All the vulnerabilites related to Siemens - SIMATIC IPC DiagBase
var-202304-0701
Vulnerability from variot
A vulnerability has been identified in SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-7 LTE US (6GK7243-7SX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions < V2.3), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions < V2.3), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) (All versions < V2.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE0) (All versions < V3.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE1) (All versions < V3.3), SIMATIC CP 443-1 Advanced (6GK7443-1GX30-0XE0) (All versions < V3.3), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) (All versions < V2.3), SIPLUS NET CP 1242-7 V2 (6AG1242-7KX31-7XE0) (All versions < V3.4.29), SIPLUS NET CP 443-1 (6AG1443-1EX30-4XE0) (All versions < V3.3), SIPLUS NET CP 443-1 Advanced (6AG1443-1GX30-4XE0) (All versions < V3.3), SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0) (All versions < V3.4.29), SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0) (All versions < V3.4.29), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions < V2.3.6), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions < V2.3.6). The webserver of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation of the webserver of the affected product. simatic cp 1242-7 v2 firmware, SIMATIC CP 1243-1 firmware, simatic cp 1243-1 dnp3 Multiple Siemens products, including firmware, contain vulnerabilities related to limited or unthrottled resource allocation.Service operation interruption (DoS) It may be in a state. Siemens SIMATIC IPC DiagMonitor is a set of system monitoring and fault diagnosis software from Siemens. The SIMATIC CP 1242-7 and CP 1243-7 LTE communications processors connect the SIMATIC S7-1200 controllers to the wide area network (WAN). They offer integrated security features such as firewalls, virtual private networks (VPNs), and support for other data encryption protocols. The SIMATIC CP 1243-8 IRC communication processor connects the SIMATIC S7-1200 controller to the control center or the ST7 master station via the SINAUT ST7 remote control protocol
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202304-0701", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "simatic cp", "scope": "eq", "trust": 1.2, "vendor": "siemens", "version": "443-1\u003cv3.3" }, { "model": "simatic cp 1243-7 lte eu", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic cp 1542sp-1", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic cp 443-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.3" }, { "model": "siplus net cp 443-1 advanced", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.3" }, { "model": "siplus et 200sp cp 1543sp-1 isec", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic ipc diagbase", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "siplus tim 1531 irc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.3.6" }, { "model": "siplus et 200sp cp 1542sp-1 irc tx rail", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic ipc diagmonitor", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "tim 1531 irc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.3.6" }, { "model": "siplus s7-1200 cp 1243-1", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic cp 1243-1 iec", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "siplus net cp 1242-7 v2", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "siplus s7-1200 cp 1243-1 rail", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic cp 1243-7 lte us", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "siplus net cp 443-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.3" }, { "model": "simatic cp 1243-1", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic cp 1243-8 irc", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic cp 1243-1 dnp3", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic cp 1543sp-1", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "siplus et 200sp cp 1543sp-1 isec tx rail", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic cp 1542sp-1 irc", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic cp 443-1 advanced", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.3" }, { "model": "simatic cp 1242-7 v2", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic cp 443-1 advanced", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic ipc diagmonitor", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic cp 1243-1 dnp3", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "siplus net cp 1242-7 v2", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic cp 1542sp-1", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic cp 1243-8 irc", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic cp 1243-7 lte us", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "siplus net cp 443-1 advanced", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic cp 1543sp-1", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "siplus et 200sp cp 1543sp-1 isec", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic cp 443-1", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic cp 1242-7 v2", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic cp 1243-1", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic cp 1243-1 iec", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "siplus net cp 443-1", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "siplus et 200sp cp 1542sp-1 irc tx rail", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic ipc diagbase", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic cp 1542sp-1 irc", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "siplus et 200sp cp 1543sp-1 isec tx rail", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic cp 1243-7 lte eu", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic ipc diagmonitor", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic cp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1242-7v2" }, { "model": "simatic cp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-1" }, { "model": "simatic cp lte eu", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-7" }, { "model": "simatic cp lte us", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-7" }, { "model": "simatic cp irc", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-8" }, { "model": "siplus net cp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1242-7v2" }, { "model": "siplus s7-1200 cp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-1" }, { "model": "siplus s7-1200 cp rail", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-1" }, { "model": "simatic cp advanced", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "443-1\u003cv3.3" }, { "model": "simatic cp dnp3", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-1" }, { "model": "simatic cp iec", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-1" }, { "model": "simatic cp 1542sp-1", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic cp 1542sp-1 irc", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic cp 1543sp-1", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic ipc diagbase", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "siplus et 200sp cp 1542sp-1 irc tx rail", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "siplus et 200sp cp 1543sp-1 isec", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "siplus et 200sp cp 1543sp-1 isec tx rail", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "siplus net cp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "443-1\u003cv3.3" }, { "model": "siplus net cp advanced \u003cv3.3l", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "443-1" }, { "model": "siplus tim irc", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1531\u003cv2.3.6" }, { "model": "tim irc", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1531\u003cv2.3.6" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-35759" }, { "db": "JVNDB", "id": "JVNDB-2022-022095" }, { "db": "NVD", "id": "CVE-2022-43768" } ] }, "cve": "CVE-2022-43768", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CNVD-2023-35759", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "productcert@siemens.com", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "id": "CVE-2022-43768", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "OTHER", "availabilityImpact": "High", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "JVNDB-2022-022095", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "productcert@siemens.com", "id": "CVE-2022-43768", "trust": 1.0, "value": "HIGH" }, { "author": "OTHER", "id": "JVNDB-2022-022095", "trust": 0.8, "value": "High" }, { "author": "CNVD", "id": "CNVD-2023-35759", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202304-726", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-35759" }, { "db": "JVNDB", "id": "JVNDB-2022-022095" }, { "db": "CNNVD", "id": "CNNVD-202304-726" }, { "db": "NVD", "id": "CVE-2022-43768" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0) (All versions \u003c V3.4.29), SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0) (All versions \u003c V3.4.29), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions \u003c V3.4.29), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions \u003c V3.4.29), SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30-0XE0) (All versions \u003c V3.4.29), SIMATIC CP 1243-7 LTE US (6GK7243-7SX30-0XE0) (All versions \u003c V3.4.29), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions \u003c V3.4.29), SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions \u003c V2.3), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions \u003c V2.3), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) (All versions \u003c V2.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE0) (All versions \u003c V3.