ID

VAR-202402-1248


CVE

CVE-2023-51440


TITLE

Vulnerabilities in multiple Siemens products

Trust: 0.8

sources: JVNDB: JVNDB-2023-027415

DESCRIPTION

A vulnerability has been identified in SIMATIC CP 343-1 (6GK7343-1EX30-0XE0) (All versions), SIMATIC CP 343-1 Lean (6GK7343-1CX10-0XE0) (All versions), SIPLUS NET CP 343-1 (6AG1343-1EX30-7XE0) (All versions), SIPLUS NET CP 343-1 Lean (6AG1343-1CX10-2XE0) (All versions). Affected products incorrectly validate TCP sequence numbers. This could allow an unauthenticated remote attacker to create a denial of service condition by injecting spoofed TCP RST packets. SIMATIC CP 343-1 is a communication processor (CP) that provides Ethernet communication for SIMATIC S7-300 cpu. SIPLUS extreme products are designed for reliable operation under extreme conditions and are based on SIMATIC, LOGO!, SITOP, SINAMICS, SIMOTION, SCALANCE or other devices. SIPLUS devices use the same firmware as the product on which they are based

Trust: 2.25

sources: NVD: CVE-2023-51440 // JVNDB: JVNDB-2023-027415 // CNVD: CNVD-2024-09318 // VULMON: CVE-2023-51440

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2024-09318

AFFECTED PRODUCTS

vendor:siemensmodel:siplus net cp 343-1 leanscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:siplus net cp 343-1scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:cp 343-1scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:cp 343-1 leanscope:eqversion: -

Trust: 1.0

vendor:シーメンスmodel:siplus net cp 343-1scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:cp 343-1scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:cp 343-1 leanscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:siplus net cp 343-1 leanscope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic cpscope:eqversion:343-1

Trust: 0.6

vendor:siemensmodel:simatic cp leanscope:eqversion:343-1

Trust: 0.6

vendor:siemensmodel:siplus net cpscope:eqversion:343-1

Trust: 0.6

vendor:siemensmodel:siplus net cp leanscope:eqversion:343-1

Trust: 0.6

sources: CNVD: CNVD-2024-09318 // JVNDB: JVNDB-2023-027415 // NVD: CVE-2023-51440

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-51440
value: HIGH

Trust: 1.0

productcert@siemens.com: CVE-2023-51440
value: HIGH

Trust: 1.0

NVD: CVE-2023-51440
value: HIGH

Trust: 0.8

CNVD: CNVD-2024-09318
value: HIGH

Trust: 0.6

CNVD: CNVD-2024-09318
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2023-51440
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 2.0

NVD: CVE-2023-51440
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2024-09318 // JVNDB: JVNDB-2023-027415 // NVD: CVE-2023-51440 // NVD: CVE-2023-51440

PROBLEMTYPE DATA

problemtype:CWE-940

Trust: 1.0

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Improper validation of the origin of a communication channel (CWE-940) [ others ]

Trust: 0.8

problemtype: Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-027415 // NVD: CVE-2023-51440

PATCH

title:Patch for Multiple Siemens product communication channel source verification error vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/526501

Trust: 0.6

sources: CNVD: CNVD-2024-09318

EXTERNAL IDS

db:NVDid:CVE-2023-51440

Trust: 3.3

db:SIEMENSid:SSA-516818

Trust: 2.5

db:ICS CERTid:ICSA-24-046-04

Trust: 0.8

db:JVNid:JVNVU91198149

Trust: 0.8

db:JVNid:JVNVU94620134

Trust: 0.8

db:JVNDBid:JVNDB-2023-027415

Trust: 0.8

db:CNVDid:CNVD-2024-09318

Trust: 0.6

db:VULMONid:CVE-2023-51440

Trust: 0.1

sources: CNVD: CNVD-2024-09318 // VULMON: CVE-2023-51440 // JVNDB: JVNDB-2023-027415 // NVD: CVE-2023-51440

REFERENCES

url:https://cert-portal.siemens.com/productcert/html/ssa-516818.html

Trust: 2.5

url:https://jvn.jp/vu/jvnvu91198149/

Trust: 0.8

url:https://jvn.jp/vu/jvnvu94620134/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2023-51440

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-24-046-04

Trust: 0.8

url:https://cwe.mitre.org/data/definitions/940.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2024-09318 // VULMON: CVE-2023-51440 // JVNDB: JVNDB-2023-027415 // NVD: CVE-2023-51440

SOURCES

db:CNVDid:CNVD-2024-09318
db:VULMONid:CVE-2023-51440
db:JVNDBid:JVNDB-2023-027415
db:NVDid:CVE-2023-51440

LAST UPDATE DATE

2024-10-26T21:41:02.489000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2024-09318date:2024-02-21T00:00:00
db:VULMONid:CVE-2023-51440date:2024-02-13T00:00:00
db:JVNDBid:JVNDB-2023-027415date:2024-10-25T00:38:00
db:NVDid:CVE-2023-51440date:2024-10-18T17:19:23.517

SOURCES RELEASE DATE

db:CNVDid:CNVD-2024-09318date:2024-02-23T00:00:00
db:VULMONid:CVE-2023-51440date:2024-02-13T00:00:00
db:JVNDBid:JVNDB-2023-027415date:2024-10-25T00:00:00
db:NVDid:CVE-2023-51440date:2024-02-13T09:15:46.830