All the vulnerabilites related to Siemens - Soft Starter ES V16
cve-2020-7587
Vulnerability from cvelistv5
Published
2020-07-14 13:18
Modified
2024-08-04 09:33
Severity ?
Summary
A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions < V3.3), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC IT LMS (All versions < V2.6), SIMATIC IT Production Suite (All versions < V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMOCODE ES V15.1 (All versions < V15.1 Update 4), SIMOCODE ES V16 (All versions < V16 Update 1), Soft Starter ES V15.1 (All versions < V15.1 Update 3), Soft Starter ES V16 (All versions < V16 Update 1). Sending multiple specially crafted packets to the affected service could cause a partial remote denial-of-service, that would cause the service to restart itself. On some cases the vulnerability could leak random information from the remote service.
Impacted products
Vendor Product Version
Siemens Opcenter Execution Foundation Version: All versions < V3.2
Siemens Opcenter Execution Process Version: All versions < V3.2
Siemens Opcenter Intelligence Version: All versions < V3.3
Siemens Opcenter Quality Version: All versions < V11.3
Siemens Opcenter RD&L Version: V8.0
Siemens SIMATIC IT LMS Version: All versions < V2.6
Siemens SIMATIC IT Production Suite Version: All versions < V8.0
Siemens SIMATIC Notifier Server for Windows Version: All versions
Siemens SIMATIC PCS neo Version: All versions < V3.0 SP1
Siemens SIMATIC STEP 7 (TIA Portal) V15 Version: All versions < V15.1 Update 5
Siemens SIMATIC STEP 7 (TIA Portal) V16 Version: All versions < V16 Update 2
Siemens SIMOCODE ES V15.1 Version: All versions < V15.1 Update 4
Siemens SIMOCODE ES V16 Version: All versions < V16 Update 1
Siemens Soft Starter ES V15.1 Version: All versions < V15.1 Update 3
Siemens Soft Starter ES V16 Version: All versions < V16 Update 1
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T09:33:19.877Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Opcenter Execution Discrete",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2"
            }
          ]
        },
        {
          "product": "Opcenter Execution Foundation",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2"
            }
          ]
        },
        {
          "product": "Opcenter Execution Process",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2"
            }
          ]
        },
        {
          "product": "Opcenter Intelligence",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.3"
            }
          ]
        },
        {
          "product": "Opcenter Quality",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V11.3"
            }
          ]
        },
        {
          "product": "Opcenter RD\u0026L",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "V8.0"
            }
          ]
        },
        {
          "product": "SIMATIC IT LMS",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.6"
            }
          ]
        },
        {
          "product": "SIMATIC IT Production Suite",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V8.0"
            }
          ]
        },
        {
          "product": "SIMATIC Notifier Server for Windows",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "product": "SIMATIC PCS neo",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.0 SP1"
            }
          ]
        },
        {
          "product": "SIMATIC STEP 7 (TIA Portal) V15",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V15.1 Update 5"
            }
          ]
        },
        {
          "product": "SIMATIC STEP 7 (TIA Portal) V16",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V16 Update 2"
            }
          ]
        },
        {
          "product": "SIMOCODE ES V15.1",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V15.1 Update 4"
            }
          ]
        },
        {
          "product": "SIMOCODE ES V16",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V16 Update 1"
            }
          ]
        },
        {
          "product": "Soft Starter ES V15.1",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V15.1 Update 3"
            }
          ]
        },
        {
          "product": "Soft Starter ES V16",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V16 Update 1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in Opcenter Execution Discrete (All versions \u003c V3.2), Opcenter Execution Foundation (All versions \u003c V3.2), Opcenter Execution Process (All versions \u003c V3.2), Opcenter Intelligence (All versions \u003c V3.3), Opcenter Quality (All versions \u003c V11.3), Opcenter RD\u0026L (V8.0), SIMATIC IT LMS (All versions \u003c V2.6), SIMATIC IT Production Suite (All versions \u003c V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions \u003c V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions \u003c V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions \u003c V16 Update 2), SIMOCODE ES V15.1 (All versions \u003c V15.1 Update 4), SIMOCODE ES V16 (All versions \u003c V16 Update 1), Soft Starter ES V15.1 (All versions \u003c V15.1 Update 3), Soft Starter ES V16 (All versions \u003c V16 Update 1). Sending multiple specially crafted packets to the affected service could cause a partial remote denial-of-service, that would cause the service to restart itself. On some cases the vulnerability could leak random information from the remote service."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400: Uncontrolled Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-10T11:16:51",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "productcert@siemens.com",
