Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-3935 (GCVE-0-2023-3935)
Vulnerability from cvelistv5
Published
2023-09-13 13:19
Modified
2025-08-27 20:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-bounds Write
Summary
A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Wibu | CodeMeter Runtime |
Version: 0.0 < |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:08:50.775Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/AdvisoryWIBU-230704-01-v3.0.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2023-031/"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2023-030/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3935",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T21:50:55.835781Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T20:32:53.842Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CodeMeter Runtime",
"vendor": "Wibu",
"versions": [
{
"lessThanOrEqual": "7.60b",
"status": "affected",
"version": "0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "CodeMeter Runtime",
"vendor": "Wibu",
"versions": [
{
"status": "unaffected",
"version": "7.21g"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system."
}
],
"value": "A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-19T07:00:20.911Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/AdvisoryWIBU-230704-01-v3.0.pdf"
},
{
"url": "https://cert.vde.com/en/advisories/VDE-2023-031/"
},
{
"url": "https://cert.vde.com/en/advisories/VDE-2023-030/"
}
],
"source": {
"defect": [
"CERT@VDE#64566"
],
"discovery": "UNKNOWN"
},
"title": "Wibu: Buffer Overflow in CodeMeter Runtime",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2023-3935",
"datePublished": "2023-09-13T13:19:18.392Z",
"dateReserved": "2023-07-25T13:02:40.206Z",
"dateUpdated": "2025-08-27T20:32:53.842Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2023-3935\",\"sourceIdentifier\":\"info@cert.vde.com\",\"published\":\"2023-09-13T14:15:09.147\",\"lastModified\":\"2024-11-21T08:18:21.260\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de Desbordamiento del B\u00fafer en el servicio de red Wibu CodeMeter Runtime hasta la versi\u00f3n 7.60b permite a un atacante remoto no autenticado lograr RCE y obtener acceso completo al sistema anfitri\u00f3n.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"info@cert.vde.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"info@cert.vde.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wibu:codemeter_runtime:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.60c\",\"matchCriteriaId\":\"5F783582-7E13-457E-96E9-8FD2D58580F5\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trumpf:oseon:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.0.0\",\"versionEndIncluding\":\"3.0.22\",\"matchCriteriaId\":\"6BCF0613-5F59-4DAA-9DDB-A9322892353A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trumpf:programmingtube:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.0.1\",\"versionEndIncluding\":\"4.6.3\",\"matchCriteriaId\":\"9648C643-3213-4D0B-A3E0-6C4A092E8DAE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trumpf:teczonebend:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"18.02.r8\",\"versionEndIncluding\":\"23.06.01\",\"matchCriteriaId\":\"56F0DB5E-5F18-4DA4-9488-242351FE5994\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trumpf:tops_unfold:05.03.00.00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"926A92BB-2001-4176-9F73-F7F40F4D58CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trumpf:topscalculation:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.00\",\"versionEndIncluding\":\"22.00.00\",\"matchCriteriaId\":\"903A6767-5E6D-4E98-A756-A3FC99BAF13F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trumpf:trumpflicenseexpert:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.5.2\",\"versionEndIncluding\":\"1.11.1\",\"matchCriteriaId\":\"54F8DF4D-3C69-4117-88A4-9C0F6838C7DD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trumpf:trutops:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"08.00\",\"versionEndIncluding\":\"12.01.00.00\",\"matchCriteriaId\":\"8360F8C5-1F88-420F-91B2-C75EC8A97A0C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trumpf:trutops_cell_classic:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"09.09.02\",\"matchCriteriaId\":\"3240055F-E26E-4BE9-89A9-D50A6FA5E8F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trumpf:trutops_cell_sw48:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"01.00\",\"versionEndIncluding\":\"02.26.0\",\"matchCriteriaId\":\"7CD0343C-7A91-4CF7-B70B-CB2569FFE679\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trumpf:trutops_mark_3d:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"01.00\",\"versionEndIncluding\":\"06.01\",\"matchCriteriaId\":\"EB6D30E6-031C-4104-A573-2FD3773E1CDF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trumpf:trutopsboost:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"06.00.23.00\",\"versionEndIncluding\":\"16.0.22\",\"matchCriteriaId\":\"B55ED3C4-B111-4A8C-BB9F-A50FCCC38432\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trumpf:trutopsfab:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.00.23.00\",\"versionEndIncluding\":\"22.8.25\",\"matchCriteriaId\":\"A4180D87-1915-4868-9328-D310282DD7C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trumpf:trutopsfab_storage_smallstore:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.06.20\",\"versionEndIncluding\":\"20.04.20.00\",\"matchCriteriaId\":\"3C7823FE-A87C-494B-AB35-AB2830884282\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trumpf:trutopsprint:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"00.06.00\",\"versionEndIncluding\":\"01.00\",\"matchCriteriaId\":\"A257AA96-76DA-47CC-A3BA-3CCFB719C62E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trumpf:trutopsprintmultilaserassistant:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"01.02\",\"matchCriteriaId\":\"607CE0A6-C1CB-4B30-A7C7-FFEDF8DB0DA1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trumpf:trutopsweld:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.0.198.241\",\"versionEndIncluding\":\"9.0.28148.1\",\"matchCriteriaId\":\"1561DCB8-AEAF-45A8-9F6F-EEB6A49452C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trumpf:tubedesign:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"08.00\",\"versionEndIncluding\":\"14.06.150\",\"matchCriteriaId\":\"D88C313D-95E2-44EA-A895-F4CA659A5846\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phoenixcontact:activation_wizard:*:*:*:*:*:moryx:*:*\",\"versionEndIncluding\":\"1.6\",\"matchCriteriaId\":\"E8198A71-1EA7-4DAC-8D4F-EB646A0DC635\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phoenixcontact:e-mobility_charging_suite:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.7.0\",\"matchCriteriaId\":\"2B2B109F-41E0-4CC9-9F9F-F1AD06E1EA77\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phoenixcontact:fl_network_manager:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"7.0\",\"matchCriteriaId\":\"C8751F63-3D03-434A-BF4E-67320F6672FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phoenixcontact:iol-conf:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.7.0\",\"matchCriteriaId\":\"907E5EB3-8346-4371-9CFF-0F885CC0529E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phoenixcontact:module_type_package_designer:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.2.0\",\"matchCriteriaId\":\"C9659319-4AEC-4112-9EAC-7892C0A37AA8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phoenixcontact:module_type_package_designer:1.2.0:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB44DD6D-7685-4346-91BC-30CB9531982A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phoenixcontact:plcnext_engineer:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2023.6\",\"matchCriteriaId\":\"170FABD2-23D5-4885-AA09-B4130F945564\"}]}]}],\"references\":[{\"url\":\"https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/AdvisoryWIBU-230704-01-v3.0.pdf\",\"source\":\"info@cert.vde.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://cert.vde.com/en/advisories/VDE-2023-030/\",\"source\":\"info@cert.vde.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://cert.vde.com/en/advisories/VDE-2023-031/\",\"source\":\"info@cert.vde.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/AdvisoryWIBU-230704-01-v3.0.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://cert.vde.com/en/advisories/VDE-2023-030/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://cert.vde.com/en/advisories/VDE-2023-031/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/AdvisoryWIBU-230704-01-v3.0.pdf\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://cert.vde.com/en/advisories/VDE-2023-031/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://cert.vde.com/en/advisories/VDE-2023-030/\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T07:08:50.775Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-3935\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-26T21:50:55.835781Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-26T20:36:59.547Z\"}}], \"cna\": {\"title\": \"Wibu: Buffer Overflow in CodeMeter Runtime\", \"source\": {\"defect\": [\"CERT@VDE#64566\"], \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Wibu\", \"product\": \"CodeMeter Runtime\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"7.60b\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Wibu\", \"product\": \"CodeMeter Runtime\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"7.21g\"}], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/AdvisoryWIBU-230704-01-v3.0.pdf\"}, {\"url\": \"https://cert.vde.com/en/advisories/VDE-2023-031/\"}, {\"url\": \"https://cert.vde.com/en/advisories/VDE-2023-030/\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-787\", \"description\": \"CWE-787 Out-of-bounds Write\"}]}], \"providerMetadata\": {\"orgId\": \"270ccfa6-a436-4e77-922e-914ec3a9685c\", \"shortName\": \"CERTVDE\", \"dateUpdated\": \"2023-09-19T07:00:20.911Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-3935\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-08-27T20:32:53.842Z\", \"dateReserved\": \"2023-07-25T13:02:40.206Z\", \"assignerOrgId\": \"270ccfa6-a436-4e77-922e-914ec3a9685c\", \"datePublished\": \"2023-09-13T13:19:18.392Z\", \"assignerShortName\": \"CERTVDE\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
sca-2023-0009
Vulnerability from csaf_sick
Published
2023-09-29 10:00
Modified
2023-09-29 10:00
Summary
Vulnerability in Wibu-Systems CodeMeter Runtime affects multiple SICK products
Notes
General Security Measures
As general security measures, SICK recommends to minimize network exposure of the devices, restrict network access and follow recommended security practices in order to run the devices in a protected IT environment.
Vulnerability Classification
SICK performs vulnerability classification by using the CVSS scoring system (*CVSS v3.1*). The environmental score is dependent on the customer’s environment and can affect the overall CVSS score. SICK recommends that customers individually evaluate the environmental score to achieve final scoring.
Wibu-Systems disclosed a security vulnerability in the CodeMeter Runtime. There is a heap buffer overflow vulnerability which can potentially lead to a remote code execution. Currently, no PoC is known to Wibu-Systems.
To exploit the heap overflow, additional protection mechanisms need to be broken. Remote access is only possible if CodeMeter is configured as a server.
If CodeMeter is not configured as a server, the adversary would need to log in to the machine where the CodeMeter Runtime is running or trick the user into sending a malicious request to CodeMeter.
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "As general security measures, SICK recommends to minimize network exposure of the devices, restrict network access and follow recommended security practices in order to run the devices in a protected IT environment.",
"title": "General Security Measures"
},
{
"category": "general",
"text": "SICK performs vulnerability classification by using the CVSS scoring system (*CVSS v3.1*). The environmental score is dependent on the customer\u2019s environment and can affect the overall CVSS score. SICK recommends that customers individually evaluate the environmental score to achieve final scoring.",
"title": "Vulnerability Classification"
},
{
"category": "summary",
"text": "Wibu-Systems disclosed a security vulnerability in the CodeMeter Runtime. There is a heap buffer overflow vulnerability which can potentially lead to a remote code execution. Currently, no PoC is known to Wibu-Systems.\nTo exploit the heap overflow, additional protection mechanisms need to be broken. Remote access is only possible if CodeMeter is configured as a server.\nIf CodeMeter is not configured as a server, the adversary would need to log in to the machine where the CodeMeter Runtime is running or trick the user into sending a malicious request to CodeMeter."
