cnvd - cnvd-2023-97276

cnvd-2023-97276

Vulnerability from cnvd

Title: Siemens User Management Component (UMC)经典缓冲区溢出漏洞

Description:

Opcenter Quality是一种质量管理体系（QMS），使组织能够通过提高流程稳定性来保障合规性、优化质量、降低缺陷和返工成本并实现卓越运营。SIMATIC PCS neo是一种分布式控制系统（DCS）。SINUMERIK集成产品套件有助于在生产环境的IT中实现机床的简单联网。Totally Integrated Automation Portal (TIA Portal)是一款PC软件，可提供西门子数字化自动化服务的完整范围，从数字规划、集成工程到透明操作。User Management Component (UMC) 是一个集成组件，可实现对用户的全系统集中维护。

Siemens User Management Component (UMC)存在经典缓冲区溢出漏洞，当处理端口4002/tcp上的特定请求时，受影响的应用程序包含超过已分配缓冲区末尾的越界写入。攻击者可利用该漏洞使应用程序崩溃。相应的服务在崩溃后自动重新启动。

Severity: 高

Patch Name: Siemens User Management Component (UMC)经典缓冲区溢出漏洞的补丁

Patch Description:

Siemens User Management Component (UMC)存在经典缓冲区溢出漏洞，当处理端口4002/tcp上的特定请求时，受影响的应用程序包含超过已分配缓冲区末尾的越界写入。攻击者可利用该漏洞使应用程序崩溃。相应的服务在崩溃后自动重新启动。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

用户可参考如下供应商提供的安全公告获得补丁信息： https://cert-portal.siemens.com/productcert/html/ssa-999588.html

Reference: https://cert-portal.siemens.com/productcert/html/ssa-999588.html

Impacted products

Name
['Siemens Totally Integrated Automation Portal (TIA Portal) V16', 'Siemens Totally Integrated Automation Portal (TIA Portal) V17', 'Siemens Totally Integrated Automation Portal (TIA Portal) V14', 'Siemens Totally Integrated Automation Portal (TIA Portal) V15.1', 'Siemens SIMATIC PCS neo <4.1', 'Siemens Opcenter Quality', 'Siemens SINUMERIK Integrate RunMyHMI /Automotive', 'Siemens Totally Integrated Automation Portal (TIA Portal) V18 < V18 Update 3']