          "ID": "CVE-2020-7587",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Opcenter Execution Discrete",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V3.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Opcenter Execution Foundation",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V3.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Opcenter Execution Process",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V3.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Opcenter Intelligence",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V3.3"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Opcenter Quality",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V11.3"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Opcenter RD\u0026L",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "V8.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC IT LMS",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V2.6"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC IT Production Suite",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V8.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC Notifier Server for Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC PCS neo",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V3.0 SP1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC STEP 7 (TIA Portal) V15",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V15.1 Update 5"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC STEP 7 (TIA Portal) V16",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V16 Update 2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMOCODE ES V15.1",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V15.1 Update 4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMOCODE ES V16",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V16 Update 1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Soft Starter ES V15.1",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V15.1 Update 3"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Soft Starter ES V16",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V16 Update 1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Siemens"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability has been identified in Opcenter Execution Discrete (All versions \u003c V3.2), Opcenter Execution Foundation (All versions \u003c V3.2), Opcenter Execution Process (All versions \u003c V3.2), Opcenter Intelligence (All versions \u003c V3.3), Opcenter Quality (All versions \u003c V11.3), Opcenter RD\u0026L (V8.0), SIMATIC IT LMS (All versions \u003c V2.6), SIMATIC IT Production Suite (All versions \u003c V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions \u003c V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions \u003c V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions \u003c V16 Update 2), SIMOCODE ES V15.1 (All versions \u003c V15.1 Update 4), SIMOCODE ES V16 (All versions \u003c V16 Update 1), Soft Starter ES V15.1 (All versions \u003c V15.1 Update 3), Soft Starter ES V16 (All versions \u003c V16 Update 1). Sending multiple specially crafted packets to the affected service could cause a partial remote denial-of-service, that would cause the service to restart itself. On some cases the vulnerability could leak random information from the remote service."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-400: Uncontrolled Resource Consumption"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf",
              "refsource": "MISC",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2020-7587",
    "datePublished": "2020-07-14T13:18:05",
    "dateReserved": "2020-01-21T00:00:00",
    "dateUpdated": "2024-08-04T09:33:19.877Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-7588
Vulnerability from cvelistv5
Published
2020-07-14 13:18
Modified
2024-08-04 09:33
Severity ?
Summary
A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions < V3.3), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC IT LMS (All versions < V2.6), SIMATIC IT Production Suite (All versions < V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMOCODE ES V15.1 (All versions < V15.1 Update 4), SIMOCODE ES V16 (All versions < V16 Update 1), Soft Starter ES V15.1 (All versions < V15.1 Update 3), Soft Starter ES V16 (All versions < V16 Update 1). Sending a specially crafted packet to the affected service could cause a partial remote denial-of-service, that would cause the service to restart itself.
