ID

VAR-202402-1320


CVE

CVE-2024-23799


TITLE

Siemens'  Tecnomatix Plant Simulation  In  NULL  Pointer dereference vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2024-002579

DESCRIPTION

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions), Tecnomatix Plant Simulation V2302 (All versions < V2302.0007). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted SPP files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. Siemens' Tecnomatix Plant Simulation for, NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2024-23799 // JVNDB: JVNDB-2024-002579

AFFECTED PRODUCTS

vendor:siemensmodel:tecnomatix plant simulationscope:eqversion:2201.0

Trust: 1.0

vendor:siemensmodel:tecnomatix plant simulationscope:ltversion:2302.0007

Trust: 1.0

vendor:siemensmodel:tecnomatix plant simulationscope:gteversion:2302.0

Trust: 1.0

vendor:シーメンスmodel:tecnomatix plant simulationscope:eqversion:2201.0

Trust: 0.8

vendor:シーメンスmodel:tecnomatix plant simulationscope:eqversion:2302.0 that's all 2302.0007

Trust: 0.8

vendor:シーメンスmodel:tecnomatix plant simulationscope:eqversion: -

Trust: 0.8

vendor:シーメンスmodel:tecnomatix plant simulationscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2024-002579 // NVD: CVE-2024-23799

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2024-23799
value: MEDIUM

Trust: 1.0

productcert@siemens.com: CVE-2024-23799
value: LOW

Trust: 1.0

NVD: CVE-2024-23799
value: MEDIUM

Trust: 0.8

nvd@nist.gov: CVE-2024-23799
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

productcert@siemens.com: CVE-2024-23799
baseSeverity: LOW
baseScore: 3.3
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 1.8
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2024-23799
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2024-002579 // NVD: CVE-2024-23799 // NVD: CVE-2024-23799

PROBLEMTYPE DATA

problemtype:CWE-476

Trust: 1.0

problemtype:NULL Pointer dereference (CWE-476) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-002579 // NVD: CVE-2024-23799

EXTERNAL IDS

db:NVDid:CVE-2024-23799

Trust: 2.6

db:SIEMENSid:SSA-017796

Trust: 1.8

db:JVNid:JVNVU91198149

Trust: 0.8

db:ICS CERTid:ICSA-24-046-07

Trust: 0.8

db:JVNDBid:JVNDB-2024-002579

Trust: 0.8

sources: JVNDB: JVNDB-2024-002579 // NVD: CVE-2024-23799

REFERENCES

url:https://cert-portal.siemens.com/productcert/html/ssa-017796.html

Trust: 1.8

url:https://jvn.jp/vu/jvnvu91198149/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2024-23799

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-24-046-07

Trust: 0.8

sources: JVNDB: JVNDB-2024-002579 // NVD: CVE-2024-23799

SOURCES

db:JVNDBid:JVNDB-2024-002579
db:NVDid:CVE-2024-23799

LAST UPDATE DATE

2024-08-14T12:49:08.080000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2024-002579date:2024-02-21T01:48:00
db:NVDid:CVE-2024-23799date:2024-02-13T19:22:01.760

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2024-002579date:2024-02-15T00:00:00
db:NVDid:CVE-2024-23799date:2024-02-13T09:15:48.380