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE1) (All versions \u003c V3.3), SIMATIC CP 443-1 Advanced (6GK7443-1GX30-0XE0) (All versions \u003c V3.3), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0) (All versions \u003c V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) (All versions \u003c V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) (All versions \u003c V2.3), SIPLUS NET CP 1242-7 V2 (6AG1242-7KX31-7XE0) (All versions \u003c V3.4.29), SIPLUS NET CP 443-1 (6AG1443-1EX30-4XE0) (All versions \u003c V3.3), SIPLUS NET CP 443-1 Advanced (6AG1443-1GX30-4XE0) (All versions \u003c V3.3), SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0) (All versions \u003c V3.4.29), SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0) (All versions \u003c V3.4.29), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions \u003c V2.3.6), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions \u003c V2.3.6). The webserver of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation of the webserver of the affected product. simatic cp 1242-7 v2 firmware, SIMATIC CP 1243-1 firmware, simatic cp 1243-1 dnp3 Multiple Siemens products, including firmware, contain vulnerabilities related to limited or unthrottled resource allocation.Service operation interruption (DoS) It may be in a state. Siemens SIMATIC IPC DiagMonitor is a set of system monitoring and fault diagnosis software from Siemens. The SIMATIC CP 1242-7 and CP 1243-7 LTE communications processors connect the SIMATIC S7-1200 controllers to the wide area network (WAN). They offer integrated security features such as firewalls, virtual private networks (VPNs), and support for other data encryption protocols. The SIMATIC CP 1243-8 IRC communication processor connects the SIMATIC S7-1200 controller to the control center or the ST7 master station via the SINAUT ST7 remote control protocol", "sources": [ { "db": "NVD", "id": "CVE-2022-43768" }, { "db": "JVNDB", "id": "JVNDB-2022-022095" }, { "db": "CNVD", "id": "CNVD-2023-35759" } ], "trust": 2.16 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-43768", "trust": 3.8 }, { "db": "SIEMENS", "id": "SSA-566905", "trust": 3.0 }, { "db": "SIEMENS", "id": "SSA-139628", "trust": 1.0 }, { "db": "ICS CERT", "id": "ICSA-23-103-10", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU94715153", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2022-022095", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2023-35759", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2023.2159", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202304-726", "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-35759" }, { "db": "JVNDB", "id": "JVNDB-2022-022095" }, { "db": "CNNVD", "id": "CNNVD-202304-726" }, { "db": "NVD", "id": "CVE-2022-43768" } ] }, "id": "VAR-202304-0701", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2023-35759" } ], "trust": 1.3845387558333333 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-35759" } ] }, "last_update_date": "2024-09-10T22:39:35.933000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Patch for Denial of Service Vulnerability in Several Siemens Products (CNVD-2023-35759)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/424651" }, { "title": "Siemens SIMATIC CP443-1 OPC UA9 Security vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=233079" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-35759" }, { "db": "CNNVD", "id": "CNNVD-202304-726" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-770", "trust": 1.0 }, { "problemtype": "Allocation of resources without limits or throttling (CWE-770) [ others ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-022095" }, { "db": "NVD", "id": "CVE-2022-43768" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.0, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-566905.pdf" }, { "trust": 1.0, "url": "https://cert-portal.siemens.com/productcert/html/ssa-139628.html" }, { "trust": 1.0, "url": "https://cert-portal.siemens.com/productcert/html/ssa-566905.html" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu94715153/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-43768" }, { "trust": 0.8, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-103-10" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-43768/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2023.2159" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-35759" }, { "db": "JVNDB", "id": "JVNDB-2022-022095" }, { "db": "CNNVD", "id": "CNNVD-202304-726" }, { "db": "NVD", "id": "CVE-2022-43768" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2023-35759" }, { "db": "JVNDB", "id": "JVNDB-2022-022095" }, { "db": "CNNVD", "id": "CNNVD-202304-726" }, { "db": "NVD", "id": "CVE-2022-43768" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-05-10T00:00:00", "db": "CNVD", "id": "CNVD-2023-35759" }, { "date": "2023-11-15T00:00:00", "db": "JVNDB", "id": "JVNDB-2022-022095" }, { "date": "2023-04-11T00:00:00", "db": "CNNVD", "id": "CNNVD-202304-726" }, { "date": "2023-04-11T10:15:17.617000", "db": "NVD", "id": "CVE-2022-43768" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-05-10T00:00:00", "db": "CNVD", "id": "CNVD-2023-35759" }, { "date": "2023-11-15T06:20:00", "db": "JVNDB", "id": "JVNDB-2022-022095" }, { "date": "2023-05-10T00:00:00", "db": "CNNVD", "id": "CNNVD-202304-726" }, { "date": "2024-09-10T10:15:05.020000", "db": "NVD", "id": "CVE-2022-43768" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202304-726" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Vulnerability in limiting or non-slotting resource allocation in multiple Siemens products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-022095" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202304-726" } ], "trust": 0.6 } }
var-202409-0271
Vulnerability from variot
A vulnerability has been identified in SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-1 (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-7 LTE (All versions < V3.5.20), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions < V3.5.20), SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions), SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions), SIMATIC WinCC Runtime Advanced (All versions), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions < V2.4.8), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions < V2.4.8). The web server of the affected devices do not properly handle certain requests, causing a timeout in the watchdog, which could lead to the clean up of pointers.
This could allow a remote attacker to cause a denial of service condition in the system. SIMATIC CP 1242 and CP 1243 related processors connect SIMATIC S7-1200 controllers to wide area networks (WANs). They offer integrated security features such as firewalls, virtual private networks (VPNs) and support for other data encryption protocols. SIMATIC HMI Panels are used for operator control and monitoring of machines and plants. SIMATIC IPC DiagBase diagnostics software allows early identification of any potential faults on SIMATIC industrial computers and helps to avoid or reduce system downtime. SIMATIC IPC DiagMonitor monitors, reports, visualizes and logs the system status of SIMATIC IPCs. It communicates with other systems and reacts when events occur. Communication processor (CP) modules SIMATIC TIM 3V-IE and TIM 4R-IE are designed to enable Ethernet or telecontrol communication for SIMATIC S7-300/S7-400 CPUs. SIMATIC WinCC Runtime Advanced is a visualization runtime platform for operator control and monitoring of machines and plants. SIPLUS extreme products are designed for reliable operation under extreme conditions and are based on SIMATIC, LOGO!, SITOP, SINAMICS, SIMOTION, SCALANCE or other devices. SIPLUS devices use the same firmware as the products they are based on
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202409-0271", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "simatic ipc diagmonitor", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic wincc runtime advanced", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic ipc diagbase", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "siplus tim irc", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1531\u003cv2.4.8" }, { "model": "tim irc", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1531\u003cv2.4.8" }, { "model": "simatic cp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1242-7v2\u003cv3.5.20" }, { "model": "simatic cp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-1\u003cv3.5.20" }, { "model": "simatic cp dnp3", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-1\u003cv3.5.20" }, { "model": "simatic cp iec", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-1\u003cv3.5.20" }, { "model": "simatic cp lte", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-7\u003cv3.5.20" }, { "model": "simatic cp irc", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-8\u003cv3.5.20" }, { "model": "simatic hmi comfort panels", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-38017" } ] }, "cve": "CVE-2023-28827", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 5.4, "confidentialityImpact": "NONE", "exploitabilityScore": 4.9, "id": "CNVD-2024-38017", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "productcert@siemens.com", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 2.2, "id": "CVE-2023-28827", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } ], "severity": [ { "author": "productcert@siemens.com", "id": "CVE-2023-28827", "trust": 1.0, "value": "High" }, { "author": "CNVD", "id": "CNVD-2024-38017", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-38017" }, { "db": "NVD", "id": "CVE-2023-28827" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) (All versions \u003c V3.5.20), SIMATIC CP 1243-1 (incl. SIPLUS variants) (All versions \u003c V3.5.20), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions \u003c V3.5.20), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions \u003c V3.5.20), SIMATIC CP 1243-7 LTE (All versions \u003c V3.5.20), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions \u003c V3.5.20), SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions), SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions), SIMATIC WinCC Runtime Advanced (All versions), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions \u003c V2.4.8), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions \u003c V2.4.8). The web server of the affected devices do not properly handle certain requests, causing a timeout in the watchdog, which could lead to the clean up of pointers. \r\n\r\nThis could allow a remote attacker to cause a denial of service condition in the system. SIMATIC CP 1242 and CP 1243 related processors connect SIMATIC S7-1200 controllers to wide area networks (WANs). They offer integrated security features such as firewalls, virtual private networks (VPNs) and support for other data encryption protocols. SIMATIC HMI Panels are used for operator control and monitoring of machines and plants. SIMATIC IPC DiagBase diagnostics software allows early identification of any potential faults on SIMATIC industrial computers and helps to avoid or reduce system downtime. SIMATIC IPC DiagMonitor monitors, reports, visualizes and logs the system status of SIMATIC IPCs. It communicates with other systems and reacts when events occur. Communication processor (CP) modules SIMATIC TIM 3V-IE and TIM 4R-IE are designed to enable Ethernet or telecontrol communication for SIMATIC S7-300/S7-400 CPUs. SIMATIC WinCC Runtime Advanced is a visualization runtime platform for operator control and monitoring of machines and plants. SIPLUS extreme products are designed for reliable operation under extreme conditions and are based on SIMATIC, LOGO!, SITOP, SINAMICS, SIMOTION, SCALANCE or other devices. SIPLUS devices use the same firmware as the products they are based on", "sources": [ { "db": "NVD", "id": "CVE-2023-28827" }, { "db": "CNVD", "id": "CNVD-2024-38017" } ], "trust": 1.44 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2023-28827", "trust": 1.6 }, { "db": "SIEMENS", "id": "SSA-423808", "trust": 1.6 }, { "db": "CNVD", "id": "CNVD-2024-38017", "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-38017" }, { "db": "NVD", "id": "CVE-2023-28827" } ] }, "id": "VAR-202409-0271", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2024-38017" } ], "trust": 1.364781105 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-38017" } ] }, "last_update_date": "2024-09-13T23:28:46.324000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Patch for Siemens Industrial Products Null Pointer Dereference Vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/590301" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-38017" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-476", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2023-28827" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "https://cert-portal.siemens.com/productcert/html/ssa-423808.html" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-38017" }, { "db": "NVD", "id": "CVE-2023-28827" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2024-38017" }, { "db": "NVD", "id": "CVE-2023-28827" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-09-12T00:00:00", "db": "CNVD", "id": "CNVD-2024-38017" }, { "date": "2024-09-10T10:15:05.347000", "db": "NVD", "id": "CVE-2023-28827" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-09-12T00:00:00", "db": "CNVD", "id": "CNVD-2024-38017" }, { "date": "2024-09-10T12:09:50.377000", "db": "NVD", "id": "CVE-2023-28827" } ] }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens Industrial Products Null Pointer Dereference Vulnerability", "sources": [ { "db": "CNVD", "id": "CNVD-2024-38017" } ], "trust": 0.6 } }