Impacted products
Vendor Product Version
Siemens Opcenter Execution Foundation Version: All versions < V3.2
Siemens Opcenter Execution Process Version: All versions < V3.2
Siemens Opcenter Intelligence Version: All versions < V3.3
Siemens Opcenter Quality Version: All versions < V11.3
Siemens Opcenter RD&L Version: V8.0
Siemens SIMATIC IT LMS Version: All versions < V2.6
Siemens SIMATIC IT Production Suite Version: All versions < V8.0
Siemens SIMATIC Notifier Server for Windows Version: All versions
Siemens SIMATIC PCS neo Version: All versions < V3.0 SP1
Siemens SIMATIC STEP 7 (TIA Portal) V15 Version: All versions < V15.1 Update 5
Siemens SIMATIC STEP 7 (TIA Portal) V16 Version: All versions < V16 Update 2
Siemens SIMOCODE ES V15.1 Version: All versions < V15.1 Update 4
Siemens SIMOCODE ES V16 Version: All versions < V16 Update 1
Siemens Soft Starter ES V15.1 Version: All versions < V15.1 Update 3
Siemens Soft Starter ES V16 Version: All versions < V16 Update 1
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T09:33:19.850Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Opcenter Execution Discrete",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2"
            }
          ]
        },
        {
          "product": "Opcenter Execution Foundation",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2"
            }
          ]
        },
        {
          "product": "Opcenter Execution Process",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2"
            }
          ]
        },
        {
          "product": "Opcenter Intelligence",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.3"
            }
          ]
        },
        {
          "product": "Opcenter Quality",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V11.3"
            }
          ]
        },
        {
          "product": "Opcenter RD\u0026L",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "V8.0"
            }
          ]
        },
        {
          "product": "SIMATIC IT LMS",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.6"
            }
          ]
        },
        {
          "product": "SIMATIC IT Production Suite",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V8.0"
            }
          ]
        },
        {
          "product": "SIMATIC Notifier Server for Windows",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "product": "SIMATIC PCS neo",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.0 SP1"
            }
          ]
        },
        {
          "product": "SIMATIC STEP 7 (TIA Portal) V15",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V15.1 Update 5"
            }
          ]
        },
        {
          "product": "SIMATIC STEP 7 (TIA Portal) V16",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V16 Update 2"
            }
          ]
        },
        {
          "product": "SIMOCODE ES V15.1",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V15.1 Update 4"
            }
          ]
        },
        {
          "product": "SIMOCODE ES V16",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V16 Update 1"
            }
          ]
        },
        {
          "product": "Soft Starter ES V15.1",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V15.1 Update 3"
            }
          ]
        },
        {
          "product": "Soft Starter ES V16",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V16 Update 1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in Opcenter Execution Discrete (All versions \u003c V3.2), Opcenter Execution Foundation (All versions \u003c V3.2), Opcenter Execution Process (All versions \u003c V3.2), Opcenter Intelligence (All versions \u003c V3.3), Opcenter Quality (All versions \u003c V11.3), Opcenter RD\u0026L (V8.0), SIMATIC IT LMS (All versions \u003c V2.6), SIMATIC IT Production Suite (All versions \u003c V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions \u003c V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions \u003c V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions \u003c V16 Update 2), SIMOCODE ES V15.1 (All versions \u003c V15.1 Update 4), SIMOCODE ES V16 (All versions \u003c V16 Update 1), Soft Starter ES V15.1 (All versions \u003c V15.1 Update 3), Soft Starter ES V16 (All versions \u003c V16 Update 1). Sending a specially crafted packet to the affected service could cause a partial remote denial-of-service, that would cause the service to restart itself."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20: Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-10T11:16:56",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "productcert@siemens.com",
          "ID": "CVE-2020-7588",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Opcenter Execution Discrete",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V3.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Opcenter Execution Foundation",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V3.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Opcenter Execution Process",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V3.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Opcenter Intelligence",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V3.3"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Opcenter Quality",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V11.3"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Opcenter RD\u0026L",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "V8.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC IT LMS",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V2.6"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC IT Production Suite",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V8.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC Notifier Server for Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC PCS neo",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V3.0 SP1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC STEP 7 (TIA Portal) V15",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V15.1 Update 5"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC STEP 7 (TIA Portal) V16",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V16 Update 2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMOCODE ES V15.1",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V15.1 Update 4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMOCODE ES V16",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V16 Update 1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Soft Starter ES V15.1",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V15.1 Update 3"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Soft Starter ES V16",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V16 Update 1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Siemens"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability has been identified in Opcenter Execution Discrete (All versions \u003c V3.2), Opcenter Execution Foundation (All versions \u003c V3.2), Opcenter Execution Process (All versions \u003c V3.2), Opcenter Intelligence (All versions \u003c V3.3), Opcenter Quality (All versions \u003c V11.3), Opcenter RD\u0026L (V8.0), SIMATIC IT LMS (All versions \u003c V2.6), SIMATIC IT Production Suite (All versions \u003c V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions \u003c V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions \u003c V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions \u003c V16 Update 2), SIMOCODE ES V15.1 (All versions \u003c V15.1 Update 4), SIMOCODE ES V16 (All versions \u003c V16 Update 1), Soft Starter ES V15.1 (All versions \u003c V15.1 Update 3), Soft Starter ES V16 (All versions \u003c V16 Update 1). Sending a specially crafted packet to the affected service could cause a partial remote denial-of-service, that would cause the service to restart itself."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-20: Improper Input Validation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf",
              "refsource": "MISC",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2020-7588",
    "datePublished": "2020-07-14T13:18:05",
    "dateReserved": "2020-01-21T00:00:00",
    "dateUpdated": "2024-08-04T09:33:19.850Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-7581
Vulnerability from cvelistv5
Published
2020-07-14 13:18
Modified
2024-08-04 09:33
Severity ?