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@sick.de",
"issuing_authority": "SICK AG issues and issues in EHS products (when related to the Endress+Hauser SICK (EHS) joint venture).",
"name": "SICK PSIRT",
"namespace": "https://www.sick.com/psirt"
},
"references": [
{
"summary": "SICK PSIRT Security Advisories",
"url": "https://www.sick.com/psirt"
},
{
"summary": "SICK Operating Guidelines",
"url": "https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf"
},
{
"summary": "ICS-CERT recommended practices on Industrial Security",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"summary": "CVSS v3.1 Calculator",
"url": "https://www.first.org/cvss/calculator/3.1"
},
{
"category": "self",
"summary": "The canonical URL.",
"url": "https://www.sick.com/.well-known/csaf/white/2023/sca-2023-0009.json"
},
{
"category": "self",
"summary": "The canonical PDF URL.",
"url": "https://www.sick.com/.well-known/csaf/white/2023/sca-2023-0009.pdf"
}
],
"title": "Vulnerability in Wibu-Systems CodeMeter Runtime affects multiple SICK products",
"tracking": {
"current_release_date": "2023-09-29T10:00:00.000Z",
"generator": {
"date": "2023-12-04T10:36:43.371Z",
"engine": {
"name": "Secvisogram",
"version": "2.2.16"
}
},
"id": "SCA-2023-0009",
"initial_release_date": "2023-09-29T10:00:00.000Z",
"revision_history": [
{
"date": "2023-09-29T10:00:00.000Z",
"number": "1",
"summary": "Initial Release"
},
{
"date": "2023-10-06T10:00:00.000Z",
"number": "2",
"summary": "Updated fixed version of LiDAR-LOC."
},
{
"date": "2023-12-04T11:00:00.000Z",
"number": "3",
"summary": "Added self reference in CSAF"
},
{
"date": "2025-07-30T07:30:00.000Z",
"number": "4",
"summary": "Updated Advisory: URL for SICK Operating Guidelines has been updated"
}
],
"status": "final",
"version": "4"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=1.8.0",
"product": {
"name": "SICK SIM2000ST-E \u003e=1.8.0",
"product_id": "CSAFPID-0016",
"product_identification_helper": {
"skus": [
"1112345",
"1117588"
]
}
}
}
],
"category": "product_name",
"name": "SIM2000ST-E"
}
],
"category": "product_family",
"name": "SIM"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK AppEngine x86 all versions",
"product_id": "CSAFPID-0017",
"product_identification_helper": {
"skus": [
"1613796"
]
}
}
}
],
"category": "product_name",
"name": "AppEngine"
}
],
"category": "product_family",
"name": "AppEngine"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=FW L4M 2022.4",
"product": {
"name": "SICK TDC-E \u003e=FW L4M 2022.4",
"product_id": "CSAFPID-0018",
"product_identification_helper": {
"skus": [
"6070344",
"6079357"
]
}
}
}
],
"category": "product_name",
"name": "TDC-E"
}
],
"category": "product_family",
"name": "TDC-E"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c2.4.1",
"product": {
"name": "SICK LiDAR-LOC \u003c2.4.1",
"product_id": "CSAFPID-0019",
"product_identification_helper": {
"skus": [
"1122752",
"1122751"
]
}
}
}
],
"category": "product_name",
"name": "LiDAR-LOC"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c2.4.1",
"product": {
"name": "SICK CODE-LOC \u003c2.4.1",
"product_id": "CSAFPID-0020",
"product_identification_helper": {
"skus": [
"1132922"
]
}
}
}
],
"category": "product_name",
"name": "CODE-LOC"
}
],
"category": "product_family",
"name": "LiDAR-Lokalisierung"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK FlowGate all versions",
"product_id": "CSAFPID-0021"
}
}
],
"category": "product_name",
"name": "FlowGate"
}
],
"category": "product_family",
"name": "FlowGate"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=1.8.0",
"product": {
"name": "SICK SIM2000ST-E Firmware \u003e1.8.0",
"product_id": "CSAFPID-0022"
}
}
],
"category": "product_name",
"name": "SIM2000ST-E Firmware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK AppEngine Firmware all versions",
"product_id": "CSAFPID-0023"
}
}
],
"category": "product_name",
"name": "AppEngine Firmware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=FW L4M 2022.4",
"product": {
"name": "SICK TDC-E Firmware \u003e=FW L4M 2022.4",
"product_id": "CSAFPID-0024"
}
}
],
"category": "product_name",
"name": "TDC-E Firmware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK LiDAR-LOC Firmware all versions",
"product_id": "CSAFPID-0025"
}
}
],
"category": "product_name",
"name": "LiDAR-LOC Firmware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK CODE-LOC Firmware all versions",
"product_id": "CSAFPID-0026"
}
}
],
"category": "product_name",
"name": "CODE-LOC Firmware"
}
],
"category": "vendor",
"name": "SICK AG"
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "SICK SIM2000ST-E all Firmware versions",
"product_id": "CSAFPID-0027"
},
"product_reference": "CSAFPID-0022",
"relates_to_product_reference": "CSAFPID-0016"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK AppEngine all Firmware versions",
"product_id": "CSAFPID-0028"
},
"product_reference": "CSAFPID-0023",
"relates_to_product_reference": "CSAFPID-0017"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK TDC-E \u003c=FW L4M 2022.3 with Firmware \u003c=FW L4M 2022.3",
"product_id": "CSAFPID-0029"
},
"product_reference": "CSAFPID-0024",
"relates_to_product_reference": "CSAFPID-0018"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK LiDAR-LOC all Firmware versions",
"product_id": "CSAFPID-0030"
},
"product_reference": "CSAFPID-0025",
"relates_to_product_reference": "CSAFPID-0019"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK CODE-LOC all Firmware versions",
"product_id": "CSAFPID-0031"
},
"product_reference": "CSAFPID-0026",
