Sign-up

ID

VAR-202402-1390


CVE

CVE-2023-48363


TITLE

Null pointer dereference vulnerabilities in multiple Siemens products

Trust: 0.6

sources: CNVD: CNVD-2024-09315

DESCRIPTION

A vulnerability has been identified in OpenPCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC BATCH V9.1 (All versions < V9.1 SP2 UC05), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC Route Control V9.1 (All versions < V9.1 SP2 UC05), SIMATIC WinCC Runtime Professional V18 (All versions < V18 Update 4), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 2), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 15), SIMATIC WinCC V8.0 (All versions < V8.0 Update 4). The implementation of the RPC (Remote Procedure call) communication protocol in the affected products do not properly handle certain unorganized RPC messages. An attacker could use this vulnerability to cause a denial of service condition in the RPC server. SIMATIC PCS 7 is a distributed control system (DCS) that integrates SIMATIC WinCC, SIMATIC Batch, SIMATIC Route control, OpenPCS 7 and other components. SIMATIC WinCC is a supervisory control and data acquisition (SCADA) system. SIMATIC WinCC Runtime Professional is a visual runtime platform for operator control and monitoring of machines and plants

Trust: 1.53

sources: NVD: CVE-2023-48363 // CNVD: CNVD-2024-09315 // VULMON: CVE-2023-48363

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2024-09315

AFFECTED PRODUCTS

vendor:siemensmodel:simatic winccscope:eqversion:v7.4

Trust: 0.6

vendor:siemensmodel:simatic pcsscope:eqversion:7v9.1

Trust: 0.6

vendor:siemensmodel:openpcsscope:eqversion:79.1

Trust: 0.6

vendor:siemensmodel:simatic batchscope:eqversion:9.1

Trust: 0.6

vendor:siemensmodel:simatic route controlscope:eqversion:9.1

Trust: 0.6

vendor:siemensmodel:simatic wincc runtime professionalscope:eqversion:v18

Trust: 0.6

vendor:siemensmodel:simatic wincc runtime professionalscope:eqversion:v19

Trust: 0.6

vendor:siemensmodel:simatic wincc sp2 updatescope:ltversion:7.515

Trust: 0.6

vendor:siemensmodel:simatic wincc sp4scope:ltversion:8.0

Trust: 0.6

sources: CNVD: CNVD-2024-09315

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com: CVE-2023-48363
value: HIGH

Trust: 1.0

CNVD: CNVD-2024-09315
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2024-09315
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

productcert@siemens.com: CVE-2023-48363
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2024-09315 // NVD: CVE-2023-48363

PROBLEMTYPE DATA

problemtype:CWE-476

Trust: 1.0

sources: NVD: CVE-2023-48363

PATCH

title:Patch for Null pointer dereference vulnerabilities in multiple Siemens productsurl:https://www.cnvd.org.cn/patchInfo/show/526511

Trust: 0.6

sources: CNVD: CNVD-2024-09315

EXTERNAL IDS

db:NVDid:CVE-2023-48363

Trust: 1.7

db:SIEMENSid:SSA-753746

Trust: 1.7

db:CNVDid:CNVD-2024-09315

Trust: 0.6

db:ICS CERTid:ICSA-24-046-12

Trust: 0.1

db:VULMONid:CVE-2023-48363

Trust: 0.1

sources: CNVD: CNVD-2024-09315 // VULMON: CVE-2023-48363 // NVD: CVE-2023-48363

REFERENCES

url:https://cert-portal.siemens.com/productcert/html/ssa-753746.html

Trust: 1.7

url:https://cwe.mitre.org/data/definitions/476.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.cisa.gov/news-events/ics-advisories/icsa-24-046-12

Trust: 0.1

sources: CNVD: CNVD-2024-09315 // VULMON: CVE-2023-48363 // NVD: CVE-2023-48363

SOURCES

db:CNVDid:CNVD-2024-09315
db:VULMONid:CVE-2023-48363
db:NVDid:CVE-2023-48363

LAST UPDATE DATE

2024-09-10T23:04:52.444000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2024-09315date:2024-02-21T00:00:00
db:VULMONid:CVE-2023-48363date:2024-02-13T00:00:00
db:NVDid:CVE-2023-48363date:2024-09-10T10:15:08.697

SOURCES RELEASE DATE

db:CNVDid:CNVD-2024-09315date:2024-02-23T00:00:00
db:VULMONid:CVE-2023-48363date:2024-02-13T00:00:00
db:NVDid:CVE-2023-48363date:2024-02-13T09:15:45.763