Summary
A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions < V3.3), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMOCODE ES V15.1 (All versions < V15.1 Update 4), SIMOCODE ES V16 (All versions < V16 Update 1), Soft Starter ES V15.1 (All versions < V15.1 Update 3), Soft Starter ES V16 (All versions < V16 Update 1). A component within the affected application calls a helper binary with SYSTEM privileges during startup while the call path is not quoted. This could allow a local attacker with administrative privileges to execute code with SYSTEM level privileges.
Impacted products
Vendor Product Version
Siemens Opcenter Execution Foundation Version: All versions < V3.2
Siemens Opcenter Execution Process Version: All versions < V3.2
Siemens Opcenter Intelligence Version: All versions < V3.3
Siemens Opcenter Quality Version: All versions < V11.3
Siemens Opcenter RD&L Version: V8.0
Siemens SIMATIC Notifier Server for Windows Version: All versions
Siemens SIMATIC PCS neo Version: All versions < V3.0 SP1
Siemens SIMATIC STEP 7 (TIA Portal) V15 Version: All versions < V15.1 Update 5
Siemens SIMATIC STEP 7 (TIA Portal) V16 Version: All versions < V16 Update 2
Siemens SIMOCODE ES V15.1 Version: All versions < V15.1 Update 4
Siemens SIMOCODE ES V16 Version: All versions < V16 Update 1
Siemens Soft Starter ES V15.1 Version: All versions < V15.1 Update 3
Siemens Soft Starter ES V16 Version: All versions < V16 Update 1
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T09:33:19.617Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Opcenter Execution Discrete",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2"
            }
          ]
        },
        {
          "product": "Opcenter Execution Foundation",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2"
            }
          ]
        },
        {
          "product": "Opcenter Execution Process",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2"
            }
          ]
        },
        {
          "product": "Opcenter Intelligence",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.3"
            }
          ]
        },
        {
          "product": "Opcenter Quality",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V11.3"
            }
          ]
        },
        {
          "product": "Opcenter RD\u0026L",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "V8.0"
            }
          ]
        },
        {
          "product": "SIMATIC Notifier Server for Windows",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "product": "SIMATIC PCS neo",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.0 SP1"
            }
          ]
        },
        {
          "product": "SIMATIC STEP 7 (TIA Portal) V15",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V15.1 Update 5"
            }
          ]
        },
        {
          "product": "SIMATIC STEP 7 (TIA Portal) V16",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V16 Update 2"
            }
          ]
        },
        {
          "product": "SIMOCODE ES V15.1",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V15.1 Update 4"
            }
          ]
        },
        {
          "product": "SIMOCODE ES V16",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V16 Update 1"
            }
          ]
        },
        {
          "product": "Soft Starter ES V15.1",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V15.1 Update 3"
            }
          ]
        },
        {
          "product": "Soft Starter ES V16",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V16 Update 1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in Opcenter Execution Discrete (All versions \u003c V3.2), Opcenter Execution Foundation (All versions \u003c V3.2), Opcenter Execution Process (All versions \u003c V3.2), Opcenter Intelligence (All versions \u003c V3.3), Opcenter Quality (All versions \u003c V11.3), Opcenter RD\u0026L (V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions \u003c V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions \u003c V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions \u003c V16 Update 2), SIMOCODE ES V15.1 (All versions \u003c V15.1 Update 4), SIMOCODE ES V16 (All versions \u003c V16 Update 1), Soft Starter ES V15.1 (All versions \u003c V15.1 Update 3), Soft Starter ES V16 (All versions \u003c V16 Update 1). A component within the affected application calls a helper binary with SYSTEM privileges during startup while the call path is not quoted. This could allow a local attacker with administrative privileges to execute code with SYSTEM level privileges."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-428",
              "description": "CWE-428: Unquoted Search Path or Element",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-10T11:16:47",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "productcert@siemens.com",