"relates_to_product_reference": "CSAFPID-0020"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-3935",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "summary",
"text": "In CodeMeter Runtime versions up to 7.60b, there is a heap buffer overflow vulnerability which can potentially lead to a remote code execution. Currently, no PoC is known to us. To exploit the heap overflow, additional protection mechanisms need to be broken. Remote access is only possible if CodeMeter is configured as a server. If CodeMeter is not configured as a server, the adversary would need to log in to the machine where the CodeMeter Runtime is running or trick the user into sending a malicious request to CodeMeter. This might result in an escalation of privilege.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021"
]
},
"references": [
{
"category": "external",
"summary": "Wibu-Systems Advisory",
"url": "https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/AdvisoryWIBU-230704-01-v3.0.pdf"
}
],
"remediations": [
{
"category": "mitigation",
"details": "If possible, run CodeMeter as client only. Otherwise restrict access to server to required clients only by implementing an access list.\nGeneral security best practices can help to protect systems from local and network attacks.",
"product_ids": [
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021"
],
"url": "https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/AdvisoryWIBU-230704-01-v3.0.pdf"
},
{
"category": "vendor_fix",
"details": "Update to a codemeter runtime version \u003e=7.60c.\n",
"product_ids": [
"CSAFPID-0021"
],
"url": "https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/AdvisoryWIBU-230704-01-v3.0.pdf"
},
{
"category": "vendor_fix",
"details": "Update to a codemeter runtime version \u003e=7.60c.\n\n*\tLinux x86: \n\n * Stop running SICK AppEngine \n\n * Uninstall Codemeter: sudo dpkg -r CodeMeter\n\n * Download Codemeter \u003e= 7.60c \n\n * Install Codemeter: sudo dpkg -i ./codemeter_7.xx.xxxx.xxx_amd64.deb\n\n * Start SICK AppEngine \n\n*\tWindows: \n\n * Stop running SICK AppEngine \n\n * Uninstall Codemeter using Windows settings app \n\n * Download Codemeter \u003e= 7.60c \n\n * Install CodeMeterRuntime.exe \n\n * Enter URL in browser: http://localhost:22352/configuration/server_access.html\n\n * Configuration \u003e Server \u003e Server Access \n\n * Check Network Server enabled \n\n * Start SICK AppEngine",
"product_ids": [
"CSAFPID-0017"
],
"url": "https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/AdvisoryWIBU-230704-01-v3.0.pdf"
},
{
"category": "vendor_fix",
"details": "Update to a version \u003e= 2.4.1.",
"product_ids": [
"CSAFPID-0019",
"CSAFPID-0020"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.1,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"temporalScore": 9,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021"
]
}
],
"title": "Wibu-Systems CVE"
}
]
}
SCA-2023-0009
Vulnerability from csaf_sick
Published
2023-09-29 10:00
Modified
2023-09-29 10:00
Summary
Vulnerability in Wibu-Systems CodeMeter Runtime affects multiple SICK products
Notes
General Security Measures
As general security measures, SICK recommends to minimize network exposure of the devices, restrict network access and follow recommended security practices in order to run the devices in a protected IT environment.
Vulnerability Classification
SICK performs vulnerability classification by using the CVSS scoring system (*CVSS v3.1*). The environmental score is dependent on the customer’s environment and can affect the overall CVSS score. SICK recommends that customers individually evaluate the environmental score to achieve final scoring.
Wibu-Systems disclosed a security vulnerability in the CodeMeter Runtime. There is a heap buffer overflow vulnerability which can potentially lead to a remote code execution. Currently, no PoC is known to Wibu-Systems.
To exploit the heap overflow, additional protection mechanisms need to be broken. Remote access is only possible if CodeMeter is configured as a server.
If CodeMeter is not configured as a server, the adversary would need to log in to the machine where the CodeMeter Runtime is running or trick the user into sending a malicious request to CodeMeter.
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "As general security measures, SICK recommends to minimize network exposure of the devices, restrict network access and follow recommended security practices in order to run the devices in a protected IT environment.",
"title": "General Security Measures"
},
{
"category": "general",
"text": "SICK performs vulnerability classification by using the CVSS scoring system (*CVSS v3.1*). The environmental score is dependent on the customer\u2019s environment and can affect the overall CVSS score. SICK recommends that customers individually evaluate the environmental score to achieve final scoring.",
"title": "Vulnerability Classification"
},
{
"category": "summary",
"text": "Wibu-Systems disclosed a security vulnerability in the CodeMeter Runtime. There is a heap buffer overflow vulnerability which can potentially lead to a remote code execution. Currently, no PoC is known to Wibu-Systems.\nTo exploit the heap overflow, additional protection mechanisms need to be broken. Remote access is only possible if CodeMeter is configured as a server.\nIf CodeMeter is not configured as a server, the adversary would need to log in to the machine where the CodeMeter Runtime is running or trick the user into sending a malicious request to CodeMeter."
