ID

VAR-202402-1325


CVE

CVE-2024-23801


TITLE

Siemens'  Tecnomatix Plant Simulation  In  NULL  Pointer dereference vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2024-002581

DESCRIPTION

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions), Tecnomatix Plant Simulation V2302 (All versions < V2302.0007). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted SPP files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. Siemens' Tecnomatix Plant Simulation for, NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2024-23801 // JVNDB: JVNDB-2024-002581

AFFECTED PRODUCTS

vendor:siemensmodel:tecnomatix plant simulationscope:eqversion:2201.0

Trust: 1.0

vendor:siemensmodel:tecnomatix plant simulationscope:ltversion:2302.0007

Trust: 1.0

vendor:siemensmodel:tecnomatix plant simulationscope:gteversion:2302.0

Trust: 1.0

vendor:シーメンスmodel:tecnomatix plant simulationscope:eqversion: -

Trust: 0.8

vendor:シーメンスmodel:tecnomatix plant simulationscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:tecnomatix plant simulationscope:eqversion:2302.0 that's all 2302.0007

Trust: 0.8

vendor:シーメンスmodel:tecnomatix plant simulationscope:eqversion:2201.0

Trust: 0.8

sources: JVNDB: JVNDB-2024-002581 // NVD: CVE-2024-23801

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2024-23801
value: MEDIUM

Trust: 1.0

productcert@siemens.com: CVE-2024-23801
value: LOW

Trust: 1.0

NVD: CVE-2024-23801
value: MEDIUM

Trust: 0.8

nvd@nist.gov: CVE-2024-23801
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

productcert@siemens.com: CVE-2024-23801
baseSeverity: LOW
baseScore: 3.3
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 1.8
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2024-23801
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2024-002581 // NVD: CVE-2024-23801 // NVD: CVE-2024-23801

PROBLEMTYPE DATA

problemtype:CWE-476

Trust: 1.0

problemtype:NULL Pointer dereference (CWE-476) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-002581 // NVD: CVE-2024-23801

EXTERNAL IDS

db:NVDid:CVE-2024-23801

Trust: 2.6

db:SIEMENSid:SSA-017796

Trust: 1.8

db:JVNid:JVNVU91198149

Trust: 0.8

db:ICS CERTid:ICSA-24-046-07

Trust: 0.8

db:JVNDBid:JVNDB-2024-002581

Trust: 0.8

sources: JVNDB: JVNDB-2024-002581 // NVD: CVE-2024-23801

REFERENCES

url:https://cert-portal.siemens.com/productcert/html/ssa-017796.html

Trust: 1.8

url:https://jvn.jp/vu/jvnvu91198149/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2024-23801

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-24-046-07

Trust: 0.8

sources: JVNDB: JVNDB-2024-002581 // NVD: CVE-2024-23801

SOURCES

db:JVNDBid:JVNDB-2024-002581
db:NVDid:CVE-2024-23801

LAST UPDATE DATE

2024-08-14T13:06:19.582000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2024-002581date:2024-02-19T07:09:00
db:NVDid:CVE-2024-23801date:2024-02-13T19:22:25.110

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2024-002581date:2024-02-15T00:00:00
db:NVDid:CVE-2024-23801date:2024-02-13T09:15:48.807