          "ID": "CVE-2020-7581",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Opcenter Execution Discrete",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V3.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Opcenter Execution Foundation",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V3.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Opcenter Execution Process",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V3.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Opcenter Intelligence",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V3.3"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Opcenter Quality",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V11.3"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Opcenter RD\u0026L",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "V8.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC Notifier Server for Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC PCS neo",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V3.0 SP1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC STEP 7 (TIA Portal) V15",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V15.1 Update 5"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC STEP 7 (TIA Portal) V16",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V16 Update 2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMOCODE ES V15.1",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V15.1 Update 4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMOCODE ES V16",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V16 Update 1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Soft Starter ES V15.1",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V15.1 Update 3"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Soft Starter ES V16",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V16 Update 1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Siemens"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability has been identified in Opcenter Execution Discrete (All versions \u003c V3.2), Opcenter Execution Foundation (All versions \u003c V3.2), Opcenter Execution Process (All versions \u003c V3.2), Opcenter Intelligence (All versions \u003c V3.3), Opcenter Quality (All versions \u003c V11.3), Opcenter RD\u0026L (V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions \u003c V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions \u003c V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions \u003c V16 Update 2), SIMOCODE ES V15.1 (All versions \u003c V15.1 Update 4), SIMOCODE ES V16 (All versions \u003c V16 Update 1), Soft Starter ES V15.1 (All versions \u003c V15.1 Update 3), Soft Starter ES V16 (All versions \u003c V16 Update 1). A component within the affected application calls a helper binary with SYSTEM privileges during startup while the call path is not quoted. This could allow a local attacker with administrative privileges to execute code with SYSTEM level privileges."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-428: Unquoted Search Path or Element"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf",
              "refsource": "MISC",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2020-7581",
    "datePublished": "2020-07-14T13:18:05",
    "dateReserved": "2020-01-21T00:00:00",
    "dateUpdated": "2024-08-04T09:33:19.617Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-32735
Vulnerability from cvelistv5
Published
2024-07-09 12:04
Modified
2024-08-02 15:25
Summary
A vulnerability has been identified in SIMATIC STEP 7 Safety V16 (All versions < V16 Update 7), SIMATIC STEP 7 Safety V17 (All versions < V17 Update 7), SIMATIC STEP 7 Safety V18 (All versions < V18 Update 2), SIMATIC STEP 7 V16 (All versions < V16 Update 7), SIMATIC STEP 7 V17 (All versions < V17 Update 7), SIMATIC STEP 7 V18 (All versions < V18 Update 2), SIMATIC WinCC Unified V16 (All versions < V16 Update 7), SIMATIC WinCC Unified V17 (All versions < V17 Update 7), SIMATIC WinCC Unified V18 (All versions < V18 Update 2), SIMATIC WinCC V16 (All versions < V16.7), SIMATIC WinCC V17 (All versions < V17.7), SIMATIC WinCC V18 (All versions < V18 Update 2), SIMOCODE ES V16 (All versions < V16 Update 7), SIMOCODE ES V17 (All versions < V17 Update 7), SIMOCODE ES V18 (All versions < V18 Update 2), SIMOTION SCOUT TIA V5.4 SP1 (All versions), SIMOTION SCOUT TIA V5.4 SP3 (All versions), SIMOTION SCOUT TIA V5.5 SP1 (All versions), SINAMICS Startdrive V16 (All versions), SINAMICS Startdrive V17 (All versions), SINAMICS Startdrive V18 (All versions), SIRIUS Safety ES V17 (All versions < V17 Update 7), SIRIUS Safety ES V18 (All versions < V18 Update 2), SIRIUS Soft Starter ES V17 (All versions < V17 Update 7), SIRIUS Soft Starter ES V18 (All versions < V18 Update 2), Soft Starter ES V16 (All versions < V16 Update 7), TIA Portal Cloud V3.0 (All versions < V18 Update 2). Affected applications do not properly restrict the .NET BinaryFormatter when deserializing hardware configuration profiles. This could allow an attacker to cause a type confusion and execute arbitrary code within the affected application. This is the same issue that exists for .NET BinaryFormatter https://docs.microsoft.com/en-us/visualstudio/code-quality/ca2300.