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@sick.de",
"issuing_authority": "SICK AG issues and issues in EHS products (when related to the Endress+Hauser SICK (EHS) joint venture).",
"name": "SICK PSIRT",
"namespace": "https://www.sick.com/psirt"
},
"references": [
{
"summary": "SICK PSIRT Security Advisories",
"url": "https://www.sick.com/psirt"
},
{
"summary": "SICK Operating Guidelines",
"url": "https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf"
},
{
"summary": "ICS-CERT recommended practices on Industrial Security",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"summary": "CVSS v3.1 Calculator",
"url": "https://www.first.org/cvss/calculator/3.1"
},
{
"category": "self",
"summary": "The canonical URL.",
"url": "https://www.sick.com/.well-known/csaf/white/2023/sca-2023-0009.json"
},
{
"category": "self",
"summary": "The canonical PDF URL.",
"url": "https://www.sick.com/.well-known/csaf/white/2023/sca-2023-0009.pdf"
}
],
"title": "Vulnerability in Wibu-Systems CodeMeter Runtime affects multiple SICK products",
"tracking": {
"current_release_date": "2023-09-29T10:00:00.000Z",
"generator": {
"date": "2023-12-04T10:36:43.371Z",
"engine": {
"name": "Secvisogram",
"version": "2.2.16"
}
},
"id": "SCA-2023-0009",
"initial_release_date": "2023-09-29T10:00:00.000Z",
"revision_history": [
{
"date": "2023-09-29T10:00:00.000Z",
"number": "1",
"summary": "Initial Release"
},
{
"date": "2023-10-06T10:00:00.000Z",
"number": "2",
"summary": "Updated fixed version of LiDAR-LOC."
},
{
"date": "2023-12-04T11:00:00.000Z",
"number": "3",
"summary": "Added self reference in CSAF"
},
{
"date": "2025-07-30T07:30:00.000Z",
"number": "4",
"summary": "Updated Advisory: URL for SICK Operating Guidelines has been updated"
}
],
"status": "final",
"version": "4"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=1.8.0",
"product": {
"name": "SICK SIM2000ST-E \u003e=1.8.0",
"product_id": "CSAFPID-0016",
"product_identification_helper": {
"skus": [
"1112345",
"1117588"
]
}
}
}
],
"category": "product_name",
"name": "SIM2000ST-E"
}
],
"category": "product_family",
"name": "SIM"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK AppEngine x86 all versions",
"product_id": "CSAFPID-0017",
"product_identification_helper": {
"skus": [
"1613796"
]
}
}
}
],
"category": "product_name",
"name": "AppEngine"
}
],
"category": "product_family",
"name": "AppEngine"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=FW L4M 2022.4",
"product": {
"name": "SICK TDC-E \u003e=FW L4M 2022.4",
"product_id": "CSAFPID-0018",
"product_identification_helper": {
"skus": [
"6070344",
"6079357"
]
}
}
}
],
"category": "product_name",
"name": "TDC-E"
}
],
"category": "product_family",
"name": "TDC-E"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c2.4.1",
"product": {
"name": "SICK LiDAR-LOC \u003c2.4.1",
"product_id": "CSAFPID-0019",
"product_identification_helper": {
"skus": [
"1122752",
"1122751"
]
}
}
}
],
"category": "product_name",
"name": "LiDAR-LOC"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c2.4.1",
"product": {
"name": "SICK CODE-LOC \u003c2.4.1",
"product_id": "CSAFPID-0020",
"product_identification_helper": {
"skus": [
"1132922"
]
}
}
}
],
"category": "product_name",
"name": "CODE-LOC"
}
],
"category": "product_family",
"name": "LiDAR-Lokalisierung"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK FlowGate all versions",
"product_id": "CSAFPID-0021"
}
}
],
"category": "product_name",
"name": "FlowGate"
}
],
"category": "product_family",
"name": "FlowGate"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=1.8.0",
"product": {
"name": "SICK SIM2000ST-E Firmware \u003e1.8.0",
"product_id": "CSAFPID-0022"
}
}
],
"category": "product_name",
"name": "SIM2000ST-E Firmware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK AppEngine Firmware all versions",
"product_id": "CSAFPID-0023"
}
}
],
"category": "product_name",
"name": "AppEngine Firmware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=FW L4M 2022.4",
"product": {
"name": "SICK TDC-E Firmware \u003e=FW L4M 2022.4",
"product_id": "CSAFPID-0024"
}
}
],
"category": "product_name",
"name": "TDC-E Firmware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK LiDAR-LOC Firmware all versions",
"product_id": "CSAFPID-0025"
}
}
],
"category": "product_name",
"name": "LiDAR-LOC Firmware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK CODE-LOC Firmware all versions",
"product_id": "CSAFPID-0026"
}
}
],
"category": "product_name",
"name": "CODE-LOC Firmware"
}
],
"category": "vendor",
"name": "SICK AG"
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "SICK SIM2000ST-E all Firmware versions",
"product_id": "CSAFPID-0027"
},
"product_reference": "CSAFPID-0022",
"relates_to_product_reference": "CSAFPID-0016"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK AppEngine all Firmware versions",
"product_id": "CSAFPID-0028"
},
"product_reference": "CSAFPID-0023",
"relates_to_product_reference": "CSAFPID-0017"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK TDC-E \u003c=FW L4M 2022.3 with Firmware \u003c=FW L4M 2022.3",
"product_id": "CSAFPID-0029"
},
"product_reference": "CSAFPID-0024",
"relates_to_product_reference": "CSAFPID-0018"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK LiDAR-LOC all Firmware versions",
