ID

VAR-202405-0210


CVE

CVE-2023-46280


TITLE

Siemens Industrial Products Out-of-Bounds Read Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2024-24524

DESCRIPTION

A vulnerability has been identified in S7-PCT (All versions), Security Configuration Tool (SCT) (All versions), SIMATIC Automation Tool (All versions < V5.0 SP2), SIMATIC BATCH V9.1 (All versions < V9.1 SP2 Upd5), SIMATIC NET PC Software V16 (All versions < V16 Update 8), SIMATIC NET PC Software V17 (All versions), SIMATIC NET PC Software V18 (All versions < V18 SP1), SIMATIC NET PC Software V19 (All versions < V19 Update 2), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC PDM V9.2 (All versions < V9.2 SP2 Upd3), SIMATIC Route Control V9.1 (All versions < V9.1 SP2 Upd3), SIMATIC STEP 7 V5 (All versions), SIMATIC WinCC OA V3.17 (All versions), SIMATIC WinCC OA V3.18 (All versions < V3.18 P025), SIMATIC WinCC OA V3.19 (All versions < V3.19 P010), SIMATIC WinCC Runtime Advanced (All versions), SIMATIC WinCC Runtime Professional V16 (All versions < V16 Update 6), SIMATIC WinCC Runtime Professional V17 (All versions < V17 Update 8), SIMATIC WinCC Runtime Professional V18 (All versions < V18 Update 4), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 2), SIMATIC WinCC Unified PC Runtime V18 (All versions), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 17), SIMATIC WinCC V8.0 (All versions < V8.0 Update 5), SINAMICS Startdrive (All versions < V19 SP1), SINEC NMS (All versions < V3.0), SINUMERIK ONE virtual (All versions < V6.23), SINUMERIK PLC Programming Tool (All versions), TIA Portal Cloud Connector (All versions < V2.0), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 4), Totally Integrated Automation Portal (TIA Portal) V19 (All versions < V19 Update 2). The affected applications contain an out of bounds read vulnerability. This could allow an attacker to cause a Blue Screen of Death (BSOD) crash of the underlying Windows kernel. S7 PCT (Port Configuration Tool) is a PC-based software for parameterizing Siemens IO-Link master modules and third-party IO-Link devices. Security Configuration Tool (SCT) is an engineering software for safety devices such as SCALANCE-S or CP 443-1Advanced. SIMATIC Automation Tool allows commissioning, adjustment and service in combination with S7-1200 and S7-1500 controllers without an engineering framework. SIMATIC NET PC software is a separately sold software product for implementing communication products for SIMATIC.NET. SIMATIC PCS 7 is a distributed control system (DCS) that integrates SIMATIC WinCC, SIMATIC Batch, SIMATIC Route control, OpenPCS 7 and other components. SIMATIC PDM (Process Device Manager) is a universal, manufacturer-independent tool for configuration, parameter assignment, commissioning, diagnostics and maintenance of intelligent process devices (actuators, sensors) and automation components (remote I/O, multiplexers, process control units, compact controllers). SIMATIC STEP 7 V5 is the classic engineering software for configuring and programming SIMATIC S7-300/S7-400/C7/WinAC controllers. SIMATIC WinCC is a Supervisory Control and Data Acquisition (SCADA) system. SIMATIC WinCC Open Architecture (OA) is part of the SIMATIC HMI family. It is designed for applications that require a high degree of customer-specific adaptability, large or complex applications, and projects that impose specific system requirements or functions. SIMATIC WinCC Runtime Advanced is a visualization runtime platform for operator control and monitoring of machines and plants. SIMATIC WinCC Runtime Professional is a visualization runtime platform for operator control and monitoring of machines and plants. SIMATIC WinCC Unified PC Runtime is a new visualization runtime platform for operator control and monitoring of machines and plants. SINAMICS Startdrive commissioning software is the engineering tool for integrating SINAMICS drives in the TIA Portal. SINUMERIK CNC provides automation solutions for workshops, shop floors and large serial production environments. SINUMERIK ONE is a digital native CNC system. Totally Integrated Automation Portal (TIA Portal) is a PC software that provides the complete range of Siemens digital automation services, from digital planning and integrated engineering to transparent operation. TIA Portal Cloud Connector enables access to local PG/PC interfaces and connected SIMATIC hardware from TIA Portal Engineering when engineering via remote desktop on a private cloud server