Impacted products
Vendor Product Version
Siemens SIMATIC STEP 7 Safety V17 Version: 0   < V17 Update 7
Siemens SIMATIC STEP 7 Safety V18 Version: 0   < V18 Update 2
Siemens SIMATIC STEP 7 V16 Version: 0   < V16 Update 7
Siemens SIMATIC STEP 7 V17 Version: 0   < V17 Update 7
Siemens SIMATIC STEP 7 V18 Version: 0   < V18 Update 2
Siemens SIMATIC WinCC Unified V16 Version: 0   < V16 Update 7
Siemens SIMATIC WinCC Unified V17 Version: 0   < V17 Update 7
Siemens SIMATIC WinCC Unified V18 Version: 0   < V18 Update 2
Siemens SIMATIC WinCC V16 Version: 0   < V16.7
Siemens SIMATIC WinCC V17 Version: 0   < V17.7
Siemens SIMATIC WinCC V18 Version: 0   < V18 Update 2
Siemens SIMOCODE ES V16 Version: 0   < V16 Update 7
Siemens SIMOCODE ES V17 Version: 0   < V17 Update 7
Siemens SIMOCODE ES V18 Version: 0   < V18 Update 2
Siemens SIMOTION SCOUT TIA V5.4 SP1 Version: 0   < *
Siemens SIMOTION SCOUT TIA V5.4 SP3 Version: 0   < *
Siemens SIMOTION SCOUT TIA V5.5 SP1 Version: 0   < *
Siemens SINAMICS Startdrive V16 Version: 0   < *
Siemens SINAMICS Startdrive V17 Version: 0   < *
Siemens SINAMICS Startdrive V18 Version: 0   < *
Siemens SIRIUS Safety ES V17 Version: 0   < V17 Update 7
Siemens SIRIUS Safety ES V18 Version: 0   < V18 Update 2
Siemens SIRIUS Soft Starter ES V17 Version: 0   < V17 Update 7
Siemens SIRIUS Soft Starter ES V18 Version: 0   < V18 Update 2
Siemens Soft Starter ES V16 Version: 0   < V16 Update 7
Siemens TIA Portal Cloud V3.0 Version: 0   < V18 Update 2
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:siemens:simatic_step_7_safety:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "simatic_step_7_safety",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "v16update7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "v17update7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "v18update2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:siemens:simatic_step_7:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "simatic_step_7",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "v16update7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "v17update7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "v18update2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:siemens:simatic_wincc_unified:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "simatic_wincc_unified",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "v16update7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "v17update7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "v18update2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:siemens:simatic_wincc:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "simatic_wincc",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "v17.7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "v18update2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:siemens:simocode_es:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "simocode_es",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "v16update7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "v17update7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "v18update2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:siemens:simotion_scout_tia:v5.4sp1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "simotion_scout_tia",
            "vendor": "siemens",
            "versions": [
              {
                "status": "affected",
                "version": "v5.4sp1"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:siemens:simotion_scout_tia:v5.4sp3:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "simotion_scout_tia",
            "vendor": "siemens",
            "versions": [
              {
                "status": "affected",
                "version": "v5.4sp3"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:siemens:simotion_scout_tia:v5.5sp1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "simotion_scout_tia",
            "vendor": "siemens",
            "versions": [
              {
                "status": "affected",
                "version": "v5.5sp1"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:siemens:sinamics_startdrive:v17:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "sinamics_startdrive",
            "vendor": "siemens",
            "versions": [
              {
                "status": "affected",
                "version": "v17"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:siemens:sinamics_startdrive:v18:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "sinamics_startdrive",
            "vendor": "siemens",
            "versions": [
              {
                "status": "affected",
                "version": "v18"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:siemens:sirius_safety_es:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "sirius_safety_es",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "v17update7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "v18update2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:siemens:sirius_soft_starter_es:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "sirius_soft_starter_es",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "v17update7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "v18update2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:siemens:soft_starter_es:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "soft_starter_es",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "v16update7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:siemens:tia_portal_cloud_v3.0:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "tia_portal_cloud_v3.0",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "v18update2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-32735",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-09T19:09:33.343230Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-10T21:03:01.011Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T15:25:36.815Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-779936.