cnvd - cnvd-2023-69811

cnvd-2023-69811

Vulnerability from cnvd

Title: Siemens Industrial产品WIBU系统CodeMeter堆缓冲区溢出漏洞

Description:

PSS(R)CAPE是一个输配电网保护仿真软件。PSS(R)E是一种用于输电运行和规划的电力系统仿真和分析工具。PSS(R)ODMS是一种基于CIM的网络模型管理工具，具有针对输电公用事业进行规划和运营规划的网络分析功能。SIMATIC PCS neo是一种分布式控制系统（DCS）。SIMATIC WinCC Open Architecture (OA) 是SIMATIC HMI系列的一部分。它被设计用于需要高度客户特定适应性的应用程序、大型或复杂的应用程序以及强加特定系统要求或功能的项目。SIMIT Simluation Platform允许模拟工厂设置，以便在早期规划阶段预测故障。SINEC INS (Infrastructure Network Services)是一个基于web的应用程序，它将各种网络服务组合在一个工具中。SINEMA Remote Connect是一个用于远程网络的管理平台，可以简单管理总部、服务技术人员和已安装机器或工厂之间的隧道连接（VPN）。

Siemens Industrial产品WIBU系统CodeMeter存在堆缓冲区溢出漏洞，该漏洞是由于未能正确的边界检查引起的。攻击者可利用该漏洞使缓冲区溢出并在系统上执行任意代码。

Severity: 高

Patch Name: Siemens Industrial产品WIBU系统CodeMeter堆缓冲区溢出漏洞的补丁

Patch Description:

Siemens Industrial产品WIBU系统CodeMeter存在堆缓冲区溢出漏洞，该漏洞是由于未能正确的边界检查引起的。攻击者可利用该漏洞使缓冲区溢出并在系统上执行任意代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

用户可参考如下供应商提供的安全公告获得补丁信息： https://cert-portal.siemens.com/productcert/html/ssa-240541.html

Reference: https://cert-portal.siemens.com/productcert/html/ssa-240541.html

Impacted products

Name
['Siemens SINEC INS', 'Siemens SIMIT Simulation Platform', 'SIEMENS SINEMA Remote Connect', 'Siemens SIMATIC WinCC OA V3.17', 'Siemens SIMATIC WinCC OA V3.18', 'Siemens PSS(R)CAPE V14 < V14.2023-08-23', 'Siemens PSS(R)CAPE V15 < V15.0.22', 'Siemens PSS(R)E V34 < V34.9.6', 'Siemens PSS(R)ODMS V13.0', 'Siemens PSS(R)ODMS V13.1 < V13.1.12.1', 'Siemens SIMATIC PCS neo V3', 'Siemens SIMATIC PCS neo V4', 'Siemens SIMATIC WinCC OA V3.19 < V3.19 P006', 'Siemens PSS(R)E V35']

Name

['Siemens SINEC INS', 'Siemens SIMIT Simulation Platform', 'SIEMENS SINEMA Remote Connect', 'Siemens SIMATIC WinCC OA V3.17', 'Siemens SIMATIC WinCC OA V3.18', 'Siemens PSS(R)CAPE V14 < V14.2023-08-23', 'Siemens PSS(R)CAPE V15 < V15.0.22', 'Siemens PSS(R)E V34 < V34.9.6', 'Siemens PSS(R)ODMS V13.0', 'Siemens PSS(R)ODMS V13.1 < V13.1.12.1', 'Siemens SIMATIC PCS neo V3', 'Siemens SIMATIC PCS neo V4', 'Siemens SIMATIC WinCC OA V3.19 < V3.19 P006', 'Siemens PSS(R)E V35']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2023-3935"
    }
  },
  "description": "PSS(R)CAPE\u662f\u4e00\u4e2a\u8f93\u914d\u7535\u7f51\u4fdd\u62a4\u4eff\u771f\u8f6f\u4ef6\u3002PSS(R)E\u662f\u4e00\u79cd\u7528\u4e8e\u8f93\u7535\u8fd0\u884c\u548c\u89c4\u5212\u7684\u7535\u529b\u7cfb\u7edf\u4eff\u771f\u548c\u5206\u6790\u5de5\u5177\u3002PSS(R)ODMS\u662f\u4e00\u79cd\u57fa\u4e8eCIM\u7684\u7f51\u7edc\u6a21\u578b\u7ba1\u7406\u5de5\u5177\uff0c\u5177\u6709\u9488\u5bf9\u8f93\u7535\u516c\u7528\u4e8b\u4e1a\u8fdb\u884c\u89c4\u5212\u548c\u8fd0\u8425\u89c4\u5212\u7684\u7f51\u7edc\u5206\u6790\u529f\u80fd\u3002SIMATIC PCS neo\u662f\u4e00\u79cd\u5206\u5e03\u5f0f\u63a7\u5236\u7cfb\u7edf\uff08DCS\uff09\u3002SIMATIC WinCC Open Architecture (OA) \u662fSIMATIC HMI\u7cfb\u5217\u7684\u4e00\u90e8\u5206\u3002\u5b83\u88ab\u8bbe\u8ba1\u7528\u4e8e\u9700\u8981\u9ad8\u5ea6\u5ba2\u6237\u7279\u5b9a\u9002\u5e94\u6027\u7684\u5e94\u7528\u7a0b\u5e8f\u3001\u5927\u578b\u6216\u590d\u6742\u7684\u5e94\u7528\u7a0b\u5e8f\u4ee5\u53ca\u5f3a\u52a0\u7279\u5b9a\u7cfb\u7edf\u8981\u6c42\u6216\u529f\u80fd\u7684\u9879\u76ee\u3002SIMIT Simluation Platform\u5141\u8bb8\u6a21\u62df\u5de5\u5382\u8bbe\u7f6e\uff0c\u4ee5\u4fbf\u5728\u65e9\u671f\u89c4\u5212\u9636\u6bb5\u9884\u6d4b\u6545\u969c\u3002SINEC INS (Infrastructure Network Services)\u662f\u4e00\u4e2a\u57fa\u4e8eweb\u7684\u5e94\u7528\u7a0b\u5e8f\uff0c\u5b83\u5c06\u5404\u79cd\u7f51\u7edc\u670d\u52a1\u7ec4\u5408\u5728\u4e00\u4e2a\u5de5\u5177\u4e2d\u3002SINEMA Remote Connect\u662f\u4e00\u4e2a\u7528\u4e8e\u8fdc\u7a0b\u7f51\u7edc\u7684\u7ba1\u7406\u5e73\u53f0\uff0c\u53ef\u4ee5\u7b80\u5355\u7ba1\u7406\u603b\u90e8\u3001\u670d\u52a1\u6280\u672f\u4eba\u5458\u548c\u5df2\u5b89\u88c5\u673a\u5668\u6216\u5de5\u5382\u4e4b\u95f4\u7684\u96a7\u9053\u8fde\u63a5\uff08VPN\uff09\u3002\n\nSiemens Industrial\u4ea7\u54c1WIBU\u7cfb\u7edfCodeMeter\u5b58\u5728\u5806\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u662f\u7531\u4e8e\u672a\u80fd\u6b63\u786e\u7684\u8fb9\u754c\u68c0\u67e5\u5f15\u8d77\u7684\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4f7f\u7f13\u51b2\u533a\u6ea2\u51fa\u5e76\u5728\u7cfb\u7edf\u4e0a\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://cert-portal.siemens.com/productcert/html/ssa-240541.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2023-69811",
  "openTime": "2023-09-14",
  "patchDescription": "PSS(R)CAPE\u662f\u4e00\u4e2a\u8f93\u914d\u7535\u7f51\u4fdd\u62a4\u4eff\u771f\u8f6f\u4ef6\u3002PSS(R)E\u662f\u4e00\u79cd\u7528\u4e8e\u8f93\u7535\u8fd0\u884c\u548c\u89c4\u5212\u7684\u7535\u529b\u7cfb\u7edf\u4eff\u771f\u548c\u5206\u6790\u5de5\u5177\u3002PSS(R)ODMS\u662f\u4e00\u79cd\u57fa\u4e8eCIM\u7684\u7f51\u7edc\u6a21\u578b\u7ba1\u7406\u5de5\u5177\uff0c\u5177\u6709\u9488\u5bf9\u8f93\u7535\u516c\u7528\u4e8b\u4e1a\u8fdb\u884c\u89c4\u5212\u548c\u8fd0\u8425\u89c4\u5212\u7684\u7f51\u7edc\u5206\u6790\u529f\u80fd\u3002SIMATIC PCS neo\u662f\u4e00\u79cd\u5206\u5e03\u5f0f\u63a7\u5236\u7cfb\u7edf\uff08DCS\uff09\u3002SIMATIC WinCC Open Architecture (OA) \u662fSIMATIC HMI\u7cfb\u5217\u7684\u4e00\u90e8\u5206\u3002\u5b83\u88ab\u8bbe\u8ba1\u7528\u4e8e\u9700\u8981\u9ad8\u5ea6\u5ba2\u6237\u7279\u5b9a\u9002\u5e94\u6027\u7684\u5e94\u7528\u7a0b\u5e8f\u3001\u5927\u578b\u6216\u590d\u6742\u7684\u5e94\u7528\u7a0b\u5e8f\u4ee5\u53ca\u5f3a\u52a0\u7279\u5b9a\u7cfb\u7edf\u8981\u6c42\u6216\u529f\u80fd\u7684\u9879\u76ee\u3002SIMIT Simluation Platform\u5141\u8bb8\u6a21\u62df\u5de5\u5382\u8bbe\u7f6e\uff0c\u4ee5\u4fbf\u5728\u65e9\u671f\u89c4\u5212\u9636\u6bb5\u9884\u6d4b\u6545\u969c\u3002SINEC INS (Infrastructure Network Services)\u662f\u4e00\u4e2a\u57fa\u4e8eweb\u7684\u5e94\u7528\u7a0b\u5e8f\uff0c\u5b83\u5c06\u5404\u79cd\u7f51\u7edc\u670d\u52a1\u7ec4\u5408\u5728\u4e00\u4e2a\u5de5\u5177\u4e2d\u3002SINEMA Remote Connect\u662f\u4e00\u4e2a\u7528\u4e8e\u8fdc\u7a0b\u7f51\u7edc\u7684\u7ba1\u7406\u5e73\u53f0\uff0c\u53ef\u4ee5\u7b80\u5355\u7ba1\u7406\u603b\u90e8\u3001\u670d\u52a1\u6280\u672f\u4eba\u5458\u548c\u5df2\u5b89\u88c5\u673a\u5668\u6216\u5de5\u5382\u4e4b\u95f4\u7684\u96a7\u9053\u8fde\u63a5\uff08VPN\uff09\u3002\r\n\r\nSiemens Industrial\u4ea7\u54c1WIBU\u7cfb\u7edfCodeMeter\u5b58\u5728\u5806\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u662f\u7531\u4e8e\u672a\u80fd\u6b63\u786e\u7684\u8fb9\u754c\u68c0\u67e5\u5f15\u8d77\u7684\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4f7f\u7f13\u51b2\u533a\u6ea2\u51fa\u5e76\u5728\u7cfb\u7edf\u4e0a\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Siemens Industrial\u4ea7\u54c1WIBU\u7cfb\u7edfCodeMeter\u5806\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Siemens SINEC INS",
      "Siemens SIMIT Simulation Platform",
      "SIEMENS SINEMA Remote Connect",
      "Siemens SIMATIC WinCC OA V3.17",
      "Siemens SIMATIC WinCC OA V3.18",
      "Siemens PSS(R)CAPE V14 \u003c V14.2023-08-23",
      "Siemens PSS(R)CAPE V15 \u003c V15.0.22",
      "Siemens PSS(R)E V34 \u003c V34.9.6",
      "Siemens PSS(R)ODMS V13.0",
      "Siemens PSS(R)ODMS V13.1 \u003c V13.1.12.1",
      "Siemens SIMATIC PCS neo V3",
      "Siemens SIMATIC PCS neo V4",
      "Siemens SIMATIC WinCC OA V3.19 \u003c V3.19 P006",
      "Siemens PSS(R)E V35"
    ]
  },
  "referenceLink": "https://cert-portal.siemens.com/productcert/html/ssa-240541.html",
  "serverity": "\u9ad8",
  "submitTime": "2023-09-14",
  "title": "Siemens Industrial\u4ea7\u54c1WIBU\u7cfb\u7edfCodeMeter\u5806\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e"
}

CVE-2023-3935 (GCVE-0-2023-3935)

Vulnerability from cvelistv5

Published

2023-09-13 13:19

Modified

2025-08-27 20:32

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-787 - Out-of-bounds Write

Summary

A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system.

References

▼	URL	Tags
	https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/AdvisoryWIBU-230704-01-v3.0.pdf
	https://cert.vde.com/en/advisories/VDE-2023-031/
	https://cert.vde.com/en/advisories/VDE-2023-030/

Impacted products

Vendor

Product

Version

▼

Version: 0.0 <

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:08:50.775Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/AdvisoryWIBU-230704-01-v3.0.pdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert.vde.com/en/advisories/VDE-2023-031/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert.vde.com/en/advisories/VDE-2023-030/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-3935",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-26T21:50:55.835781Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-27T20:32:53.842Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "CodeMeter Runtime",
          "vendor": "Wibu",
          "versions": [
            {
              "lessThanOrEqual": "7.60b",
              "status": "affected",
              "version": "0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "CodeMeter Runtime",
          "vendor": "Wibu",
          "versions": [
            {
              "status": "unaffected",
              "version": "7.21g"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system."
            }
          ],
          "value": "A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787 Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-19T07:00:20.911Z",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "url": "https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/AdvisoryWIBU-230704-01-v3.0.pdf"
        },
        {
          "url": "https://cert.vde.com/en/advisories/VDE-2023-031/"
        },
        {
          "url": "https://cert.vde.com/en/advisories/VDE-2023-030/"
        }
      ],
      "source": {
        "defect": [
          "CERT@VDE#64566"
        ],
        "discovery": "UNKNOWN"
      },
      "title": "Wibu: Buffer Overflow in CodeMeter Runtime",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2023-3935",
    "datePublished": "2023-09-13T13:19:18.392Z",
    "dateReserved": "2023-07-25T13:02:40.206Z",
    "dateUpdated": "2025-08-27T20:32:53.842Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted