Details of VAR-202409-0270

ID

VAR-202409-0270

CVE

CVE-2023-30756

TITLE

Siemens Industrial Products Null Pointer Dereference Vulnerability (CNVD-2024-38015)

Trust: 0.6

sources: CNVD: CNVD-2024-38015

DESCRIPTION

A vulnerability has been identified in SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-1 (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-7 LTE (All versions < V3.5.20), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions < V3.5.20), SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions), SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions), SIMATIC WinCC Runtime Advanced (All versions), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions < V2.4.8), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions < V2.4.8). The web server of the affected devices do not properly handle certain errors when using the Expect HTTP request header, resulting in NULL dereference. This could allow a remote attacker with no privileges to cause a denial of service condition in the system. SIMATIC CP 1242 and CP 1243 related processors connect SIMATIC S7-1200 controllers to wide area networks (WANs). They offer integrated security features such as firewalls, virtual private networks (VPNs) and support for other data encryption protocols. SIMATIC HMI Panels are used for operator control and monitoring of machines and plants. SIMATIC IPC DiagBase diagnostics software allows early identification of any potential faults on SIMATIC industrial computers and helps to avoid or reduce system downtime. SIMATIC IPC DiagMonitor monitors, reports, visualizes and logs the system status of SIMATIC IPCs. It communicates with other systems and reacts when events occur. Communication processor (CP) modules SIMATIC TIM 3V-IE and TIM 4R-IE are designed to enable Ethernet or telecontrol communication for SIMATIC S7-300/S7-400 CPUs. SIMATIC WinCC Runtime Advanced is a visualization runtime platform for operator control and monitoring of machines and plants. SIPLUS extreme products are designed for reliable operation under extreme conditions and are based on SIMATIC, LOGO!, SITOP, SINAMICS, SIMOTION, SCALANCE or other devices. SIPLUS devices use the same firmware as the products they are based on. Siemens Industrial products have a null pointer dereference vulnerability

Trust: 1.44

sources: NVD: CVE-2023-30756 // CNVD: CNVD-2024-38015

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2024-38015

AFFECTED PRODUCTS

vendor:	siemens	model:	simatic ipc diagmonitor	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	simatic wincc runtime advanced	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	simatic ipc diagbase	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	siplus tim irc	scope:	eq	version:	1531<v2.4.8	Trust: 0.6
vendor:	siemens	model:	tim irc	scope:	eq	version:	1531<v2.4.8	Trust: 0.6
vendor:	siemens	model:	simatic cp	scope:	eq	version:	1242-7v2<v3.5.20	Trust: 0.6
vendor:	siemens	model:	simatic cp	scope:	eq	version:	1243-1<v3.5.20	Trust: 0.6
vendor:	siemens	model:	simatic cp dnp3	scope:	eq	version:	1243-1<v3.5.20	Trust: 0.6
vendor:	siemens	model:	simatic cp iec	scope:	eq	version:	1243-1<v3.5.20	Trust: 0.6
vendor:	siemens	model:	simatic cp lte	scope:	eq	version:	1243-7<v3.5.20	Trust: 0.6
vendor:	siemens	model:	simatic cp irc	scope:	eq	version:	1243-8<v3.5.20	Trust: 0.6
vendor:	siemens	model:	simatic hmi comfort panels	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2024-38015

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com:	CVE-2023-30756
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2024-38015
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2024-38015
severity:	MEDIUM
baseScore:	5.4
vectorString:	AV:N/AC:H/AU:N/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	4.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

productcert@siemens.com:	CVE-2023-30756
baseSeverity:	MEDIUM
baseScore:	5.9
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.2
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2024-38015 // NVD: CVE-2023-30756

PROBLEMTYPE DATA

problemtype:

CWE-476

Trust: 1.0

sources: NVD: CVE-2023-30756

PATCH

title:

Patch for Siemens Industrial Products Null Pointer Dereference Vulnerability (CNVD-2024-38015)

url:

https://www.cnvd.org.cn/patchInfo/show/590311

Trust: 0.6

sources: CNVD: CNVD-2024-38015

EXTERNAL IDS

db:	SIEMENS	id:	SSA-423808	Trust: 1.6
db:	NVD	id:	CVE-2023-30756	Trust: 1.6
db:	CNVD	id:	CNVD-2024-38015	Trust: 0.6

sources: CNVD: CNVD-2024-38015 // NVD: CVE-2023-30756

REFERENCES

url:

https://cert-portal.siemens.com/productcert/html/ssa-423808.html

Trust: 1.6

sources: CNVD: CNVD-2024-38015 // NVD: CVE-2023-30756

SOURCES

db:	CNVD	id:	CNVD-2024-38015
db:	NVD	id:	CVE-2023-30756

LAST UPDATE DATE

2024-09-13T23:28:46.292000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2024-38015	date:	2024-09-12T00:00:00
db:	NVD	id:	CVE-2023-30756	date:	2024-09-10T12:09:50.377

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2024-38015	date:	2024-09-12T00:00:00
db:	NVD	id:	CVE-2023-30756	date:	2024-09-10T10:15:06.197