ID

VAR-202407-0374


CVE

CVE-2023-52891


TITLE

Siemens Industrial Products OPC UA Server Denial of Service Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2024-31238

DESCRIPTION

A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.5), SIMATIC Energy Manager PRO (All versions < V7.5), SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions), SIMIT V10 (All versions), SIMIT V11 (All versions < V11.1). Unified Automation .NET based OPC UA Server SDK before 3.2.2 used in Siemens products are affected by a similar vulnerability as documented in CVE-2023-27321 for the OPC Foundation UA .NET Standard implementation. A successful attack may lead to high load situation and memory exhaustion, and may block the server. SIMATIC Energy Manager provides users with a scalable, non-industry-specific energy data management system. SIMATIC IPC DiagBase diagnostic software identifies any potential faults on SIMATIC industrial computers at an early stage and helps to avoid or reduce system downtime. SIMATIC IPC DiagMonitor monitors, reports, visualizes and records the system status of SIMATIC industrial computers. It communicates with other systems and reacts when events occur. SIMIT Simluation Platform allows simulation of plant settings to predict faults in the early planning stage

Trust: 1.44

sources: NVD: CVE-2023-52891 // CNVD: CNVD-2024-31238

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2024-31238

AFFECTED PRODUCTS

vendor:siemensmodel:simatic ipc diagmonitorscope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic ipc diagbasescope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic energy manager basicscope:ltversion:v7.5

Trust: 0.6

vendor:siemensmodel:simatic energy manager proscope:ltversion:v7.5

Trust: 0.6

vendor:siemensmodel:simitscope:eqversion:v10

Trust: 0.6

vendor:siemensmodel:simitscope:eqversion:v11<v11.1

Trust: 0.6

sources: CNVD: CNVD-2024-31238

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com: CVE-2023-52891
value: MEDIUM

Trust: 1.0

CNVD: CNVD-2024-31238
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2024-31238
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

productcert@siemens.com: CVE-2023-52891
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2024-31238 // NVD: CVE-2023-52891

PROBLEMTYPE DATA

problemtype:CWE-1325

Trust: 1.0

sources: NVD: CVE-2023-52891

PATCH

title:Patch for Siemens Industrial Products OPC UA Server Denial of Service Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/567721

Trust: 0.6

sources: CNVD: CNVD-2024-31238

EXTERNAL IDS

db:SIEMENSid:SSA-088132

Trust: 1.6

db:NVDid:CVE-2023-52891

Trust: 1.6

db:CNVDid:CNVD-2024-31238

Trust: 0.6

sources: CNVD: CNVD-2024-31238 // NVD: CVE-2023-52891

REFERENCES

url:https://cert-portal.siemens.com/productcert/html/ssa-088132.html

Trust: 1.6

sources: CNVD: CNVD-2024-31238 // NVD: CVE-2023-52891

SOURCES

db:CNVDid:CNVD-2024-31238
db:NVDid:CVE-2023-52891

LAST UPDATE DATE

2024-08-14T14:01:08.148000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2024-31238date:2024-07-10T00:00:00
db:NVDid:CVE-2023-52891date:2024-07-09T18:19:14.047

SOURCES RELEASE DATE

db:CNVDid:CNVD-2024-31238date:2024-07-10T00:00:00
db:NVDid:CVE-2023-52891date:2024-07-09T12:15:11.263