ID

VAR-202402-1390


CVE

CVE-2023-48363


TITLE

in multiple Siemens products  NULL  Pointer dereference vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2023-027390

DESCRIPTION

A vulnerability has been identified in OpenPCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC BATCH V9.1 (All versions < V9.1 SP2 UC05), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC Route Control V9.1 (All versions < V9.1 SP2 UC05), SIMATIC WinCC Runtime Professional V18 (All versions < V18 Update 4), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 2), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 15), SIMATIC WinCC V8.0 (All versions < V8.0 Update 4). The implementation of the RPC (Remote Procedure call) communication protocol in the affected products do not properly handle certain unorganized RPC messages. An attacker could use this vulnerability to cause a denial of service condition in the RPC server. openpcs 7 , SIMATIC BATCH , SIMATIC PCS 7 For multiple Siemens products, NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state. SIMATIC PCS 7 is a distributed control system (DCS) that integrates SIMATIC WinCC, SIMATIC Batch, SIMATIC Route control, OpenPCS 7 and other components. SIMATIC WinCC is a supervisory control and data acquisition (SCADA) system. SIMATIC WinCC Runtime Professional is a visual runtime platform for operator control and monitoring of machines and plants

Trust: 2.25

sources: NVD: CVE-2023-48363 // JVNDB: JVNDB-2023-027390 // CNVD: CNVD-2024-09315 // VULMON: CVE-2023-48363

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2024-09315

AFFECTED PRODUCTS

vendor:siemensmodel:simatic wincc runtime professionalscope:lteversion:18

Trust: 1.0

vendor:siemensmodel:openpcs 7scope:lteversion:9.1

Trust: 1.0

vendor:siemensmodel:simatic route controlscope:lteversion:9.1

Trust: 1.0

vendor:siemensmodel:simatic pcs 7scope:lteversion:9.1

Trust: 1.0

vendor:siemensmodel:simatic winccscope:eqversion:7.4

Trust: 1.0

vendor:siemensmodel:simatic winccscope:eqversion:7.5

Trust: 1.0

vendor:siemensmodel:simatic wincc runtime professionalscope:eqversion:19

Trust: 1.0

vendor:siemensmodel:simatic batchscope:lteversion:9.1

Trust: 1.0

vendor:siemensmodel:simatic winccscope:eqversion:8.0

Trust: 1.0

vendor:シーメンスmodel:simatic batchscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic winccscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic route controlscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic pcs 7scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic wincc runtime professionalscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:openpcs 7scope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic winccscope:eqversion:v7.4

Trust: 0.6

vendor:siemensmodel:simatic pcsscope:eqversion:7v9.1

Trust: 0.6

vendor:siemensmodel:openpcsscope:eqversion:79.1

Trust: 0.6

vendor:siemensmodel:simatic batchscope:eqversion:9.1

Trust: 0.6

vendor:siemensmodel:simatic route controlscope:eqversion:9.1

Trust: 0.6

vendor:siemensmodel:simatic wincc runtime professionalscope:eqversion:v18

Trust: 0.6

vendor:siemensmodel:simatic wincc runtime professionalscope:eqversion:v19

Trust: 0.6

vendor:siemensmodel:simatic wincc sp2 updatescope:ltversion:7.515

Trust: 0.6

vendor:siemensmodel:simatic wincc sp4scope:ltversion:8.0

Trust: 0.6

sources: CNVD: CNVD-2024-09315 // JVNDB: JVNDB-2023-027390 // NVD: CVE-2023-48363

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-48363
value: MEDIUM

Trust: 1.0

productcert@siemens.com: CVE-2023-48363
value: HIGH

Trust: 1.0

NVD: CVE-2023-48363
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2024-09315
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2024-09315
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2023-48363
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 2.0

NVD: CVE-2023-48363
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2024-09315 // JVNDB: JVNDB-2023-027390 // NVD: CVE-2023-48363 // NVD: CVE-2023-48363

PROBLEMTYPE DATA

problemtype:CWE-476

Trust: 1.0

problemtype:NULL Pointer dereference (CWE-476) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-027390 // NVD: CVE-2023-48363

PATCH

title:Patch for Null pointer dereference vulnerabilities in multiple Siemens productsurl:https://www.cnvd.org.cn/patchInfo/show/526511

Trust: 0.6

sources: CNVD: CNVD-2024-09315

EXTERNAL IDS

db:NVDid:CVE-2023-48363

Trust: 3.3

db:SIEMENSid:SSA-753746

Trust: 2.5

db:ICS CERTid:ICSA-24-046-12

Trust: 0.9

db:JVNid:JVNVU91198149

Trust: 0.8

db:JVNid:JVNVU94620134

Trust: 0.8

db:JVNDBid:JVNDB-2023-027390

Trust: 0.8

db:CNVDid:CNVD-2024-09315

Trust: 0.6

db:VULMONid:CVE-2023-48363

Trust: 0.1

sources: CNVD: CNVD-2024-09315 // VULMON: CVE-2023-48363 // JVNDB: JVNDB-2023-027390 // NVD: CVE-2023-48363

REFERENCES

url:https://cert-portal.siemens.com/productcert/html/ssa-753746.html

Trust: 2.5

url:https://www.cisa.gov/news-events/ics-advisories/icsa-24-046-12

Trust: 0.9

url:https://jvn.jp/vu/jvnvu91198149/

Trust: 0.8

url:https://jvn.jp/vu/jvnvu94620134/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2023-48363

Trust: 0.8

url:https://cwe.mitre.org/data/definitions/476.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2024-09315 // VULMON: CVE-2023-48363 // JVNDB: JVNDB-2023-027390 // NVD: CVE-2023-48363

SOURCES

db:CNVDid:CNVD-2024-09315
db:VULMONid:CVE-2023-48363
db:JVNDBid:JVNDB-2023-027390
db:NVDid:CVE-2023-48363

LAST UPDATE DATE

2024-10-24T21:07:58.957000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2024-09315date:2024-02-21T00:00:00
db:VULMONid:CVE-2023-48363date:2024-02-13T00:00:00
db:JVNDBid:JVNDB-2023-027390date:2024-10-21T00:55:00
db:NVDid:CVE-2023-48363date:2024-10-18T17:26:54.187

SOURCES RELEASE DATE

db:CNVDid:CNVD-2024-09315date:2024-02-23T00:00:00
db:VULMONid:CVE-2023-48363date:2024-02-13T00:00:00
db:JVNDBid:JVNDB-2023-027390date:2024-10-21T00:00:00
db:NVDid:CVE-2023-48363date:2024-02-13T09:15:45.763