var-202304-0702
Vulnerability from variot
A vulnerability has been identified in SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-7 LTE US (6GK7243-7SX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions < V2.3), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions < V2.3), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) (All versions < V2.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE0) (All versions < V3.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE1) (All versions < V3.3), SIMATIC CP 443-1 Advanced (6GK7443-1GX30-0XE0) (All versions < V3.3), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) (All versions < V2.3), SIPLUS NET CP 1242-7 V2 (6AG1242-7KX31-7XE0) (All versions < V3.4.29), SIPLUS NET CP 443-1 (6AG1443-1EX30-4XE0) (All versions < V3.3), SIPLUS NET CP 443-1 Advanced (6AG1443-1GX30-4XE0) (All versions < V3.3), SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0) (All versions < V3.4.29), SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0) (All versions < V3.4.29), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions < V2.3.6), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions < V2.3.6). The webserver of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation which leads to a restart of the webserver of the affected product. simatic cp 1242-7 v2 firmware, SIMATIC CP 1243-1 firmware, simatic cp 1243-1 dnp3 Multiple Siemens products, including firmware, contain vulnerabilities related to the use of freed memory.Service operation interruption (DoS) It may be in a state. Siemens SIMATIC IPC DiagMonitor is a set of system monitoring and fault diagnosis software of Siemens (Siemens) in Germany. The SIMATIC CP 1242-7 and CP 1243-7 LTE communications processors connect the SIMATIC S7-1200 controllers to the wide area network (WAN). They offer integrated security features such as firewalls, virtual private networks (VPNs), and support for other data encryption protocols. The SIMATIC CP 1243-8 IRC communication processor connects the SIMATIC S7-1200 controller to the control center or the ST7 master station via the SINAUT ST7 remote control protocol
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202304-0702", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "simatic cp", "scope": "eq", "trust": 1.2, "vendor": "siemens", "version": "443-1\u003cv3.3" }, { "model": "simatic cp 1243-7 lte eu", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic cp 1542sp-1", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic cp 443-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.3" }, { "model": "siplus net cp 443-1 advanced", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.3" }, { "model": "siplus et 200sp cp 1543sp-1 isec", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic ipc diagbase", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "siplus tim 1531 irc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.3.6" }, { "model": "siplus et 200sp cp 1542sp-1 irc tx rail", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic ipc diagmonitor", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "tim 1531 irc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.3.6" }, { "model": "siplus s7-1200 cp 1243-1", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic cp 1243-1 iec", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "siplus net cp 1242-7 v2", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "siplus s7-1200 cp 1243-1 rail", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic cp 1243-7 lte us", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "siplus net cp 443-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.3" }, { "model": "simatic cp 1243-1", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic cp 1243-8 irc", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic cp 1243-1 dnp3", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic cp 1543sp-1", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "siplus et 200sp cp 1543sp-1 isec tx rail", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic cp 1542sp-1 irc", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic cp 443-1 advanced", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.3" }, { "model": "simatic cp 1242-7 v2", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic cp 443-1 advanced", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic ipc diagmonitor", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic cp 1243-1 dnp3", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "siplus net cp 1242-7 v2", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic cp 1542sp-1", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic cp 1243-8 irc", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic cp 1243-7 lte us", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "siplus net cp 443-1 advanced", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic cp 1543sp-1", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "siplus et 200sp cp 1543sp-1 isec", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic cp 443-1", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic cp 1242-7 v2", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic cp 1243-1", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic cp 1243-1 iec", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "siplus net cp 443-1", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "siplus et 200sp cp 1542sp-1 irc tx rail", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic ipc diagbase", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic cp 1542sp-1 irc", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "siplus et 200sp cp 1543sp-1 isec tx rail", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic cp 1243-7 lte eu", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic ipc diagmonitor", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic cp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1242-7v2" }, { "model": "simatic cp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-1" }, { "model": "simatic cp lte eu", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-7" }, { "model": "simatic cp lte us", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-7" }, { "model": "simatic cp irc", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-8" }, { "model": "siplus net cp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1242-7v2" }, { "model": "siplus s7-1200 cp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-1" }, { "model": "siplus s7-1200 cp rail", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-1" }, { "model": "simatic cp advanced", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "443-1\u003cv3.3" }, { "model": "simatic cp dnp3", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-1" }, { "model": "simatic cp iec", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-1" }, { "model": "simatic cp 1542sp-1", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic cp 1542sp-1 irc", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic cp 1543sp-1", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic ipc diagbase", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "siplus et 200sp cp 1542sp-1 irc tx rail", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "siplus et 200sp cp 1543sp-1 isec", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "siplus et 200sp cp 1543sp-1 isec tx rail", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "siplus net cp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "443-1\u003cv3.3" }, { "model": "siplus net cp advanced \u003cv3.3l", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "443-1" }, { "model": "siplus tim irc", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1531\u003cv2.3.6" }, { "model": "tim irc", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1531\u003cv2.3.6" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-35756" }, { "db": "JVNDB", "id": "JVNDB-2022-022093" }, { "db": "NVD", "id": "CVE-2022-43716" } ] }, "cve": "CVE-2022-43716", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CNVD-2023-35756", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "productcert@siemens.com", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "id": "CVE-2022-43716", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 2.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "OTHER", "availabilityImpact": "High", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "JVNDB-2022-022093", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "productcert@siemens.com", "id": "CVE-2022-43716", "trust": 1.0, "value": "HIGH" }, { "author": "nvd@nist.gov", "id": "CVE-2022-43716", "trust": 1.0, "value": "HIGH" }, { "author": "OTHER", "id": "JVNDB-2022-022093", "trust": 0.8, "value": "High" }, { "author": "CNVD", "id": "CNVD-2023-35756", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202304-727", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-35756" }, { "db": "JVNDB", "id": "JVNDB-2022-022093" }, { "db": "CNNVD", "id": "CNNVD-202304-727" }, { "db": "NVD", "id": "CVE-2022-43716" }, { "db": "NVD", "id": "CVE-2022-43716" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0) (All versions \u003c V3.4.29), SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0) (All versions \u003c V3.4.29), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions \u003c V3.4.29), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions \u003c V3.4.29), SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30-0XE0) (All versions \u003c V3.4.29), SIMATIC CP 1243-7 LTE US (6GK7243-7SX30-0XE0) (All versions \u003c V3.4.29), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions \u003c V3.4.29), SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions \u003c V2.3), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions \u003c V2.3), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) (All versions \u003c V2.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE0) (All versions \u003c V3.