Details of VAR-202405-0210

ID

VAR-202405-0210

CVE

CVE-2023-46280

TITLE

Siemens Industrial Products Out-of-Bounds Read Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2024-24524

DESCRIPTION

A vulnerability has been identified in S7-PCT (All versions), Security Configuration Tool (SCT) (All versions), SIMATIC Automation Tool (All versions < V5.0 SP2), SIMATIC BATCH V9.1 (All versions < V9.1 SP2 Upd5), SIMATIC NET PC Software V16 (All versions < V16 Update 8), SIMATIC NET PC Software V17 (All versions), SIMATIC NET PC Software V18 (All versions < V18 SP1), SIMATIC NET PC Software V19 (All versions), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC PDM V9.2 (All versions < V9.2 SP2 Upd3), SIMATIC Route Control V9.1 (All versions < V9.1 SP2 Upd3), SIMATIC STEP 7 V5 (All versions), SIMATIC WinCC OA V3.17 (All versions), SIMATIC WinCC OA V3.18 (All versions < V3.18 P025), SIMATIC WinCC OA V3.19 (All versions < V3.19 P010), SIMATIC WinCC Runtime Advanced (All versions), SIMATIC WinCC Runtime Professional V16 (All versions < V16 Update 6), SIMATIC WinCC Runtime Professional V17 (All versions < V17 Update 8), SIMATIC WinCC Runtime Professional V18 (All versions < V18 Update 4), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 2), SIMATIC WinCC Unified PC Runtime V18 (All versions), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 17), SIMATIC WinCC V8.0 (All versions < V8.0 Update 5), SINAMICS Startdrive (All versions < V19 SP1), SINEC NMS (All versions < V3.0), SINUMERIK ONE virtual (All versions < V6.23), SINUMERIK PLC Programming Tool (All versions), TIA Portal Cloud Connector (All versions < V2.0), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 4), Totally Integrated Automation Portal (TIA Portal) V19 (All versions < V19 Update 2). The affected applications contain an out of bounds read vulnerability. This could allow an attacker to cause a Blue Screen of Death (BSOD) crash of the underlying Windows kernel. S7 PCT (Port Configuration Tool) is a PC-based software for parameterizing Siemens IO-Link master modules and third-party IO-Link devices. Security Configuration Tool (SCT) is an engineering software for safety devices such as SCALANCE-S or CP 443-1Advanced. SIMATIC Automation Tool allows commissioning, adjustment and service in combination with S7-1200 and S7-1500 controllers without an engineering framework. SIMATIC NET PC software is a separately sold software product for implementing communication products for SIMATIC.NET. SIMATIC PCS 7 is a distributed control system (DCS) that integrates SIMATIC WinCC, SIMATIC Batch, SIMATIC Route control, OpenPCS 7 and other components. SIMATIC PDM (Process Device Manager) is a universal, manufacturer-independent tool for configuration, parameter assignment, commissioning, diagnostics and maintenance of intelligent process devices (actuators, sensors) and automation components (remote I/O, multiplexers, process control units, compact controllers). SIMATIC STEP 7 V5 is the classic engineering software for configuring and programming SIMATIC S7-300/S7-400/C7/WinAC controllers. SIMATIC WinCC is a Supervisory Control and Data Acquisition (SCADA) system. SIMATIC WinCC Open Architecture (OA) is part of the SIMATIC HMI family. It is designed for applications that require a high degree of customer-specific adaptability, large or complex applications, and projects that impose specific system requirements or functions. SIMATIC WinCC Runtime Advanced is a visualization runtime platform for operator control and monitoring of machines and plants. SIMATIC WinCC Runtime Professional is a visualization runtime platform for operator control and monitoring of machines and plants. SIMATIC WinCC Unified PC Runtime is a new visualization runtime platform for operator control and monitoring of machines and plants. SINAMICS Startdrive commissioning software is the engineering tool for integrating SINAMICS drives in the TIA Portal. SINUMERIK CNC provides automation solutions for workshops, shop floors and large serial production environments. SINUMERIK ONE is a digital native CNC system. Totally Integrated Automation Portal (TIA Portal) is a PC software that provides the complete range of Siemens digital automation services, from digital planning and integrated engineering to transparent operation. TIA Portal Cloud Connector enables access to local PG/PC interfaces and connected SIMATIC hardware from TIA Portal Engineering when engineering via remote desktop on a private cloud server