Name

['Siemens Totally Integrated Automation Portal (TIA Portal) V16', 'Siemens Totally Integrated Automation Portal (TIA Portal) V17', 'Siemens Totally Integrated Automation Portal (TIA Portal) V14', 'Siemens Totally Integrated Automation Portal (TIA Portal) V15.1', 'Siemens SIMATIC PCS neo <4.1', 'Siemens Opcenter Quality', 'Siemens SINUMERIK Integrate RunMyHMI /Automotive', 'Siemens Totally Integrated Automation Portal (TIA Portal) V18 < V18 Update 3']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2023-46283"
    }
  },
  "description": "Opcenter Quality\u662f\u4e00\u79cd\u8d28\u91cf\u7ba1\u7406\u4f53\u7cfb\uff08QMS\uff09\uff0c\u4f7f\u7ec4\u7ec7\u80fd\u591f\u901a\u8fc7\u63d0\u9ad8\u6d41\u7a0b\u7a33\u5b9a\u6027\u6765\u4fdd\u969c\u5408\u89c4\u6027\u3001\u4f18\u5316\u8d28\u91cf\u3001\u964d\u4f4e\u7f3a\u9677\u548c\u8fd4\u5de5\u6210\u672c\u5e76\u5b9e\u73b0\u5353\u8d8a\u8fd0\u8425\u3002SIMATIC PCS neo\u662f\u4e00\u79cd\u5206\u5e03\u5f0f\u63a7\u5236\u7cfb\u7edf\uff08DCS\uff09\u3002SINUMERIK\u96c6\u6210\u4ea7\u54c1\u5957\u4ef6\u6709\u52a9\u4e8e\u5728\u751f\u4ea7\u73af\u5883\u7684IT\u4e2d\u5b9e\u73b0\u673a\u5e8a\u7684\u7b80\u5355\u8054\u7f51\u3002Totally Integrated Automation Portal (TIA Portal)\u662f\u4e00\u6b3ePC\u8f6f\u4ef6\uff0c\u53ef\u63d0\u4f9b\u897f\u95e8\u5b50\u6570\u5b57\u5316\u81ea\u52a8\u5316\u670d\u52a1\u7684\u5b8c\u6574\u8303\u56f4\uff0c\u4ece\u6570\u5b57\u89c4\u5212\u3001\u96c6\u6210\u5de5\u7a0b\u5230\u900f\u660e\u64cd\u4f5c\u3002User Management Component (UMC) \u662f\u4e00\u4e2a\u96c6\u6210\u7ec4\u4ef6\uff0c\u53ef\u5b9e\u73b0\u5bf9\u7528\u6237\u7684\u5168\u7cfb\u7edf\u96c6\u4e2d\u7ef4\u62a4\u3002\n\nSiemens User Management Component (UMC)\u5b58\u5728\u7ecf\u5178\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u5f53\u5904\u7406\u7aef\u53e34002/tcp\u4e0a\u7684\u7279\u5b9a\u8bf7\u6c42\u65f6\uff0c\u53d7\u5f71\u54cd\u7684\u5e94\u7528\u7a0b\u5e8f\u5305\u542b\u8d85\u8fc7\u5df2\u5206\u914d\u7f13\u51b2\u533a\u672b\u5c3e\u7684\u8d8a\u754c\u5199\u5165\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4f7f\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u3002\u76f8\u5e94\u7684\u670d\u52a1\u5728\u5d29\u6e83\u540e\u81ea\u52a8\u91cd\u65b0\u542f\u52a8\u3002",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://cert-portal.siemens.com/productcert/html/ssa-999588.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2023-97276",
  "openTime": "2023-12-15",
  "patchDescription": "Opcenter Quality\u662f\u4e00\u79cd\u8d28\u91cf\u7ba1\u7406\u4f53\u7cfb\uff08QMS\uff09\uff0c\u4f7f\u7ec4\u7ec7\u80fd\u591f\u901a\u8fc7\u63d0\u9ad8\u6d41\u7a0b\u7a33\u5b9a\u6027\u6765\u4fdd\u969c\u5408\u89c4\u6027\u3001\u4f18\u5316\u8d28\u91cf\u3001\u964d\u4f4e\u7f3a\u9677\u548c\u8fd4\u5de5\u6210\u672c\u5e76\u5b9e\u73b0\u5353\u8d8a\u8fd0\u8425\u3002SIMATIC PCS neo\u662f\u4e00\u79cd\u5206\u5e03\u5f0f\u63a7\u5236\u7cfb\u7edf\uff08DCS\uff09\u3002SINUMERIK\u96c6\u6210\u4ea7\u54c1\u5957\u4ef6\u6709\u52a9\u4e8e\u5728\u751f\u4ea7\u73af\u5883\u7684IT\u4e2d\u5b9e\u73b0\u673a\u5e8a\u7684\u7b80\u5355\u8054\u7f51\u3002Totally Integrated Automation Portal (TIA Portal)\u662f\u4e00\u6b3ePC\u8f6f\u4ef6\uff0c\u53ef\u63d0\u4f9b\u897f\u95e8\u5b50\u6570\u5b57\u5316\u81ea\u52a8\u5316\u670d\u52a1\u7684\u5b8c\u6574\u8303\u56f4\uff0c\u4ece\u6570\u5b57\u89c4\u5212\u3001\u96c6\u6210\u5de5\u7a0b\u5230\u900f\u660e\u64cd\u4f5c\u3002User Management Component (UMC) \u662f\u4e00\u4e2a\u96c6\u6210\u7ec4\u4ef6\uff0c\u53ef\u5b9e\u73b0\u5bf9\u7528\u6237\u7684\u5168\u7cfb\u7edf\u96c6\u4e2d\u7ef4\u62a4\u3002\r\n\r\nSiemens User Management Component (UMC)\u5b58\u5728\u7ecf\u5178\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u5f53\u5904\u7406\u7aef\u53e34002/tcp\u4e0a\u7684\u7279\u5b9a\u8bf7\u6c42\u65f6\uff0c\u53d7\u5f71\u54cd\u7684\u5e94\u7528\u7a0b\u5e8f\u5305\u542b\u8d85\u8fc7\u5df2\u5206\u914d\u7f13\u51b2\u533a\u672b\u5c3e\u7684\u8d8a\u754c\u5199\u5165\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4f7f\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u3002\u76f8\u5e94\u7684\u670d\u52a1\u5728\u5d29\u6e83\u540e\u81ea\u52a8\u91cd\u65b0\u542f\u52a8\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Siemens User Management Component (UMC)\u7ecf\u5178\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Siemens Totally Integrated Automation Portal (TIA Portal) V16",
      "Siemens Totally Integrated Automation Portal (TIA Portal) V17",
      "Siemens Totally Integrated Automation Portal (TIA Portal) V14",
      "Siemens Totally Integrated Automation Portal (TIA Portal) V15.1",
      "Siemens SIMATIC PCS neo \u003c4.1",
      "Siemens Opcenter Quality",
      "Siemens SINUMERIK Integrate RunMyHMI /Automotive",
      "Siemens Totally Integrated Automation Portal (TIA Portal) V18 \u003c V18 Update 3"
    ]
  },
  "referenceLink": "https://cert-portal.siemens.com/productcert/html/ssa-999588.html",
  "serverity": "\u9ad8",
  "submitTime": "2023-12-13",
  "title": "Siemens User Management Component (UMC)\u7ecf\u5178\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e"
}