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE1) (All versions \u003c V3.3), SIMATIC CP 443-1 Advanced (6GK7443-1GX30-0XE0) (All versions \u003c V3.3), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0) (All versions \u003c V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) (All versions \u003c V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) (All versions \u003c V2.3), SIPLUS NET CP 1242-7 V2 (6AG1242-7KX31-7XE0) (All versions \u003c V3.4.29), SIPLUS NET CP 443-1 (6AG1443-1EX30-4XE0) (All versions \u003c V3.3), SIPLUS NET CP 443-1 Advanced (6AG1443-1GX30-4XE0) (All versions \u003c V3.3), SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0) (All versions \u003c V3.4.29), SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0) (All versions \u003c V3.4.29), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions \u003c V2.3.6), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions \u003c V2.3.6). The webserver of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation which leads to a restart of the webserver of the affected product. simatic cp 1242-7 v2 firmware, SIMATIC CP 1243-1 firmware, simatic cp 1243-1 dnp3 Multiple Siemens products, including firmware, contain vulnerabilities related to the use of freed memory.Service operation interruption (DoS) It may be in a state. Siemens SIMATIC IPC DiagMonitor is a set of system monitoring and fault diagnosis software of Siemens (Siemens) in Germany. The SIMATIC CP 1242-7 and CP 1243-7 LTE communications processors connect the SIMATIC S7-1200 controllers to the wide area network (WAN). They offer integrated security features such as firewalls, virtual private networks (VPNs), and support for other data encryption protocols. The SIMATIC CP 1243-8 IRC communication processor connects the SIMATIC S7-1200 controller to the control center or the ST7 master station via the SINAUT ST7 remote control protocol", "sources": [ { "db": "NVD", "id": "CVE-2022-43716" }, { "db": "JVNDB", "id": "JVNDB-2022-022093" }, { "db": "CNVD", "id": "CNVD-2023-35756" } ], "trust": 2.16 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-43716", "trust": 3.8 }, { "db": "SIEMENS", "id": "SSA-566905", "trust": 3.0 }, { "db": "SIEMENS", "id": "SSA-139628", "trust": 1.0 }, { "db": "ICS CERT", "id": "ICSA-23-103-10", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU94715153", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2022-022093", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2023-35756", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2023.2159", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202304-727", "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-35756" }, { "db": "JVNDB", "id": "JVNDB-2022-022093" }, { "db": "CNNVD", "id": "CNNVD-202304-727" }, { "db": "NVD", "id": "CVE-2022-43716" } ] }, "id": "VAR-202304-0702", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2023-35756" } ], "trust": 1.3845387558333333 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-35756" } ] }, "last_update_date": "2024-09-10T21:39:02.572000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Patch for Denial of Service Vulnerability in Several Siemens Products", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/424641" }, { "title": "Siemens SIMATIC CP443-1 OPC UA9 Remediation of resource management error vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=233080" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-35756" }, { "db": "CNNVD", "id": "CNNVD-202304-727" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-416", "trust": 1.0 }, { "problemtype": "Use of freed memory (CWE-416) [ others ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-022093" }, { "db": "NVD", "id": "CVE-2022-43716" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.0, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-566905.pdf" }, { "trust": 1.0, "url": "https://cert-portal.siemens.com/productcert/html/ssa-139628.html" }, { "trust": 1.0, "url": "https://cert-portal.siemens.com/productcert/html/ssa-566905.html" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu94715153/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-43716" }, { "trust": 0.8, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-103-10" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2023.2159" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-43716/" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-35756" }, { "db": "JVNDB", "id": "JVNDB-2022-022093" }, { "db": "CNNVD", "id": "CNNVD-202304-727" }, { "db": "NVD", "id": "CVE-2022-43716" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2023-35756" }, { "db": "JVNDB", "id": "JVNDB-2022-022093" }, { "db": "CNNVD", "id": "CNNVD-202304-727" }, { "db": "NVD", "id": "CVE-2022-43716" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-05-10T00:00:00", "db": "CNVD", "id": "CNVD-2023-35756" }, { "date": "2023-11-15T00:00:00", "db": "JVNDB", "id": "JVNDB-2022-022093" }, { "date": "2023-04-11T00:00:00", "db": "CNNVD", "id": "CNNVD-202304-727" }, { "date": "2023-04-11T10:15:17.467000", "db": "NVD", "id": "CVE-2022-43716" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-05-10T00:00:00", "db": "CNVD", "id": "CNVD-2023-35756" }, { "date": "2023-11-15T06:20:00", "db": "JVNDB", "id": "JVNDB-2022-022093" }, { "date": "2023-05-10T00:00:00", "db": "CNNVD", "id": "CNNVD-202304-727" }, { "date": "2024-09-10T10:15:04.627000", "db": "NVD", "id": "CVE-2022-43716" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202304-727" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Use of Freed Memory Vulnerability in Multiple Siemens Products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-022093" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "resource management error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202304-727" } ], "trust": 0.6 } }
var-202304-0700
Vulnerability from variot
A vulnerability has been identified in SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-7 LTE US (6GK7243-7SX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions < V2.3), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions < V2.3), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) (All versions < V2.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE0) (All versions < V3.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE1) (All versions < V3.3), SIMATIC CP 443-1 Advanced (6GK7443-1GX30-0XE0) (All versions < V3.3), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) (All versions < V2.3), SIPLUS NET CP 1242-7 V2 (6AG1242-7KX31-7XE0) (All versions < V3.4.29), SIPLUS NET CP 443-1 (6AG1443-1EX30-4XE0) (All versions < V3.3), SIPLUS NET CP 443-1 Advanced (6AG1443-1GX30-4XE0) (All versions < V3.3), SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0) (All versions < V3.4.29), SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0) (All versions < V3.4.29), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions < V2.3.6), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions < V2.3.6). The webserver of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation of the webserver of the affected product. simatic cp 1242-7 v2 firmware, SIMATIC CP 1243-1 firmware, simatic cp 1243-1 dnp3 Several Siemens products, including firmware, contain vulnerabilities related to deadlock.Service operation interruption (DoS) It may be in a state. Siemens SIMATIC IPC DiagMonitor is a set of system monitoring and fault diagnosis software from Siemens. The SIMATIC CP 1242-7 and CP 1243-7 LTE communications processors connect the SIMATIC S7-1200 controllers to the wide area network (WAN). They offer integrated security features such as firewalls, virtual private networks (VPNs), and support for other data encryption protocols. The SIMATIC CP 1243-8 IRC communication processor connects the SIMATIC S7-1200 controller to the control center or the ST7 master station via the SINAUT ST7 remote control protocol
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202304-0700", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "simatic cp", "scope": "eq", "trust": 1.2, "vendor": "siemens", "version": "443-1\u003cv3.3" }, { "model": "simatic cp 1243-7 lte eu", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic cp 1542sp-1", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic cp 443-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.3" }, { "model": "siplus net cp 443-1 advanced", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.3" }, { "model": "siplus et 200sp cp 1543sp-1 isec", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic ipc diagbase", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "siplus tim 1531 irc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.3.6" }, { "model": "siplus et 200sp cp 1542sp-1 irc tx rail", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic ipc diagmonitor", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "tim 1531 irc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.3.6" }, { "model": "siplus s7-1200 cp 1243-1", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic cp 1243-1 iec", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "siplus net cp 1242-7 v2", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "siplus s7-1200 cp 1243-1 rail", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic cp 1243-7 lte us", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "siplus net cp 443-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.3" }, { "model": "simatic cp 1243-1", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic cp 1243-8 irc", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic cp 1243-1 dnp3", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic cp 1543sp-1", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "siplus et 200sp cp 1543sp-1 isec tx rail", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic cp 1542sp-1 irc", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic cp 443-1 advanced", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.3" }, { "model": "simatic cp 1242-7 v2", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic cp 443-1 advanced", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic ipc diagmonitor", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic cp 1243-1 dnp3", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "siplus net cp 1242-7 v2", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic cp 1542sp-1", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic cp 1243-8 irc", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic cp 1243-7 lte us", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "siplus net cp 443-1 advanced", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic cp 1543sp-1", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "siplus et 200sp cp 1543sp-1 isec", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic cp 443-1", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic cp 1242-7 v2", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic cp 1243-1", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic cp 1243-1 iec", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "siplus net cp 443-1", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "siplus et 200sp cp 1542sp-1 irc tx rail", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic ipc diagbase", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic cp 1542sp-1 irc", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "siplus et 200sp cp 1543sp-1 isec tx rail", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic cp 1243-7 lte eu", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic ipc diagmonitor", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic cp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1242-7v2" }, { "model": "simatic cp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-1" }, { "model": "simatic cp lte eu", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-7" }, { "model": "simatic cp lte us", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-7" }, { "model": "simatic cp irc", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-8" }, { "model": "siplus net cp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1242-7v2" }, { "model": "siplus s7-1200 cp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-1" }, { "model": "siplus s7-1200 cp rail", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-1" }, { "model": "simatic cp advanced", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "443-1\u003cv3.3" }, { "model": "simatic cp dnp3", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-1" }, { "model": "simatic cp iec", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-1" }, { "model": "simatic cp 1542sp-1", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic cp 1542sp-1 irc", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic cp 1543sp-1", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic ipc diagbase", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "siplus et 200sp cp 1542sp-1 irc tx rail", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "siplus et 200sp cp 1543sp-1 isec", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "siplus et 200sp cp 1543sp-1 isec tx rail", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "siplus net cp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "443-1\u003cv3.3" }, { "model": "siplus net cp advanced \u003cv3.3l", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "443-1" }, { "model": "siplus tim irc", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1531\u003cv2.3.6" }, { "model": "tim irc", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1531\u003cv2.3.6" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-35758" }, { "db": "JVNDB", "id": "JVNDB-2022-022094" }, { "db": "NVD", "id": "CVE-2022-43767" } ] }, "cve": "CVE-2022-43767", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CNVD-2023-35758", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "productcert@siemens.com", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "id": "CVE-2022-43767", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "OTHER", "availabilityImpact": "High", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "JVNDB-2022-022094", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "productcert@siemens.com", "id": "CVE-2022-43767", "trust": 1.0, "value": "HIGH" }, { "author": "OTHER", "id": "JVNDB-2022-022094", "trust": 0.8, "value": "High" }, { "author": "CNVD", "id": "CNVD-2023-35758", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202304-729", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-35758" }, { "db": "JVNDB", "id": "JVNDB-2022-022094" }, { "db": "CNNVD", "id": "CNNVD-202304-729" }, { "db": "NVD", "id": "CVE-2022-43767" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0) (All versions \u003c V3.4.29), SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0) (All versions \u003c V3.4.29), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions \u003c V3.4.29), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions \u003c V3.4.29), SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30-0XE0) (All versions \u003c V3.4.29), SIMATIC CP 1243-7 LTE US (6GK7243-7SX30-0XE0) (All versions \u003c V3.4.29), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions \u003c V3.4.29), SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions \u003c V2.3), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions \u003c V2.3), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) (All versions \u003c V2.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE0) (All versions \u003c V3.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE1) (All versions \u003c V3.3), SIMATIC CP 443-1 Advanced (6GK7443-1GX30-0XE0) (All versions \u003c V3.3), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0) (All versions \u003c V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) (All versions \u003c V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) (All versions \u003c V2.3), SIPLUS NET CP 1242-7 V2 (6AG1242-7KX31-7XE0) (All versions \u003c V3.4.29), SIPLUS NET CP 443-1 (6AG1443-1EX30-4XE0) (All versions \u003c V3.3), SIPLUS NET CP 443-1 Advanced (6AG1443-1GX30-4XE0) (All versions \u003c V3.3), SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0) (All versions \u003c V3.4.29), SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0) (All versions \u003c V3.4.29), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions \u003c V2.3.6), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions \u003c V2.3.6). The webserver of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation of the webserver of the affected product. simatic cp 1242-7 v2 firmware, SIMATIC CP 1243-1 firmware, simatic cp 1243-1 dnp3 Several Siemens products, including firmware, contain vulnerabilities related to deadlock.Service operation interruption (DoS) It may be in a state. Siemens SIMATIC IPC DiagMonitor is a set of system monitoring and fault diagnosis software from Siemens. The SIMATIC CP 1242-7 and CP 1243-7 LTE communications processors connect the SIMATIC S7-1200 controllers to the wide area network (WAN). They offer integrated security features such as firewalls, virtual private networks (VPNs), and support for other data encryption protocols. The SIMATIC CP 1243-8 IRC communication processor connects the SIMATIC S7-1200 controller to the control center or the ST7 master station via the SINAUT ST7 remote control protocol", "sources": [ { "db": "NVD", "id": "CVE-2022-43767" }, { "db": "JVNDB", "id": "JVNDB-2022-022094" }, { "db": "CNVD", "id": "CNVD-2023-35758" } ], "trust": 2.16 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-43767", "trust": 3.8 }, { "db": "SIEMENS", "id": "SSA-566905", "trust": 3.0 }, { "db": "SIEMENS", "id": "SSA-139628", "trust": 1.0 }, { "db": "ICS CERT", "id": "ICSA-23-103-10", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU94715153", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2022-022094", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2023-35758", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2023.2159", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202304-729", "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-35758" }, { "db": "JVNDB", "id": "JVNDB-2022-022094" }, { "db": "CNNVD", "id": "CNNVD-202304-729" }, { "db": "NVD", "id": "CVE-2022-43767" } ] }, "id": "VAR-202304-0700", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2023-35758" } ], "trust": 1.3845387558333333 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-35758" } ] }, "last_update_date": "2024-09-10T22:24:04.730000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Patch for Denial of Service Vulnerability in Several Siemens Products (CNVD-2023-35758)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/424646" }, { "title": "Siemens SIMATIC CP443-1 OPC UA9 Security vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=233082" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-35758" }, { "db": "CNNVD", "id": "CNNVD-202304-729" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 }, { "problemtype": "CWE-833", "trust": 1.0 }, { "problemtype": "deadlock (CWE-833) [ others ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-022094" }, { "db": "NVD", "id": "CVE-2022-43767" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.0, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-566905.pdf" }, { "trust": 1.0, "url": "https://cert-portal.siemens.com/productcert/html/ssa-139628.html" }, { "trust": 1.0, "url": "https://cert-portal.siemens.com/productcert/html/ssa-566905.html" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu94715153/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-43767" }, { "trust": 0.8, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-103-10" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-43767/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2023.2159" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-35758" }, { "db": "JVNDB", "id": "JVNDB-2022-022094" }, { "db": "CNNVD", "id": "CNNVD-202304-729" }, { "db": "NVD", "id": "CVE-2022-43767" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2023-35758" }, { "db": "JVNDB", "id": "JVNDB-2022-022094" }, { "db": "CNNVD", "id": "CNNVD-202304-729" }, { "db": "NVD", "id": "CVE-2022-43767" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-05-10T00:00:00", "db": "CNVD", "id": "CNVD-2023-35758" }, { "date": "2023-11-15T00:00:00", "db": "JVNDB", "id": "JVNDB-2022-022094" }, { "date": "2023-04-11T00:00:00", "db": "CNNVD", "id": "CNNVD-202304-729" }, { "date": "2023-04-11T10:15:17.540000", "db": "NVD", "id": "CVE-2022-43767" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-05-10T00:00:00", "db": "CNVD", "id": "CNVD-2023-35758" }, { "date": "2023-11-15T06:20:00", "db": "JVNDB", "id": "JVNDB-2022-022094" }, { "date": "2023-05-10T00:00:00", "db": "CNNVD", "id": "CNNVD-202304-729" }, { "date": "2024-09-10T10:15:04.850000", "db": "NVD", "id": "CVE-2022-43767" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202304-729" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Deadlock vulnerability in multiple Siemens products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-022094" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202304-729" } ], "trust": 0.6 } }
var-202409-0272
Vulnerability from variot
A vulnerability has been identified in SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-1 (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-7 LTE (All versions < V3.5.20), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions < V3.5.20), SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions), SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions), SIMATIC WinCC Runtime Advanced (All versions), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions < V2.4.8), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions < V2.4.8). The web server of the affected devices do not properly handle the shutdown or reboot request, which could lead to the clean up of certain resources.
This could allow a remote attacker with elevated privileges to cause a denial of service condition in the system. SIMATIC CP 1242 and CP 1243 related processors connect SIMATIC S7-1200 controllers to wide area networks (WANs). They offer integrated security features such as firewalls, virtual private networks (VPNs) and support for other data encryption protocols. SIMATIC HMI Panels are used for operator control and monitoring of machines and plants. SIMATIC IPC DiagBase diagnostics software allows early identification of any potential faults on SIMATIC industrial computers and helps to avoid or reduce system downtime. SIMATIC IPC DiagMonitor monitors, reports, visualizes and logs the system status of SIMATIC IPCs. It communicates with other systems and reacts when events occur. Communication processor (CP) modules SIMATIC TIM 3V-IE and TIM 4R-IE are designed to enable Ethernet or telecontrol communication for SIMATIC S7-300/S7-400 CPUs. SIMATIC WinCC Runtime Advanced is a visualization runtime platform for operator control and monitoring of machines and plants. SIPLUS extreme products are designed for reliable operation under extreme conditions and are based on SIMATIC, LOGO!, SITOP, SINAMICS, SIMOTION, SCALANCE or other devices. SIPLUS devices use the same firmware as the products they are based on.