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC STEP 7 Safety V16",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V16 Update 7",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC STEP 7 Safety V17",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V17 Update 7",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC STEP 7 Safety V18",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V18 Update 2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC STEP 7 V16",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V16 Update 7",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC STEP 7 V17",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V17 Update 7",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC STEP 7 V18",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V18 Update 2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC WinCC Unified V16",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V16 Update 7",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC WinCC Unified V17",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V17 Update 7",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC WinCC Unified V18",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V18 Update 2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC WinCC V16",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V16.7",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC WinCC V17",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V17.7",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC WinCC V18",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V18 Update 2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMOCODE ES V16",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V16 Update 7",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMOCODE ES V17",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V17 Update 7",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMOCODE ES V18",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V18 Update 2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMOTION SCOUT TIA V5.4 SP1",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMOTION SCOUT TIA V5.4 SP3",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMOTION SCOUT TIA V5.5 SP1",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS Startdrive V16",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS Startdrive V17",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS Startdrive V18",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIRIUS Safety ES V17",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V17 Update 7",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIRIUS Safety ES V18",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V18 Update 2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIRIUS Soft Starter ES V17",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V17 Update 7",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIRIUS Soft Starter ES V18",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V18 Update 2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Soft Starter ES V16",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V16 Update 7",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "TIA Portal Cloud V3.0",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V18 Update 2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in SIMATIC STEP 7 Safety V16 (All versions \u003c V16 Update 7), SIMATIC STEP 7 Safety V17 (All versions \u003c V17 Update 7), SIMATIC STEP 7 Safety V18 (All versions \u003c V18 Update 2), SIMATIC STEP 7 V16 (All versions \u003c V16 Update 7), SIMATIC STEP 7 V17 (All versions \u003c V17 Update 7), SIMATIC STEP 7 V18 (All versions \u003c V18 Update 2), SIMATIC WinCC Unified V16 (All versions \u003c V16 Update 7), SIMATIC WinCC Unified V17 (All versions \u003c V17 Update 7), SIMATIC WinCC Unified V18 (All versions \u003c V18 Update 2), SIMATIC WinCC V16 (All versions \u003c V16.7), SIMATIC WinCC V17 (All versions \u003c V17.7), SIMATIC WinCC V18 (All versions \u003c V18 Update 2), SIMOCODE ES V16 (All versions \u003c V16 Update 7), SIMOCODE ES V17 (All versions \u003c V17 Update 7), SIMOCODE ES V18 (All versions \u003c V18 Update 2), SIMOTION SCOUT TIA V5.4 SP1 (All versions), SIMOTION SCOUT TIA V5.4 SP3 (All versions), SIMOTION SCOUT TIA V5.5 SP1 (All versions), SINAMICS Startdrive V16 (All versions), SINAMICS Startdrive V17 (All versions), SINAMICS Startdrive V18 (All versions), SIRIUS Safety ES V17 (All versions \u003c V17 Update 7), SIRIUS Safety ES V18 (All versions \u003c V18 Update 2), SIRIUS Soft Starter ES V17 (All versions \u003c V17 Update 7), SIRIUS Soft Starter ES V18 (All versions \u003c V18 Update 2), Soft Starter ES V16 (All versions \u003c V16 Update 7), TIA Portal Cloud V3.0 (All versions \u003c V18 Update 2). Affected applications do not properly restrict the .NET BinaryFormatter when deserializing hardware configuration profiles. This could allow an attacker to cause a type confusion and execute arbitrary code within the affected application.\r\n\r\nThis is the same issue that exists for .NET BinaryFormatter https://docs.microsoft.com/en-us/visualstudio/code-quality/ca2300."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        },
        {
          "cvssV4_0": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-502",
              "description": "CWE-502: Deserialization of Untrusted Data",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-09T12:04:26.871Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-779936.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2023-32735",
    "datePublished": "2024-07-09T12:04:26.871Z",
    "dateReserved": "2023-05-12T13:16:47.721Z",
    "dateUpdated": "2024-08-02T15:25:36.815Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}