ID

VAR-202403-0630


CVE

CVE-2024-21483


TITLE

Siemens SENTRON 7KM PAC3x20 Devices Improper Access Control Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2024-13807

DESCRIPTION

A vulnerability has been identified in SENTRON 7KM PAC3120 AC/DC (7KM3120-0BA01-1DA0) (All versions >= V3.2.3 < V3.2.4 only when manufactured between LQN231003... and LQN231215... ( with LQNYYMMDD...)), SENTRON 7KM PAC3120 DC (7KM3120-1BA01-1EA0) (All versions >= V3.2.3 < V3.2.4 only when manufactured between LQN231003... and LQN231215... ( with LQNYYMMDD...)), SENTRON 7KM PAC3220 AC/DC (7KM3220-0BA01-1DA0) (All versions >= V3.2.3 < V3.2.4 only when manufactured between LQN231003... and LQN231215... ( with LQNYYMMDD...)), SENTRON 7KM PAC3220 DC (7KM3220-1BA01-1EA0) (All versions >= V3.2.3 < V3.2.4 only when manufactured between LQN231003... and LQN231215... ( with LQNYYMMDD...)). The read out protection of the internal flash of affected devices was not properly set at the end of the manufacturing process. An attacker with physical access to the device could read out the data. SENTRON PAC Meter products are power measuring devices for precise energy management and transparent information collection

Trust: 1.44

sources: NVD: CVE-2024-21483 // CNVD: CNVD-2024-13807

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2024-13807

AFFECTED PRODUCTS

vendor:siemensmodel:sentron 7km pac3120 ac/dcscope:gteversion:v3.2.3,<v3.3.0

Trust: 0.6

vendor:siemensmodel:sentron 7km pac3120 dcscope:gteversion:v3.2.3,<v3.3.0

Trust: 0.6

vendor:siemensmodel:sentron 7km pac3220 ac/dcscope:gteversion:v3.2.3,<v3.3.0

Trust: 0.6

vendor:siemensmodel:sentron 7km pac3220 dcscope:gteversion:v3.2.3,<v3.3.0

Trust: 0.6

sources: CNVD: CNVD-2024-13807

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com: CVE-2024-21483
value: MEDIUM

Trust: 1.0

CNVD: CNVD-2024-13807
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2024-13807
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:C/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

productcert@siemens.com: CVE-2024-21483
baseSeverity: MEDIUM
baseScore: 4.6
vectorString: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 0.9
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2024-13807 // NVD: CVE-2024-21483

PROBLEMTYPE DATA

problemtype:CWE-284

Trust: 1.0

sources: NVD: CVE-2024-21483

PATCH

title:Patch for Siemens SENTRON 7KM PAC3x20 Devices Improper Access Control Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/534561

Trust: 0.6

sources: CNVD: CNVD-2024-13807

EXTERNAL IDS

db:NVDid:CVE-2024-21483

Trust: 1.6

db:SIEMENSid:SSA-792319

Trust: 1.6

db:CNVDid:CNVD-2024-13807

Trust: 0.6

sources: CNVD: CNVD-2024-13807 // NVD: CVE-2024-21483

REFERENCES

url:https://cert-portal.siemens.com/productcert/html/ssa-792319.html

Trust: 1.6

sources: CNVD: CNVD-2024-13807 // NVD: CVE-2024-21483

SOURCES

db:CNVDid:CNVD-2024-13807
db:NVDid:CVE-2024-21483

LAST UPDATE DATE

2024-09-10T23:04:52.310000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2024-13807date:2024-03-19T00:00:00
db:NVDid:CVE-2024-21483date:2024-09-10T10:15:09.173

SOURCES RELEASE DATE

db:CNVDid:CNVD-2024-13807date:2024-03-19T00:00:00
db:NVDid:CVE-2024-21483date:2024-03-12T11:15:48.217