Siemens Industrial products have a null pointer dereference vulnerability
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202409-0272", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "simatic ipc diagmonitor", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic wincc runtime advanced", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "siplus tim irc", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1531" }, { "model": "simatic ipc diagbase", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "tim irc", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1531\u003cv2.4.8" }, { "model": "simatic cp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1242-7v2\u003cv3.5.20" }, { "model": "simatic cp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-1\u003cv3.5.20" }, { "model": "simatic cp dnp3", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-1\u003cv3.5.20" }, { "model": "simatic cp iec", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-1\u003cv3.5.20" }, { "model": "simatic cp lte", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-7\u003cv3.5.20" }, { "model": "simatic cp irc", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-8\u003cv3.5.20" }, { "model": "simatic hmi comfort panels", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-38016" } ] }, "cve": "CVE-2023-30755", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 5.4, "confidentialityImpact": "NONE", "exploitabilityScore": 4.9, "id": "CNVD-2024-38016", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "productcert@siemens.com", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 0.7, "id": "CVE-2023-30755", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } ], "severity": [ { "author": "productcert@siemens.com", "id": "CVE-2023-30755", "trust": 1.0, "value": "Medium" }, { "author": "CNVD", "id": "CNVD-2024-38016", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-38016" }, { "db": "NVD", "id": "CVE-2023-30755" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) (All versions \u003c V3.5.20), SIMATIC CP 1243-1 (incl. SIPLUS variants) (All versions \u003c V3.5.20), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions \u003c V3.5.20), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions \u003c V3.5.20), SIMATIC CP 1243-7 LTE (All versions \u003c V3.5.20), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions \u003c V3.5.20), SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions), SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions), SIMATIC WinCC Runtime Advanced (All versions), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions \u003c V2.4.8), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions \u003c V2.4.8). The web server of the affected devices do not properly handle the shutdown or reboot request, which could lead to the clean up of certain resources. \r\n\r\nThis could allow a remote attacker with elevated privileges to cause a denial of service condition in the system. SIMATIC CP 1242 and CP 1243 related processors connect SIMATIC S7-1200 controllers to wide area networks (WANs). They offer integrated security features such as firewalls, virtual private networks (VPNs) and support for other data encryption protocols. SIMATIC HMI Panels are used for operator control and monitoring of machines and plants. SIMATIC IPC DiagBase diagnostics software allows early identification of any potential faults on SIMATIC industrial computers and helps to avoid or reduce system downtime. SIMATIC IPC DiagMonitor monitors, reports, visualizes and logs the system status of SIMATIC IPCs. It communicates with other systems and reacts when events occur. Communication processor (CP) modules SIMATIC TIM 3V-IE and TIM 4R-IE are designed to enable Ethernet or telecontrol communication for SIMATIC S7-300/S7-400 CPUs. SIMATIC WinCC Runtime Advanced is a visualization runtime platform for operator control and monitoring of machines and plants. SIPLUS extreme products are designed for reliable operation under extreme conditions and are based on SIMATIC, LOGO!, SITOP, SINAMICS, SIMOTION, SCALANCE or other devices. SIPLUS devices use the same firmware as the products they are based on. \n\nSiemens Industrial products have a null pointer dereference vulnerability", "sources": [ { "db": "NVD", "id": "CVE-2023-30755" }, { "db": "CNVD", "id": "CNVD-2024-38016" } ], "trust": 1.44 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "SIEMENS", "id": "SSA-423808", "trust": 1.6 }, { "db": "NVD", "id": "CVE-2023-30755", "trust": 1.6 }, { "db": "CNVD", "id": "CNVD-2024-38016", "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-38016" }, { "db": "NVD", "id": "CVE-2023-30755" } ] }, "id": "VAR-202409-0272", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2024-38016" } ], "trust": 1.364781105 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-38016" } ] }, "last_update_date": "2024-09-13T23:28:46.308000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Patch for Siemens Industrial Products Null Pointer Dereference Vulnerability (CNVD-2024-38016)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/590306" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-38016" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-476", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2023-30755" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "https://cert-portal.siemens.com/productcert/html/ssa-423808.html" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-38016" }, { "db": "NVD", "id": "CVE-2023-30755" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2024-38016" }, { "db": "NVD", "id": "CVE-2023-30755" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-09-12T00:00:00", "db": "CNVD", "id": "CNVD-2024-38016" }, { "date": "2024-09-10T10:15:05.940000", "db": "NVD", "id": "CVE-2023-30755" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-09-12T00:00:00", "db": "CNVD", "id": "CNVD-2024-38016" }, { "date": "2024-09-10T12:09:50.377000", "db": "NVD", "id": "CVE-2023-30755" } ] }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens Industrial Products Null Pointer Dereference Vulnerability (CNVD-2024-38016)", "sources": [ { "db": "CNVD", "id": "CNVD-2024-38016" } ], "trust": 0.6 } }
var-202407-0374
Vulnerability from variot
A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.5), SIMATIC Energy Manager PRO (All versions < V7.5), SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions), SIMIT V10 (All versions), SIMIT V11 (All versions < V11.1). Unified Automation .NET based OPC UA Server SDK before 3.2.2 used in Siemens products are affected by a similar vulnerability as documented in CVE-2023-27321 for the OPC Foundation UA .NET Standard implementation. A successful attack may lead to high load situation and memory exhaustion, and may block the server. SIMATIC Energy Manager provides users with a scalable, non-industry-specific energy data management system. SIMATIC IPC DiagBase diagnostic software identifies any potential faults on SIMATIC industrial computers at an early stage and helps to avoid or reduce system downtime. SIMATIC IPC DiagMonitor monitors, reports, visualizes and records the system status of SIMATIC industrial computers. It communicates with other systems and reacts when events occur. SIMIT Simluation Platform allows simulation of plant settings to predict faults in the early planning stage
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202407-0374", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "simatic ipc diagmonitor", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic ipc diagbase", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic energy manager basic", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v7.5" }, { "model": "simatic energy manager pro", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v7.5" }, { "model": "simit", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "v10" }, { "model": "simit", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "v11\u003cv11.1" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-31238" } ] }, "cve": "CVE-2023-52891", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CNVD-2024-31238", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "productcert@siemens.com", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "id": "CVE-2023-52891", "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" } ], "severity": [ { "author": "productcert@siemens.com", "id": "CVE-2023-52891", "trust": 1.0, "value": "MEDIUM" }, { "author": "CNVD", "id": "CNVD-2024-31238", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-31238" }, { "db": "NVD", "id": "CVE-2023-52891" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions \u003c V7.5), SIMATIC Energy Manager PRO (All versions \u003c V7.5), SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions), SIMIT V10 (All versions), SIMIT V11 (All versions \u003c V11.1). Unified Automation .NET based OPC UA Server SDK before 3.2.2 used in Siemens products are affected by a similar vulnerability as documented in CVE-2023-27321 for the OPC Foundation UA .NET Standard implementation. A successful attack may lead to high load situation and memory exhaustion, and may block the server. SIMATIC Energy Manager provides users with a scalable, non-industry-specific energy data management system. SIMATIC IPC DiagBase diagnostic software identifies any potential faults on SIMATIC industrial computers at an early stage and helps to avoid or reduce system downtime. SIMATIC IPC DiagMonitor monitors, reports, visualizes and records the system status of SIMATIC industrial computers. It communicates with other systems and reacts when events occur. SIMIT Simluation Platform allows simulation of plant settings to predict faults in the early planning stage", "sources": [ { "db": "NVD", "id": "CVE-2023-52891" }, { "db": "CNVD", "id": "CNVD-2024-31238" } ], "trust": 1.44 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "SIEMENS", "id": "SSA-088132", "trust": 1.6 }, { "db": "NVD", "id": "CVE-2023-52891", "trust": 1.6 }, { "db": "CNVD", "id": "CNVD-2024-31238", "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-31238" }, { "db": "NVD", "id": "CVE-2023-52891" } ] }, "id": "VAR-202407-0374", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2024-31238" } ], "trust": 1.2089285775 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-31238" } ] }, "last_update_date": "2024-08-14T14:01:08.148000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Patch for Siemens Industrial Products OPC UA Server Denial of Service Vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/567721" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-31238" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-1325", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2023-52891" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "https://cert-portal.siemens.com/productcert/html/ssa-088132.html" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-31238" }, { "db": "NVD", "id": "CVE-2023-52891" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2024-31238" }, { "db": "NVD", "id": "CVE-2023-52891" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-07-10T00:00:00", "db": "CNVD", "id": "CNVD-2024-31238" }, { "date": "2024-07-09T12:15:11.263000", "db": "NVD", "id": "CVE-2023-52891" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-07-10T00:00:00", "db": "CNVD", "id": "CNVD-2024-31238" }, { "date": "2024-07-09T18:19:14.047000", "db": "NVD", "id": "CVE-2023-52891" } ] }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens Industrial Products OPC UA Server Denial of Service Vulnerability", "sources": [ { "db": "CNVD", "id": "CNVD-2024-31238" } ], "trust": 0.6 } }
var-202409-0270
Vulnerability from variot
A vulnerability has been identified in SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-1 (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-7 LTE (All versions < V3.5.20), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions < V3.5.20), SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions), SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions), SIMATIC WinCC Runtime Advanced (All versions), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions < V2.4.8), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions < V2.4.8). The web server of the affected devices do not properly handle certain errors when using the Expect HTTP request header, resulting in NULL dereference.