"product_id": "CSAFPID-0030"
},
"product_reference": "CSAFPID-0025",
"relates_to_product_reference": "CSAFPID-0019"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK CODE-LOC all Firmware versions",
"product_id": "CSAFPID-0031"
},
"product_reference": "CSAFPID-0026",
"relates_to_product_reference": "CSAFPID-0020"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-3935",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "summary",
"text": "In CodeMeter Runtime versions up to 7.60b, there is a heap buffer overflow vulnerability which can potentially lead to a remote code execution. Currently, no PoC is known to us. To exploit the heap overflow, additional protection mechanisms need to be broken. Remote access is only possible if CodeMeter is configured as a server. If CodeMeter is not configured as a server, the adversary would need to log in to the machine where the CodeMeter Runtime is running or trick the user into sending a malicious request to CodeMeter. This might result in an escalation of privilege.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021"
]
},
"references": [
{
"category": "external",
"summary": "Wibu-Systems Advisory",
"url": "https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/AdvisoryWIBU-230704-01-v3.0.pdf"
}
],
"remediations": [
{
"category": "mitigation",
"details": "If possible, run CodeMeter as client only. Otherwise restrict access to server to required clients only by implementing an access list.\nGeneral security best practices can help to protect systems from local and network attacks.",
"product_ids": [
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021"
],
"url": "https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/AdvisoryWIBU-230704-01-v3.0.pdf"
},
{
"category": "vendor_fix",
"details": "Update to a codemeter runtime version \u003e=7.60c.\n",
"product_ids": [
"CSAFPID-0021"
],
"url": "https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/AdvisoryWIBU-230704-01-v3.0.pdf"
},
{
"category": "vendor_fix",
"details": "Update to a codemeter runtime version \u003e=7.60c.\n\n*\tLinux x86: \n\n * Stop running SICK AppEngine \n\n * Uninstall Codemeter: sudo dpkg -r CodeMeter\n\n * Download Codemeter \u003e= 7.60c \n\n * Install Codemeter: sudo dpkg -i ./codemeter_7.xx.xxxx.xxx_amd64.deb\n\n * Start SICK AppEngine \n\n*\tWindows: \n\n * Stop running SICK AppEngine \n\n * Uninstall Codemeter using Windows settings app \n\n * Download Codemeter \u003e= 7.60c \n\n * Install CodeMeterRuntime.exe \n\n * Enter URL in browser: http://localhost:22352/configuration/server_access.html\n\n * Configuration \u003e Server \u003e Server Access \n\n * Check Network Server enabled \n\n * Start SICK AppEngine",
"product_ids": [
"CSAFPID-0017"
],
"url": "https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/AdvisoryWIBU-230704-01-v3.0.pdf"
},
{
"category": "vendor_fix",
"details": "Update to a version \u003e= 2.4.1.",
"product_ids": [
"CSAFPID-0019",
"CSAFPID-0020"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.1,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"temporalScore": 9,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021"
]
}
],
"title": "Wibu-Systems CVE"
}
]
}
ICSA-23-320-03
Vulnerability from csaf_cisa
Published
2023-11-14 00:00
Modified
2024-08-13 00:00
Summary
Siemens Desigo CC product family
Notes
Summary
Versions V5.0 through V7 of the Desigo CC product family (Desigo CC, Desigo CC Compact, Desigo CC Connect, Cerberus DMS), as well as the Desigo CC-based SENTRON powermanager, are affected by multiple vulnerabilities in the underlying third-party component WIBU Systems CodeMeter Runtime.
Successful exploitation of these vulnerabilities could allow remote attackers to execute arbitrary code on the Desigo CC server, or create a denial of service condition.
While all Desigo CC version lines V5.0, V5.1 and V6 are affected by all listed vulnerabilities, V7 is only affected by CVE-2023-3935.
Siemens has released a patch to update the CodeMeter Runtime component and recommends to apply the patch on affected systems.
General Recommendations
As a general security measure Siemens strongly recommends to protect network access to affected products with appropriate mechanisms. It is advised to follow recommended security practices in order to run the devices in a protected IT environment.
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use
Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Advisory Conversion Disclaimer
This CISA CSAF advisory was converted from Siemens ProductCERT's CSAF advisory.
Critical infrastructure sectors
Multiple
Countries/areas deployed
Worldwide
Company headquarters location
Germany
Recommended Practices
CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.
Recommended Practices
Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.
Recommended Practices
Locate control system networks and remote devices behind firewalls and isolate them from business networks.
Recommended Practices
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.
Recommended Practices
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
{
"document": {
"acknowledgments": [
{
"organization": "Siemens ProductCERT",
"summary": "reporting these vulnerabilities to CISA."