Trust: 1.44

sources: NVD: CVE-2023-46280 // CNVD: CNVD-2024-24524

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2024-24524

AFFECTED PRODUCTS

vendor:siemensmodel:security configuration toolscope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic automation toolscope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic net pc softwarescope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic wincc runtime advancedscope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic wincc oascope:eqversion:v3.17

Trust: 0.6

vendor:siemensmodel:totally integrated automation portalscope:eqversion:v16

Trust: 0.6

vendor:siemensmodel:totally integrated automation portalscope:eqversion:v17

Trust: 0.6

vendor:siemensmodel:totally integrated automation portalscope:eqversion:v18

Trust: 0.6

vendor:siemensmodel:totally integrated automation portalscope:eqversion:v15.1

Trust: 0.6

vendor:siemensmodel:simatic pcsscope:eqversion:7v9.1

Trust: 0.6

vendor:siemensmodel:simatic wincc runtime professionalscope:eqversion:v17

Trust: 0.6

vendor:siemensmodel:simatic wincc runtime professionalscope:eqversion:v18

Trust: 0.6

vendor:siemensmodel:simatic wincc runtime professionalscope:eqversion:v19

Trust: 0.6

vendor:siemensmodel:simatic winccscope:eqversion:v8.0

Trust: 0.6

vendor:siemensmodel:totally integrated automation portal updatescope:eqversion:v19<v192

Trust: 0.6

vendor:siemensmodel:tia portal cloud connectorscope:ltversion:v2.0

Trust: 0.6

vendor:siemensmodel:sinumerik plc programming toolscope: - version: -

Trust: 0.6

vendor:siemensmodel:sinumerik one virtualscope:ltversion:v6.23

Trust: 0.6

vendor:siemensmodel:sinamics startdrive sp1scope:ltversion:v19

Trust: 0.6

vendor:siemensmodel:simatic winccscope:eqversion:v7.5

Trust: 0.6

vendor:siemensmodel:simatic winccscope:eqversion:v7.4

Trust: 0.6

vendor:siemensmodel:simatic wincc unified pc runtimescope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic wincc runtime professionalscope:eqversion:v16

Trust: 0.6

vendor:siemensmodel:simatic wincc oa p010scope:eqversion:v3.19<v3.19

Trust: 0.6

vendor:siemensmodel:simatic wincc oa p025scope:eqversion:v3.18<v3.18

Trust: 0.6

vendor:siemensmodel:simatic stepscope:eqversion:7v5

Trust: 0.6

vendor:siemensmodel:simatic route controlscope:eqversion:v9.1

Trust: 0.6

vendor:siemensmodel:simatic pdmscope:eqversion:v9.2

Trust: 0.6

vendor:siemensmodel:simatic batchscope:eqversion:v9.1

Trust: 0.6

vendor:siemensmodel:s7-pctscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2024-24524

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com: CVE-2023-46280
value: HIGH

Trust: 1.0

CNVD: CNVD-2024-24524
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2024-24524
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:S/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.1
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

productcert@siemens.com: CVE-2023-46280
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.0
impactScore: 4.0
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2024-24524 // NVD: CVE-2023-46280

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.0

sources: NVD: CVE-2023-46280

PATCH

title:Patch for Siemens Industrial Products Out-of-Bounds Read Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/547666

Trust: 0.6

sources: CNVD: CNVD-2024-24524

EXTERNAL IDS

db:SIEMENSid:SSA-962515

Trust: 1.6

db:NVDid:CVE-2023-46280

Trust: 1.6

db:SIEMENSid:SSA-784301

Trust: 1.0

db:CNVDid:CNVD-2024-24524

Trust: 0.6

sources: CNVD: CNVD-2024-24524 // NVD: CVE-2023-46280

REFERENCES

url:https://cert-portal.siemens.com/productcert/html/ssa-962515.html

Trust: 1.6

url:https://cert-portal.siemens.com/productcert/html/ssa-784301.html

Trust: 1.0

sources: CNVD: CNVD-2024-24524 // NVD: CVE-2023-46280

SOURCES

db:CNVDid:CNVD-2024-24524
db:NVDid:CVE-2023-46280

LAST UPDATE DATE

2024-10-08T20:10:35.403000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2024-24524date:2024-05-28T00:00:00
db:NVDid:CVE-2023-46280date:2024-10-08T09:15:08.837

SOURCES RELEASE DATE

db:CNVDid:CNVD-2024-24524date:2024-05-30T00:00:00
db:NVDid:CVE-2023-46280date:2024-05-14T16:15:40.800