cpu 1515-2 pn	scope:	lt	version:	3.1.0	Trust: 1.0
vendor:	siemens	model:	simatic s7-1500 cpu 1513f-1 pn	scope:	lt	version:	3.1.0	Trust: 1.0
vendor:	siemens	model:	simatic s7-1500 cpu 1517-3 pn\/dp	scope:	lt	version:	3.1.0	Trust: 1.0
vendor:	siemens	model:	simatic s7-1500 cpu 1517h-3 pn	scope:	lt	version:	3.1.0	Trust: 1.0
vendor:	siemens	model:	simatic s7-1500 cpu 1518f-4 pn\/dp	scope:	lt	version:	3.1.0	Trust: 1.0
vendor:	siemens	model:	siplus et 200sp cpu 1512sp f-1 pn rail	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	simatic s7-1500 cpu 1514sp f-2 pn	scope:	lt	version:	3.1.0	Trust: 1.0
vendor:	siemens	model:	simatic s7-1500 cpu 1518hf-4 pn	scope:	lt	version:	3.1.0	Trust: 1.0
vendor:	siemens	model:	simatic s7-1500 software controller	scope:	eq	version:	-	Trust: 1.0
vendor:	シーメンス	model:	simatic s7-1500 cpu 1514sp f-2 pn	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	simatic s7-1500 cpu 1514spt f-2 pn	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	simatic s7-1500 cpu 1511-1 pn	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	simatic et 200sp open control 1515sp pc2	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	simatic s7-1500 cpu 1512c-1 pn	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	simatic s7-1500 cpu 1514sp-2 pn	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	simatic s7-1500 cpu 1511c-1 pn	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	simatic s7 1500 cpu 1513-1 pn	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	simatic s7-1500 cpu 1513f-1 pn	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	simatic s7-1500 cpu 1512sp-1 pn	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	simatic s7-1500 cpu 1511tf-1 pn	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	simatic s7-1500 cpu 1510sp f-1 pn	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	simatic s7-1500 cpu 1512sp f-1 pn	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	simatic s7-1500 cpu 1511f-1 pn	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	simatic s7-1500 cpu 1510sp-1 pn	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	simatic s7-1500 cpu 1514spt-2 pn	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	simatic s7-1500 cpu 1513r-1 pn	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	simatic s7-1500 cpu 1511t-1 pn	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	simatic drive controller cpu 1504d tf	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	simatic drive controller cpu 1507d tf	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	sinumerik one	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	sinumerik mc	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2023-97274 // JVNDB: JVNDB-2023-019859 // NVD: CVE-2023-46156

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com:	CVE-2023-46156
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2023-019859
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2023-97274
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2023-97274
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

productcert@siemens.com:	CVE-2023-46156
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2023-019859
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2023-97274 // JVNDB: JVNDB-2023-019859 // NVD: CVE-2023-46156

PROBLEMTYPE DATA

problemtype:	CWE-416	Trust: 1.0
problemtype:	Use of freed memory (CWE-416) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-019859 // NVD: CVE-2023-46156

PATCH

title:

Patch for Siemens SINUMERIK ONE and SINUMERIK-MC Denial of Service Vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/500406

Trust: 0.6

sources: CNVD: CNVD-2023-97274

EXTERNAL IDS

db:	NVD	id:	CVE-2023-46156	Trust: 3.2
db:	SIEMENS	id:	SSA-280603	Trust: 2.4
db:	SIEMENS	id:	SSA-592380	Trust: 1.8
db:	ICS CERT	id:	ICSA-23-348-11	Trust: 0.8
db:	ICS CERT	id:	ICSA-23-348-09	Trust: 0.8
db:	JVN	id:	JVNVU98271228	Trust: 0.8
db:	JVNDB	id:	JVNDB-2023-019859	Trust: 0.8
db:	CNVD	id:	CNVD-2023-97274	Trust: 0.6

sources: CNVD: CNVD-2023-97274 // JVNDB: JVNDB-2023-019859 // NVD: CVE-2023-46156

REFERENCES

url:	https://cert-portal.siemens.com/productcert/pdf/ssa-280603.pdf	Trust: 1.8
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-592380.pdf	Trust: 1.8
url:	https://cert-portal.siemens.com/productcert/html/ssa-280603.html	Trust: 1.6
url:	https://cert-portal.siemens.com/productcert/html/ssa-592380.html	Trust: 1.0
url:	https://jvn.jp/vu/jvnvu98271228/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2023-46156	Trust: 0.8
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-09	Trust: 0.8
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-11	Trust: 0.8

sources: CNVD: CNVD-2023-97274 // JVNDB: JVNDB-2023-019859 // NVD: CVE-2023-46156

SOURCES

db:	CNVD	id:	CNVD-2023-97274
db:	JVNDB	id:	JVNDB-2023-019859
db:	NVD	id:	CVE-2023-46156

LAST UPDATE DATE

2024-08-14T13:12:12.052000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2023-97274	date:	2023-12-13T00:00:00
db:	JVNDB	id:	JVNDB-2023-019859	date:	2024-01-15T05:11:00
db:	NVD	id:	CVE-2023-46156	date:	2024-03-12T11:15:47.740

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2023-97274	date:	2023-12-14T00:00:00
db:	JVNDB	id:	JVNDB-2023-019859	date:	2024-01-15T00:00:00
db:	NVD	id:	CVE-2023-46156	date:	2023-12-12T12:15:13.417