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Versions V5.0 through V7 of the Desigo CC product family (Desigo CC, Desigo CC Compact, Desigo CC Connect, Cerberus DMS), as well as the Desigo CC-based SENTRON powermanager, are affected by multiple vulnerabilities in the underlying third-party component WIBU Systems CodeMeter Runtime.\nSuccessful exploitation of these vulnerabilities could allow remote attackers to execute arbitrary code on the Desigo CC server, or create a denial of service condition.\nWhile all Desigo CC version lines V5.0, V5.1 and V6 are affected by all listed vulnerabilities, V7 is only affected by CVE-2023-3935.\n\nSiemens has released a patch to update the CodeMeter Runtime component and recommends to apply the patch on affected systems.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure Siemens strongly recommends to protect network access to affected products with appropriate mechanisms. It is advised to follow recommended security practices in order to run the devices in a protected IT environment.",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "Siemens Security Advisories are subject to the terms and conditions contained in Siemens\u0027 underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens\u0027 Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.",
"title": "Terms of Use"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "other",
"text": "This CISA CSAF advisory was converted from Siemens ProductCERT\u0027s CSAF advisory.",
"title": "Advisory Conversion Disclaimer"
},
{
"category": "other",
"text": "Multiple",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Germany",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolate them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "other",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "SSA-625850: Multiple WIBU Systems CodeMeter Vulnerabilities Affecting the Desigo CC Product Family and SENTRON powermanager - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-625850.json"
},
{
"category": "self",
"summary": "SSA-625850: Multiple WIBU Systems CodeMeter Vulnerabilities Affecting the Desigo CC Product Family and SENTRON powermanager - HTML Version",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-625850.html"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-23-320-03 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2023/icsa-23-320-03.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-23-320-03 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-320-03"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "Siemens Desigo CC product family",
"tracking": {
"current_release_date": "2024-08-13T00:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-23-320-03",
"initial_release_date": "2023-11-14T00:00:00.000000Z",
"revision_history": [
{
"date": "2023-11-14T00:00:00.000000Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
},
{
"date": "2024-08-13T00:00:00.000000Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Added SENTRON powermanager"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Desigo CC family V5.0",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "Desigo CC family V5.0"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Desigo CC family V5.1",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "Desigo CC family V5.1"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Desigo CC family V6",
"product_id": "CSAFPID-0003"
}
}
],
"category": "product_name",
"name": "Desigo CC family V6"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Desigo CC family V7",
"product_id": "CSAFPID-0004"
}
}
],
"category": "product_name",
"name": "Desigo CC family V7"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=V4.0",
"product": {
"name": "SENTRON powermanager",
"product_id": "CSAFPID-0005"
}
}
],
"category": "product_name",
"name": "SENTRON powermanager"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-20093",
"cwe": {
"id": "CWE-126",
"name": "Buffer Over-read"
},
"notes": [
{
"category": "summary",
"text": "A buffer over-read vulnerability in the CodeMeter Runtime network server could cause the server to return packets containing data from the heap.\n\nAn unauthenticated remote attacker could exploit this issue to disclose heap memory contents or crash the CodeMeter Runtime Server (i.e., CodeMeter.exe).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0005"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Install the patch (available at \nhttps://support.industry.siemens.com/cs/ww/en/view/109825787/), which can be applied to all released versions",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0005"
]
}
],
"title": "CVE-2021-20093"
},
{
"cve": "CVE-2021-20094",
"cwe": {
"id": "CWE-126",
"name": "Buffer Over-read"
},
"notes": [
{
"category": "summary",
"text": "A buffer over-read vulnerability in the HTTP(S) service of the CodeMeter Runtime CmWAN server could cause the server to crash.\n\nAn unauthenticated remote attacker with access to the CmWAN port could exploit this issue to crash the CodeMeter Runtime Server (i.e., CodeMeter.exe).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0005"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Install the patch (available at \nhttps://support.industry.siemens.com/cs/ww/en/view/109825787/), which can be applied to all released versions",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0005"
]
}
],
"title": "CVE-2021-20094"
},
{
"cve": "CVE-2023-3935",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "summary",
"text": "In CodeMeter Runtime versions up to 7.60b, there is a heap buffer overflow vulnerability which can potentially lead to a remote code execution. Currently, no PoC is known to us. To\r\nexploit the heap overflow, additional protection mechanisms need to be broken. Remote access is only possible if CodeMeter is configured as a server. If CodeMeter is not configured as a server, the adversary would need to log in to the machine where the CodeMeter Runtime is running or trick the user into sending a malicious request to CodeMeter. This might result in an escalation of privilege. (WIBU-230704-01)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Install the patch (available at \nhttps://support.industry.siemens.com/cs/ww/en/view/109825787/), which can be applied to all released versions",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2023-3935"
}
]
}
icsa-24-004-01
Vulnerability from csaf_cisa
Published
2024-01-04 07:00
Modified
2024-01-04 07:00
Summary
Rockwell Automation FactoryTalk Activation
Notes
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Risk evaluation
Successful exploitation of these vulnerabilities could result in a buffer overflow and allow the attacker to gain full access to the system.
Critical infrastructure sectors
Critical Manufacturing
Countries/areas deployed
Worldwide
Company headquarters location
United States
Recommended Practices
CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:
Recommended Practices
Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the Internet.
Recommended Practices
Locate control system networks and remote devices behind firewalls and isolating them from business networks.
Recommended Practices
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.
Recommended Practices
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.
Recommended Practices
Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
Recommended Practices
No known public exploits that specifically target these vulnerabilities have been reported to CISA at this time.