Trust: 1.44

sources: NVD: CVE-2023-46280 // CNVD: CNVD-2024-24524

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2024-24524

AFFECTED PRODUCTS

vendor:	siemens	model:	security configuration tool	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	simatic automation tool	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	simatic net pc software	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	simatic wincc runtime advanced	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	simatic wincc oa	scope:	eq	version:	v3.17	Trust: 0.6
vendor:	siemens	model:	totally integrated automation portal	scope:	eq	version:	v16	Trust: 0.6
vendor:	siemens	model:	totally integrated automation portal	scope:	eq	version:	v17	Trust: 0.6
vendor:	siemens	model:	totally integrated automation portal	scope:	eq	version:	v18	Trust: 0.6
vendor:	siemens	model:	totally integrated automation portal	scope:	eq	version:	v15.1	Trust: 0.6
vendor:	siemens	model:	simatic pcs	scope:	eq	version:	7v9.1	Trust: 0.6
vendor:	siemens	model:	simatic wincc runtime professional	scope:	eq	version:	v17	Trust: 0.6
vendor:	siemens	model:	simatic wincc runtime professional	scope:	eq	version:	v18	Trust: 0.6
vendor:	siemens	model:	simatic wincc runtime professional	scope:	eq	version:	v19	Trust: 0.6
vendor:	siemens	model:	simatic wincc	scope:	eq	version:	v8.0	Trust: 0.6
vendor:	siemens	model:	totally integrated automation portal update	scope:	eq	version:	v19<v192	Trust: 0.6
vendor:	siemens	model:	tia portal cloud connector	scope:	lt	version:	v2.0	Trust: 0.6
vendor:	siemens	model:	sinumerik plc programming tool	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	sinumerik one virtual	scope:	lt	version:	v6.23	Trust: 0.6
vendor:	siemens	model:	sinamics startdrive sp1	scope:	lt	version:	v19	Trust: 0.6
vendor:	siemens	model:	simatic wincc	scope:	eq	version:	v7.5	Trust: 0.6
vendor:	siemens	model:	simatic wincc	scope:	eq	version:	v7.4	Trust: 0.6
vendor:	siemens	model:	simatic wincc unified pc runtime	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	simatic wincc runtime professional	scope:	eq	version:	v16	Trust: 0.6
vendor:	siemens	model:	simatic wincc oa p010	scope:	eq	version:	v3.19<v3.19	Trust: 0.6
vendor:	siemens	model:	simatic wincc oa p025	scope:	eq	version:	v3.18<v3.18	Trust: 0.6
vendor:	siemens	model:	simatic step	scope:	eq	version:	7v5	Trust: 0.6
vendor:	siemens	model:	simatic route control	scope:	eq	version:	v9.1	Trust: 0.6
vendor:	siemens	model:	simatic pdm	scope:	eq	version:	v9.2	Trust: 0.6
vendor:	siemens	model:	simatic batch	scope:	eq	version:	v9.1	Trust: 0.6
vendor:	siemens	model:	s7-pct	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2024-24524

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com:	CVE-2023-46280
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2024-24524
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2024-24524
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:S/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.1
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

productcert@siemens.com:	CVE-2023-46280
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.0
impactScore:	4.0
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2024-24524 // NVD: CVE-2023-46280

PROBLEMTYPE DATA

problemtype:

CWE-125

Trust: 1.0

sources: NVD: CVE-2023-46280

PATCH

title:

Patch for Siemens Industrial Products Out-of-Bounds Read Vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/547666

Trust: 0.6

sources: CNVD: CNVD-2024-24524

EXTERNAL IDS

db:	SIEMENS	id:	SSA-962515	Trust: 1.6
db:	NVD	id:	CVE-2023-46280	Trust: 1.6
db:	SIEMENS	id:	SSA-784301	Trust: 1.0
db:	CNVD	id:	CNVD-2024-24524	Trust: 0.6

sources: CNVD: CNVD-2024-24524 // NVD: CVE-2023-46280

REFERENCES

url:	https://cert-portal.siemens.com/productcert/html/ssa-962515.html	Trust: 1.6
url:	https://cert-portal.siemens.com/productcert/html/ssa-784301.html	Trust: 1.0

sources: CNVD: CNVD-2024-24524 // NVD: CVE-2023-46280

SOURCES

db:	CNVD	id:	CNVD-2024-24524
db:	NVD	id:	CVE-2023-46280

LAST UPDATE DATE

2024-09-10T22:09:16.298000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2024-24524	date:	2024-05-28T00:00:00
db:	NVD	id:	CVE-2023-46280	date:	2024-09-10T10:15:07.977

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2024-24524	date:	2024-05-30T00:00:00
db:	NVD	id:	CVE-2023-46280	date:	2024-05-14T16:15:40.800