CVE-2023-46283 (GCVE-0-2023-46283)

Vulnerability from cvelistv5

Published

2023-12-12 11:27

Modified

2025-01-14 10:29

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Summary

A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer when handling specific requests on port 4002/tcp. This could allow an attacker to crash the application. The corresponding service is auto-restarted after the crash.

References

▼	URL	Tags
	https://cert-portal.siemens.com/productcert/pdf/ssa-999588.pdf
	https://cert-portal.siemens.com/productcert/html/ssa-999588.html

Impacted products

Vendor

Product

Version

▼

Siemens

Opcenter Execution Foundation

Version: 0 < V2407

Siemens	Opcenter Quality	Version: 0 < V2312
Siemens	SIMATIC PCS neo	Version: 0 < V4.1
Siemens	SINEC NMS	Version: 0 < V2.0 SP1
Siemens	Totally Integrated Automation Portal (TIA Portal) V14	Version: 0 < *
Siemens	Totally Integrated Automation Portal (TIA Portal) V15.1	Version: 0 < *
Siemens	Totally Integrated Automation Portal (TIA Portal) V16	Version: 0 < *
Siemens	Totally Integrated Automation Portal (TIA Portal) V17	Version: 0 < V17 Update 8
Siemens	Totally Integrated Automation Portal (TIA Portal) V18	Version: 0 < V18 Update 3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T20:45:40.675Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-999588.pdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-999588.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Opcenter Execution Foundation",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2407",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Opcenter Quality",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2312",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC PCS neo",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINEC NMS",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.0 SP1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Totally Integrated Automation Portal (TIA Portal) V14",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Totally Integrated Automation Portal (TIA Portal) V15.1",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Totally Integrated Automation Portal (TIA Portal) V16",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Totally Integrated Automation Portal (TIA Portal) V17",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V17 Update 8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Totally Integrated Automation Portal (TIA Portal) V18",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V18 Update 3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in Opcenter Execution Foundation (All versions \u003c V2407), Opcenter Quality (All versions \u003c V2312), SIMATIC PCS neo (All versions \u003c V4.1), SINEC NMS (All versions \u003c V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions \u003c V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions \u003c V18 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer when handling specific requests on port 4002/tcp. This could allow an attacker to crash the application. The corresponding service is auto-restarted after the crash."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-120",
              "description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-14T10:29:52.922Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-999588.pdf"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-999588.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2023-46283",
    "datePublished": "2023-12-12T11:27:14.437Z",
    "dateReserved": "2023-10-20T10:29:46.260Z",
    "dateUpdated": "2025-01-14T10:29:52.922Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted