cnvd-2024-31238
Vulnerability from cnvd

Title: Siemens多款工业产品OPC UA服务器拒绝服务漏洞

Description:

SIMATIC Energy Manager为用户提供了一个可扩展的、非特定行业的能源数据管理系统。SIMATIC IPC DiagBase诊断软件可早期识别SIMATIC工控机上的任何潜在故障,并有助于避免或减少系统停机时间。SIMATIC IPC DiagMonitor监视、报告、可视化并记录SIMATIC工控机的系统状态。它与其他系统通信,并在事件发生时作出反应。SIMIT Simluation Platform允许模拟工厂设置,以便在早期规划阶段预测故障。

Siemens多款工业产品OPC UA服务器存在拒绝服务漏洞,攻击者可利用该漏洞导致高负载情况和内存耗尽,并可能阻塞服务器。

Severity:

Patch Name: Siemens多款工业产品OPC UA服务器拒绝服务漏洞的补丁

Patch Description:

SIMATIC Energy Manager为用户提供了一个可扩展的、非特定行业的能源数据管理系统。SIMATIC IPC DiagBase诊断软件可早期识别SIMATIC工控机上的任何潜在故障,并有助于避免或减少系统停机时间。SIMATIC IPC DiagMonitor监视、报告、可视化并记录SIMATIC工控机的系统状态。它与其他系统通信,并在事件发生时作出反应。SIMIT Simluation Platform允许模拟工厂设置,以便在早期规划阶段预测故障。

Siemens多款工业产品OPC UA服务器存在拒绝服务漏洞,攻击者可利用该漏洞导致高负载情况和内存耗尽,并可能阻塞服务器。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。

Formal description:

用户可参考如下供应商提供的安全公告获得补丁信息: https://cert-portal.siemens.com/productcert/html/ssa-088132.html

Reference: https://cert-portal.siemens.com/productcert/html/ssa-088132.html

Impacted products
Name
['Siemens SIMATIC IPC DiagMonitor', 'SIEMENS SIMATIC IPC DiagBase null', 'Siemens SIMATIC Energy Manager Basic < V7.5', 'Siemens SIMATIC Energy Manager PRO < V7.5', 'Siemens SIMIT V10', 'Siemens SIMIT V11 < V11.1']
Show details on source website

To clipboard 

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2023-52891"
    }
  },
  "description": "SIMATIC Energy Manager\u4e3a\u7528\u6237\u63d0\u4f9b\u4e86\u4e00\u4e2a\u53ef\u6269\u5c55\u7684\u3001\u975e\u7279\u5b9a\u884c\u4e1a\u7684\u80fd\u6e90\u6570\u636e\u7ba1\u7406\u7cfb\u7edf\u3002SIMATIC IPC DiagBase\u8bca\u65ad\u8f6f\u4ef6\u53ef\u65e9\u671f\u8bc6\u522bSIMATIC\u5de5\u63a7\u673a\u4e0a\u7684\u4efb\u4f55\u6f5c\u5728\u6545\u969c\uff0c\u5e76\u6709\u52a9\u4e8e\u907f\u514d\u6216\u51cf\u5c11\u7cfb\u7edf\u505c\u673a\u65f6\u95f4\u3002SIMATIC IPC DiagMonitor\u76d1\u89c6\u3001\u62a5\u544a\u3001\u53ef\u89c6\u5316\u5e76\u8bb0\u5f55SIMATIC\u5de5\u63a7\u673a\u7684\u7cfb\u7edf\u72b6\u6001\u3002\u5b83\u4e0e\u5176\u4ed6\u7cfb\u7edf\u901a\u4fe1\uff0c\u5e76\u5728\u4e8b\u4ef6\u53d1\u751f\u65f6\u4f5c\u51fa\u53cd\u5e94\u3002SIMIT Simluation Platform\u5141\u8bb8\u6a21\u62df\u5de5\u5382\u8bbe\u7f6e\uff0c\u4ee5\u4fbf\u5728\u65e9\u671f\u89c4\u5212\u9636\u6bb5\u9884\u6d4b\u6545\u969c\u3002\n\nSiemens\u591a\u6b3e\u5de5\u4e1a\u4ea7\u54c1OPC UA\u670d\u52a1\u5668\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u9ad8\u8d1f\u8f7d\u60c5\u51b5\u548c\u5185\u5b58\u8017\u5c3d\uff0c\u5e76\u53ef\u80fd\u963b\u585e\u670d\u52a1\u5668\u3002",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://cert-portal.siemens.com/productcert/html/ssa-088132.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2024-31238",
  "openTime": "2024-07-10",
  "patchDescription": "SIMATIC Energy Manager\u4e3a\u7528\u6237\u63d0\u4f9b\u4e86\u4e00\u4e2a\u53ef\u6269\u5c55\u7684\u3001\u975e\u7279\u5b9a\u884c\u4e1a\u7684\u80fd\u6e90\u6570\u636e\u7ba1\u7406\u7cfb\u7edf\u3002SIMATIC IPC DiagBase\u8bca\u65ad\u8f6f\u4ef6\u53ef\u65e9\u671f\u8bc6\u522bSIMATIC\u5de5\u63a7\u673a\u4e0a\u7684\u4efb\u4f55\u6f5c\u5728\u6545\u969c\uff0c\u5e76\u6709\u52a9\u4e8e\u907f\u514d\u6216\u51cf\u5c11\u7cfb\u7edf\u505c\u673a\u65f6\u95f4\u3002SIMATIC IPC DiagMonitor\u76d1\u89c6\u3001\u62a5\u544a\u3001\u53ef\u89c6\u5316\u5e76\u8bb0\u5f55SIMATIC\u5de5\u63a7\u673a\u7684\u7cfb\u7edf\u72b6\u6001\u3002\u5b83\u4e0e\u5176\u4ed6\u7cfb\u7edf\u901a\u4fe1\uff0c\u5e76\u5728\u4e8b\u4ef6\u53d1\u751f\u65f6\u4f5c\u51fa\u53cd\u5e94\u3002SIMIT Simluation Platform\u5141\u8bb8\u6a21\u62df\u5de5\u5382\u8bbe\u7f6e\uff0c\u4ee5\u4fbf\u5728\u65e9\u671f\u89c4\u5212\u9636\u6bb5\u9884\u6d4b\u6545\u969c\u3002\r\n\r\nSiemens\u591a\u6b3e\u5de5\u4e1a\u4ea7\u54c1OPC UA\u670d\u52a1\u5668\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u9ad8\u8d1f\u8f7d\u60c5\u51b5\u548c\u5185\u5b58\u8017\u5c3d\uff0c\u5e76\u53ef\u80fd\u963b\u585e\u670d\u52a1\u5668\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Siemens\u591a\u6b3e\u5de5\u4e1a\u4ea7\u54c1OPC UA\u670d\u52a1\u5668\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Siemens SIMATIC IPC DiagMonitor",
      "SIEMENS SIMATIC IPC DiagBase null",
      "Siemens SIMATIC Energy Manager Basic \u003c V7.5",
      "Siemens SIMATIC Energy Manager PRO \u003c V7.5",
      "Siemens SIMIT V10",
      "Siemens SIMIT V11 \u003c V11.1"
    ]
  },
  "referenceLink": "https://cert-portal.siemens.com/productcert/html/ssa-088132.html",
  "serverity": "\u4e2d",
  "submitTime": "2024-07-10",
  "title": "Siemens\u591a\u6b3e\u5de5\u4e1a\u4ea7\u54c1OPC UA\u670d\u52a1\u5668\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.