This could allow a remote attacker with no privileges to cause a denial of service condition in the system. SIMATIC CP 1242 and CP 1243 related processors connect SIMATIC S7-1200 controllers to wide area networks (WANs). They offer integrated security features such as firewalls, virtual private networks (VPNs) and support for other data encryption protocols. SIMATIC HMI Panels are used for operator control and monitoring of machines and plants. SIMATIC IPC DiagBase diagnostics software allows early identification of any potential faults on SIMATIC industrial computers and helps to avoid or reduce system downtime. SIMATIC IPC DiagMonitor monitors, reports, visualizes and logs the system status of SIMATIC IPCs. It communicates with other systems and reacts when events occur. Communication processor (CP) modules SIMATIC TIM 3V-IE and TIM 4R-IE are designed to enable Ethernet or telecontrol communication for SIMATIC S7-300/S7-400 CPUs. SIMATIC WinCC Runtime Advanced is a visualization runtime platform for operator control and monitoring of machines and plants. SIPLUS extreme products are designed for reliable operation under extreme conditions and are based on SIMATIC, LOGO!, SITOP, SINAMICS, SIMOTION, SCALANCE or other devices. SIPLUS devices use the same firmware as the products they are based on.
Siemens Industrial products have a null pointer dereference vulnerability
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202409-0270", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "simatic ipc diagmonitor", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic wincc runtime advanced", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic ipc diagbase", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "siplus tim irc", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1531\u003cv2.4.8" }, { "model": "tim irc", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1531\u003cv2.4.8" }, { "model": "simatic cp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1242-7v2\u003cv3.5.20" }, { "model": "simatic cp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-1\u003cv3.5.20" }, { "model": "simatic cp dnp3", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-1\u003cv3.5.20" }, { "model": "simatic cp iec", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-1\u003cv3.5.20" }, { "model": "simatic cp lte", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-7\u003cv3.5.20" }, { "model": "simatic cp irc", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-8\u003cv3.5.20" }, { "model": "simatic hmi comfort panels", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-38015" } ] }, "cve": "CVE-2023-30756", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "NONE", "baseScore": 5.4, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 4.9, "id": "CNVD-2024-38015", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "productcert@siemens.com", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 2.2, "id": "CVE-2023-30756", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } ], "severity": [ { "author": "productcert@siemens.com", "id": "CVE-2023-30756", "trust": 1.0, "value": "High" }, { "author": "CNVD", "id": "CNVD-2024-38015", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-38015" }, { "db": "NVD", "id": "CVE-2023-30756" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) (All versions \u003c V3.5.20), SIMATIC CP 1243-1 (incl. SIPLUS variants) (All versions \u003c V3.5.20), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions \u003c V3.5.20), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions \u003c V3.5.20), SIMATIC CP 1243-7 LTE (All versions \u003c V3.5.20), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions \u003c V3.5.20), SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions), SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions), SIMATIC WinCC Runtime Advanced (All versions), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions \u003c V2.4.8), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions \u003c V2.4.8). The web server of the affected devices do not properly handle certain errors when using the Expect HTTP request header, resulting in NULL dereference. \r\n\r\nThis could allow a remote attacker with no privileges to cause a denial of service condition in the system. SIMATIC CP 1242 and CP 1243 related processors connect SIMATIC S7-1200 controllers to wide area networks (WANs). They offer integrated security features such as firewalls, virtual private networks (VPNs) and support for other data encryption protocols. SIMATIC HMI Panels are used for operator control and monitoring of machines and plants. SIMATIC IPC DiagBase diagnostics software allows early identification of any potential faults on SIMATIC industrial computers and helps to avoid or reduce system downtime. SIMATIC IPC DiagMonitor monitors, reports, visualizes and logs the system status of SIMATIC IPCs. It communicates with other systems and reacts when events occur. Communication processor (CP) modules SIMATIC TIM 3V-IE and TIM 4R-IE are designed to enable Ethernet or telecontrol communication for SIMATIC S7-300/S7-400 CPUs. SIMATIC WinCC Runtime Advanced is a visualization runtime platform for operator control and monitoring of machines and plants. SIPLUS extreme products are designed for reliable operation under extreme conditions and are based on SIMATIC, LOGO!, SITOP, SINAMICS, SIMOTION, SCALANCE or other devices. SIPLUS devices use the same firmware as the products they are based on. \n\nSiemens Industrial products have a null pointer dereference vulnerability", "sources": [ { "db": "NVD", "id": "CVE-2023-30756" }, { "db": "CNVD", "id": "CNVD-2024-38015" } ], "trust": 1.44 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "SIEMENS", "id": "SSA-423808", "trust": 1.6 }, { "db": "NVD", "id": "CVE-2023-30756", "trust": 1.6 }, { "db": "CNVD", "id": "CNVD-2024-38015", "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-38015" }, { "db": "NVD", "id": "CVE-2023-30756" } ] }, "id": "VAR-202409-0270", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2024-38015" } ], "trust": 1.364781105 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-38015" } ] }, "last_update_date": "2024-09-13T23:28:46.292000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Patch for Siemens Industrial Products Null Pointer Dereference Vulnerability (CNVD-2024-38015)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/590311" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-38015" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-476", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2023-30756" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "https://cert-portal.siemens.com/productcert/html/ssa-423808.html" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-38015" }, { "db": "NVD", "id": "CVE-2023-30756" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2024-38015" }, { "db": "NVD", "id": "CVE-2023-30756" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-09-12T00:00:00", "db": "CNVD", "id": "CNVD-2024-38015" }, { "date": "2024-09-10T10:15:06.197000", "db": "NVD", "id": "CVE-2023-30756" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-09-12T00:00:00", "db": "CNVD", "id": "CNVD-2024-38015" }, { "date": "2024-09-10T12:09:50.377000", "db": "NVD", "id": "CVE-2023-30756" } ] }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens Industrial Products Null Pointer Dereference Vulnerability (CNVD-2024-38015)", "sources": [ { "db": "CNVD", "id": "CNVD-2024-38015" } ], "trust": 0.6 } }
cve-2023-30755
Vulnerability from cvelistv5
5.9 (Medium) - CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) |
Version: 0 < V3.5.20 |
||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2023-30755", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T15:10:26.969445Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-10T15:10:35.515Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "SIMATIC CP 1242-7 V2 (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "lessThan": "V3.5.20", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1243-1 (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "lessThan": "V3.5.20", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "lessThan": "V3.5.20", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1243-1 IEC (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "lessThan": "V3.5.20", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1243-7 LTE", "vendor": "Siemens", "versions": [ { "lessThan": "V3.5.20", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1243-8 IRC", "vendor": "Siemens", "versions": [ { "lessThan": "V3.5.20", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC HMI Comfort Panels (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC IPC DiagBase", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC IPC DiagMonitor", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC WinCC Runtime Advanced", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS TIM 1531 IRC", "vendor": "Siemens", "versions": [ { "lessThan": "V2.4.8", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "TIM 1531 IRC", "vendor": "Siemens", "versions": [ { "lessThan": "V2.4.8", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) (All versions \u003c V3.5.20), SIMATIC CP 1243-1 (incl. SIPLUS variants) (All versions \u003c V3.5.20), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions \u003c V3.5.20), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions \u003c V3.5.20), SIMATIC CP 1243-7 LTE (All versions \u003c V3.5.20), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions \u003c V3.5.20), SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions), SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions), SIMATIC WinCC Runtime Advanced (All versions), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions \u003c V2.4.8), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions \u003c V2.4.8). The web server of the affected devices do not properly handle the shutdown or reboot request, which could lead to the clean up of certain resources. \r\n\r\nThis could allow a remote attacker with elevated privileges to cause a denial of service condition in the system." } ], "metrics": [ { "cvssV3_1": { "baseScore": 4.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C", "version": "3.1" } }, { "cvssV4_0": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "version": "4.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-476", "description": "CWE-476: NULL Pointer Dereference", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-10T09:33:39.215Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/html/ssa-423808.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-30755", "datePublished": "2024-09-10T09:33:39.215Z", "dateReserved": "2023-04-14T11:16:56.497Z", "dateUpdated": "2024-09-10T15:10:35.515Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-52891
Vulnerability from cvelistv5
Vendor | Product | Version | |||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | SIMATIC Energy Manager Basic |
Version: 0 < V7.5 |
||||||||||||||||||||
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:siemens:simatic_energy_manager_basic:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "simatic_energy_manager_basic", "vendor": "siemens", "versions": [ { "lessThan": "V7.5", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:siemens:simatic_energy_manager_pro:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "simatic_energy_manager_pro", "vendor": "siemens", "versions": [ { "lessThan": "V7.5", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:simatic_ipc_diagbase:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "simatic_ipc_diagbase", "vendor": "siemens", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:simatic_ipc_diagmonitor:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "simatic_ipc_diagmonitor", "vendor": "siemens", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:siemens:simit_v10:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "simit_v10", "vendor": "siemens", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:siemens:simit_v11:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "simit_v11", "vendor": "siemens", "versions": [ { "lessThan": "V11.1", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-52891", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-09T13:26:14.481281Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-09T13:41:12.246Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T23:18:41.378Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-088132.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "SIMATIC Energy Manager Basic", "vendor": "Siemens", "versions": [ { "lessThan": "V7.5", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Energy Manager PRO", "vendor": "Siemens", "versions": [ { "lessThan": "V7.5", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC IPC DiagBase", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC IPC DiagMonitor", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMIT V10", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMIT V11", "vendor": "Siemens", "versions": [ { "lessThan": "V11.1", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions \u003c V7.5), SIMATIC Energy Manager PRO (All versions \u003c V7.5), SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions), SIMIT V10 (All versions), SIMIT V11 (All versions \u003c V11.1). Unified Automation .NET based OPC UA Server SDK before 3.2.2 used in Siemens products are affected by a similar vulnerability as documented in CVE-2023-27321 for the OPC Foundation UA .NET Standard implementation. A successful attack may lead to high load situation and memory exhaustion, and may block the server." } ], "metrics": [ { "cvssV3_1": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-1325", "description": "CWE-1325: Improperly Controlled Sequential Memory Allocation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-09T12:04:42.619Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/html/ssa-088132.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-52891", "datePublished": "2024-07-09T12:04:42.619Z", "dateReserved": "2024-06-21T15:06:40.772Z", "dateUpdated": "2024-08-02T23:18:41.378Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-30756
Vulnerability from cvelistv5
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) |
Version: 0 < V3.5.20 |
||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2023-30756", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T15:09:52.396615Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-10T15:10:00.273Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "SIMATIC CP 1242-7 V2 (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "lessThan": "V3.5.20", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1243-1 (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "lessThan": "V3.5.20", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "lessThan": "V3.5.20", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1243-1 IEC (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "lessThan": "V3.5.20", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1243-7 LTE", "vendor": "Siemens", "versions": [ { "lessThan": "V3.5.20", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1243-8 IRC", "vendor": "Siemens", "versions": [ { "lessThan": "V3.5.20", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC HMI Comfort Panels (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC IPC DiagBase", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC IPC DiagMonitor", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC WinCC Runtime Advanced", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS TIM 1531 IRC", "vendor": "Siemens", "versions": [ { "lessThan": "V2.4.8", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "TIM 1531 IRC", "vendor": "Siemens", "versions": [ { "lessThan": "V2.4.8", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) (All versions \u003c V3.5.20), SIMATIC CP 1243-1 (incl. SIPLUS variants) (All versions \u003c V3.5.20), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions \u003c V3.5.20), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions \u003c V3.5.20), SIMATIC CP 1243-7 LTE (All versions \u003c V3.5.20), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions \u003c V3.5.20), SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions), SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions), SIMATIC WinCC Runtime Advanced (All versions), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions \u003c V2.4.8), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions \u003c V2.4.8). The web server of the affected devices do not properly handle certain errors when using the Expect HTTP request header, resulting in NULL dereference.\r\n\r\nThis could allow a remote attacker with no privileges to cause a denial of service condition in the system." } ], "metrics": [ { "cvssV3_1": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", "version": "3.1" } }, { "cvssV4_0": { "baseScore": 8.2, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "version": "4.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-476", "description": "CWE-476: NULL Pointer Dereference", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-10T09:33:40.640Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/html/ssa-423808.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-30756", "datePublished": "2024-09-10T09:33:40.640Z", "dateReserved": "2023-04-14T11:16:56.497Z", "dateUpdated": "2024-09-10T15:10:00.273Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-28827
Vulnerability from cvelistv5
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) |
Version: 0 < V3.5.20 |
||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2023-28827", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T15:10:54.020229Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-10T15:11:03.085Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "SIMATIC CP 1242-7 V2 (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "lessThan": "V3.5.20", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1243-1 (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "lessThan": "V3.5.20", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "lessThan": "V3.5.20", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1243-1 IEC (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "lessThan": "V3.5.20", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1243-7 LTE", "vendor": "Siemens", "versions": [ { "lessThan": "V3.5.20", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1243-8 IRC", "vendor": "Siemens", "versions": [ { "lessThan": "V3.5.20", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC HMI Comfort Panels (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC IPC DiagBase", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC IPC DiagMonitor", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC WinCC Runtime Advanced", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS TIM 1531 IRC", "vendor": "Siemens", "versions": [ { "lessThan": "V2.4.8", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "TIM 1531 IRC", "vendor": "Siemens", "versions": [ { "lessThan": "V2.4.8", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) (All versions \u003c V3.5.20), SIMATIC CP 1243-1 (incl. SIPLUS variants) (All versions \u003c V3.5.20), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions \u003c V3.5.20), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions \u003c V3.5.20), SIMATIC CP 1243-7 LTE (All versions \u003c V3.5.20), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions \u003c V3.5.20), SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions), SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions), SIMATIC WinCC Runtime Advanced (All versions), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions \u003c V2.4.8), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions \u003c V2.4.8). The web server of the affected devices do not properly handle certain requests, causing a timeout in the watchdog, which could lead to the clean up of pointers. \r\n\r\nThis could allow a remote attacker to cause a denial of service condition in the system." } ], "metrics": [ { "cvssV3_1": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", "version": "3.1" } }, { "cvssV4_0": { "baseScore": 8.2, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "version": "4.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-476", "description": "CWE-476: NULL Pointer Dereference", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-10T09:33:37.794Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/html/ssa-423808.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-28827", "datePublished": "2024-09-10T09:33:37.794Z", "dateReserved": "2023-03-24T15:17:29.557Z", "dateUpdated": "2024-09-10T15:11:03.085Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }