ID

VAR-202402-1316


CVE

CVE-2024-23800


TITLE

Siemens'  Tecnomatix Plant Simulation  In  NULL  Pointer dereference vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2024-002580

DESCRIPTION

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions), Tecnomatix Plant Simulation V2302 (All versions < V2302.0007). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted SPP files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. Siemens' Tecnomatix Plant Simulation for, NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2024-23800 // JVNDB: JVNDB-2024-002580

AFFECTED PRODUCTS

vendor:siemensmodel:tecnomatix plant simulationscope:eqversion:2201.0

Trust: 1.0

vendor:siemensmodel:tecnomatix plant simulationscope:ltversion:2302.0007

Trust: 1.0

vendor:siemensmodel:tecnomatix plant simulationscope:gteversion:2302.0

Trust: 1.0

vendor:シーメンスmodel:tecnomatix plant simulationscope:eqversion:2201.0

Trust: 0.8

vendor:シーメンスmodel:tecnomatix plant simulationscope:eqversion:2302.0 that's all 2302.0007

Trust: 0.8

vendor:シーメンスmodel:tecnomatix plant simulationscope:eqversion: -

Trust: 0.8

vendor:シーメンスmodel:tecnomatix plant simulationscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2024-002580 // NVD: CVE-2024-23800

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2024-23800
value: MEDIUM

Trust: 1.0

productcert@siemens.com: CVE-2024-23800
value: LOW

Trust: 1.0

NVD: CVE-2024-23800
value: MEDIUM

Trust: 0.8

nvd@nist.gov: CVE-2024-23800
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

productcert@siemens.com: CVE-2024-23800
baseSeverity: LOW
baseScore: 3.3
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 1.8
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2024-23800
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2024-002580 // NVD: CVE-2024-23800 // NVD: CVE-2024-23800

PROBLEMTYPE DATA

problemtype:CWE-476

Trust: 1.0

problemtype:NULL Pointer dereference (CWE-476) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-002580 // NVD: CVE-2024-23800

EXTERNAL IDS

db:NVDid:CVE-2024-23800

Trust: 2.6

db:SIEMENSid:SSA-017796

Trust: 1.8

db:JVNid:JVNVU91198149

Trust: 0.8

db:ICS CERTid:ICSA-24-046-07

Trust: 0.8

db:JVNDBid:JVNDB-2024-002580

Trust: 0.8

sources: JVNDB: JVNDB-2024-002580 // NVD: CVE-2024-23800

REFERENCES

url:https://cert-portal.siemens.com/productcert/html/ssa-017796.html

Trust: 1.8

url:https://jvn.jp/vu/jvnvu91198149/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2024-23800

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-24-046-07

Trust: 0.8

sources: JVNDB: JVNDB-2024-002580 // NVD: CVE-2024-23800

SOURCES

db:JVNDBid:JVNDB-2024-002580
db:NVDid:CVE-2024-23800

LAST UPDATE DATE

2024-08-14T13:00:42.699000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2024-002580date:2024-02-21T01:50:00
db:NVDid:CVE-2024-23800date:2024-02-13T19:22:19.453

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2024-002580date:2024-02-15T00:00:00
db:NVDid:CVE-2024-23800date:2024-02-13T09:15:48.573