cnvd - cnvd-2023-75584

cnvd-2023-75584

Vulnerability from cnvd

Title: Siemens Tecnomatix Plant Simulation越界读取漏洞（CNVD-2023-75584）

Description:

Siemens Tecnomatix Plant Simulation是德国西门子（Siemens）公司的一个工控设备。利用离散事件仿真的功能进行生产量分析和优化，进而改善制造系统性能。

Siemens Tecnomatix Plant Simulation存在越界读取漏洞，由于在解析特制的SPP文件时，受影响的应用程序包含超过分配结构末尾的越界读取。攻击者可利用该漏洞在当前进程的上下文中执行代码。

Severity: 高

Patch Name: Siemens Tecnomatix Plant Simulation越界读取漏洞（CNVD-2023-75584）的补丁

Patch Description:

Siemens Tecnomatix Plant Simulation是德国西门子（Siemens）公司的一个工控设备。利用离散事件仿真的功能进行生产量分析和优化，进而改善制造系统性能。

Siemens Tecnomatix Plant Simulation存在越界读取漏洞，由于在解析特制的SPP文件时，受影响的应用程序包含超过分配结构末尾的越界读取。攻击者可利用该漏洞在当前进程的上下文中执行代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

用户可参考如下供应商提供的安全公告获得补丁信息： https://cert-portal.siemens.com/productcert/html/ssa-524778.html

Reference: https://cert-portal.siemens.com/productcert/html/ssa-524778.html

Impacted products

Name
['Siemens Tecnomatix Plant Simulation V2201 < V2201.0009', 'Siemens Tecnomatix Plant Simulation V2302 < V2302.0003']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2023-44084"
    }
  },
  "description": "Siemens Tecnomatix Plant Simulation\u662f\u5fb7\u56fd\u897f\u95e8\u5b50\uff08Siemens\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u5de5\u63a7\u8bbe\u5907\u3002\u5229\u7528\u79bb\u6563\u4e8b\u4ef6\u4eff\u771f\u7684\u529f\u80fd\u8fdb\u884c\u751f\u4ea7\u91cf\u5206\u6790\u548c\u4f18\u5316\uff0c\u8fdb\u800c\u6539\u5584\u5236\u9020\u7cfb\u7edf\u6027\u80fd\u3002\n\nSiemens Tecnomatix Plant Simulation\u5b58\u5728\u8d8a\u754c\u8bfb\u53d6\u6f0f\u6d1e\uff0c\u7531\u4e8e\u5728\u89e3\u6790\u7279\u5236\u7684SPP\u6587\u4ef6\u65f6\uff0c\u53d7\u5f71\u54cd\u7684\u5e94\u7528\u7a0b\u5e8f\u5305\u542b\u8d85\u8fc7\u5206\u914d\u7ed3\u6784\u672b\u5c3e\u7684\u8d8a\u754c\u8bfb\u53d6\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u5f53\u524d\u8fdb\u7a0b\u7684\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u4ee3\u7801\u3002",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://cert-portal.siemens.com/productcert/html/ssa-524778.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2023-75584",
  "openTime": "2023-10-13",
  "patchDescription": "Siemens Tecnomatix Plant Simulation\u662f\u5fb7\u56fd\u897f\u95e8\u5b50\uff08Siemens\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u5de5\u63a7\u8bbe\u5907\u3002\u5229\u7528\u79bb\u6563\u4e8b\u4ef6\u4eff\u771f\u7684\u529f\u80fd\u8fdb\u884c\u751f\u4ea7\u91cf\u5206\u6790\u548c\u4f18\u5316\uff0c\u8fdb\u800c\u6539\u5584\u5236\u9020\u7cfb\u7edf\u6027\u80fd\u3002\r\n\r\nSiemens Tecnomatix Plant Simulation\u5b58\u5728\u8d8a\u754c\u8bfb\u53d6\u6f0f\u6d1e\uff0c\u7531\u4e8e\u5728\u89e3\u6790\u7279\u5236\u7684SPP\u6587\u4ef6\u65f6\uff0c\u53d7\u5f71\u54cd\u7684\u5e94\u7528\u7a0b\u5e8f\u5305\u542b\u8d85\u8fc7\u5206\u914d\u7ed3\u6784\u672b\u5c3e\u7684\u8d8a\u754c\u8bfb\u53d6\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u5f53\u524d\u8fdb\u7a0b\u7684\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Siemens Tecnomatix Plant Simulation\u8d8a\u754c\u8bfb\u53d6\u6f0f\u6d1e\uff08CNVD-2023-75584\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Siemens Tecnomatix Plant Simulation V2201 \u003c V2201.0009",
      "Siemens Tecnomatix Plant Simulation V2302 \u003c V2302.0003"
    ]
  },
  "referenceLink": "https://cert-portal.siemens.com/productcert/html/ssa-524778.html",
  "serverity": "\u9ad8",
  "submitTime": "2023-10-11",
  "title": "Siemens Tecnomatix Plant Simulation\u8d8a\u754c\u8bfb\u53d6\u6f0f\u6d1e\uff08CNVD-2023-75584\uff09"
}

CVE-2023-44084 (GCVE-0-2023-44084)

Vulnerability from cvelistv5

Published

2023-10-10 10:21

Modified

2025-02-27 20:45

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE

CWE-125 - Out-of-bounds Read

Summary

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process.

References

▼	URL	Tags
	https://cert-portal.siemens.com/productcert/pdf/ssa-524778.pdf

Impacted products

Vendor

Product

Version

▼

Siemens

Tecnomatix Plant Simulation V2201

Version: All versions < V2201.0009

Siemens

Tecnomatix Plant Simulation V2302

Version: All versions < V2302.0003

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T19:52:11.959Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-524778.pdf"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-44084",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-26T21:50:17.107801Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-27T20:45:25.711Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Tecnomatix Plant Simulation V2201",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2201.0009"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Tecnomatix Plant Simulation V2302",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2302.0003"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions \u003c V2201.0009), Tecnomatix Plant Simulation V2302 (All versions \u003c V2302.0003). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125: Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-10T10:21:36.220Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-524778.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2023-44084",
    "datePublished": "2023-10-10T10:21:36.220Z",
    "dateReserved": "2023-09-25T08:18:20.817Z",
    "dateUpdated": "2025-02-27T20:45:25.711Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted