Sign-up

ID

VAR-202404-0165


CVE

CVE-2023-50821


TITLE

Siemens SIMATIC WinCC Denial of Service Vulnerability (CNVD-2024-17302)

Trust: 0.6

sources: CNVD: CNVD-2024-17302

DESCRIPTION

SIMATIC PCS 7 is a process control system. SIMATIC WinCC is an automated supervisory control and data acquisition (SCADA) system. SIMATIC WinCC Runtime Professional is a visualization runtime platform for operators to control and monitor machines and equipment. Siemens SIMATIC WinCC has a denial of service vulnerability, which is caused by the affected product failing to properly validate the input provided in the login dialog box. An attacker could exploit this vulnerability to cause a denial of service.

Trust: 0.6

sources: CNVD: CNVD-2024-17302

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2024-17302

AFFECTED PRODUCTS

vendor:siemensmodel:simatic pcs sp2 uc04scope:eqversion:7v9.1<v9.1

Trust: 0.6

vendor:siemensmodel:simatic wincc runtime professionalscope:eqversion:v17

Trust: 0.6

vendor:siemensmodel:simatic wincc runtime professionalscope:eqversion:v18

Trust: 0.6

vendor:siemensmodel:simatic wincc runtime professionalscope:eqversion:v19

Trust: 0.6

vendor:siemensmodel:simatic wincc sp2 updatescope:eqversion:v7.5<v7.516

Trust: 0.6

vendor:siemensmodel:simatic winccscope:eqversion:v8.0

Trust: 0.6

sources: CNVD: CNVD-2024-17302

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2024-17302
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2024-17302
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2024-17302

PATCH

title:Patch for Siemens SIMATIC WinCC Denial of Service Vulnerability (CNVD-2024-17302)url:https://www.cnvd.org.cn/patchinfo/show/540266

Trust: 0.6

sources: CNVD: CNVD-2024-17302

EXTERNAL IDS

db:SIEMENSid:SSA-730482

Trust: 0.6

db:NVDid:CVE-2023-50821

Trust: 0.6

db:CNVDid:CNVD-2024-17302

Trust: 0.6

sources: CNVD: CNVD-2024-17302

REFERENCES

url:https://cert-portal.siemens.com/productcert/html/ssa-730482.html

Trust: 0.6

sources: CNVD: CNVD-2024-17302

SOURCES

db:CNVDid:CNVD-2024-17302

LAST UPDATE DATE

2024-04-20T23:23:18.968000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2024-17302date:2024-04-10T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2024-17302date:2024-04-10T00:00:00