{
"document": {
"acknowledgments": [
{
"names": [
"an anonymous researcher"
],
"summary": "reporting these vulnerabilities to CISA"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "summary",
"text": "Successful exploitation of these vulnerabilities could result in a buffer overflow and allow the attacker to gain full access to the system.",
"title": "Risk evaluation"
},
{
"category": "other",
"text": "Critical Manufacturing",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "United States",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the Internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolating them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "No known public exploits that specifically target these vulnerabilities have been reported to CISA at this time.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-24-004-01 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2024/icsa-24-004-01.json"
},
{
"category": "self",
"summary": "ICSA Advisory ICSA-24-004-01 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-004-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "Rockwell Automation FactoryTalk Activation",
"tracking": {
"current_release_date": "2024-01-04T07:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-24-004-01",
"initial_release_date": "2024-01-04T07:00:00.000000Z",
"revision_history": [
{
"date": "2024-01-04T07:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "Initial Publication"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV4.00_Utilizes_Wibu-Systems_CodeMeter_7.60c",
"product": {
"name": "Rockwell Automation Factory Talk Activation Manager: \u003cV4.00_Utilizes_Wibu-Systems_CodeMeter_7.60c",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "Factory Talk Activation Manager"
}
],
"category": "vendor",
"name": "Rockwell Automation"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-38545",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "Rockwell Automation FactoryTalk Activation Manager and Studio 5000 Logix Designer uses the affected Wibu-Systems\u0027 products which internally use a version of libcurl that is vulnerable to a buffer overflow attack if curl is configured to redirect traffic through a SOCKS5 proxy. A malicious proxy can exploit a bug in the implemented handshake to cause a buffer overflow. If no SOCKS5 proxy has been configured, there is no attack surface.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38545"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Users of the affected software are encouraged to apply the risk mitigations, if possible:",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Upgrade to FactoryTalk Activation Manager 5.01 which has been patched to mitigate these issues.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "For information on how to mitigate security risks on industrial automation control systems see our suggested security best practices.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight"
},
{
"category": "mitigation",
"details": "Rockwell Automation encourages users to implement their suggested security best practices to minimize risk of the vulnerability.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "For more information, please see the security advisory from Rockwell Automation",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.rockwellautomation.com/en-us/company/about-us/sustainability/trust-security/security-advisories.html?sort=pubAsc"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2023-3935",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "Rockwell Automation FactoryTalk Activation Manager and Studio 5000 Logix Designer uses the affected Wibu-Systems\u0027 products which contain a heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to Version 7.60b that allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system. ",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3935"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Users of the affected software are encouraged to apply the risk mitigations, if possible:",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Upgrade to FactoryTalk Activation Manager 5.01 which has been patched to mitigate these issues.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "For information on how to mitigate security risks on industrial automation control systems see our suggested security best practices.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight"
},
{
"category": "mitigation",
"details": "Rockwell Automation encourages users to implement their suggested security best practices to minimize risk of the vulnerability.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "For more information, please see the security advisory from Rockwell Automation",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.rockwellautomation.com/en-us/company/about-us/sustainability/trust-security/security-advisories.html?sort=pubAsc"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
}
]
}
icsa-23-257-06
Vulnerability from csaf_cisa
Published
2023-09-12 00:00
Modified
2024-05-14 00:00
Summary
Siemans WIBU Systems CodeMeter
Notes
Summary
WIBU Systems published information about a heap buffer overflow vulnerability and associated fix releases of CodeMeter Runtime, a product provided by WIBU Systems and used in several Siemens industrial products for license management.
The vulnerability is described in the section 'Vulnerability Classification' below and got assigned the CVE ID CVE-2023-3935.
Successful exploitation of this vulnerability could allow
- an unauthenticated remote attacker to execute code on vulnerable products, where CodeMeter Runtime (i.e., CodeMeter.exe) is configured as a server, or
- an authenticated local attacker to gain root/admin privileges on vulnerable products, where CodeMeter Runtime is configured as a client.
Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where fixes are not, or not yet available.
General Recommendations
As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download:
https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use
Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Advisory Conversion Disclaimer
This CISA CSAF advisory was converted from Siemens ProductCERT's CSAF advisory.
Critical infrastructure sectors
Multiple
Countries/areas deployed
Worldwide
Company headquarters location
Germany
Recommended Practices
CISA recommends users take defensive measures to minimize the exploitation risk of these vulnerabilities.
Recommended Practices
Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.
Recommended Practices
Locate control system networks and remote devices behind firewalls and isolate them from business networks.
Recommended Practices
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.
Recommended Practices
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
{
"document": {
"acknowledgments": [
{
"organization": "Siemens ProductCERT",
"summary": "reporting this vulnerability to CISA."
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "WIBU Systems published information about a heap buffer overflow vulnerability and associated fix releases of CodeMeter Runtime, a product provided by WIBU Systems and used in several Siemens industrial products for license management.\n\nThe vulnerability is described in the section \u0027Vulnerability Classification\u0027 below and got assigned the CVE ID CVE-2023-3935.\nSuccessful exploitation of this vulnerability could allow\n\n- an unauthenticated remote attacker to execute code on vulnerable products, where CodeMeter Runtime (i.e., CodeMeter.exe) is configured as a server, or\n- an authenticated local attacker to gain root/admin privileges on vulnerable products, where CodeMeter Runtime is configured as a client.\n\nSiemens has released new versions for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where fixes are not, or not yet available.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "Siemens Security Advisories are subject to the terms and conditions contained in Siemens\u0027 underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens\u0027 Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.",
"title": "Terms of Use"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "other",
"text": "This CISA CSAF advisory was converted from Siemens ProductCERT\u0027s CSAF advisory.",
"title": "Advisory Conversion Disclaimer"
},
{
"category": "other",
"text": "Multiple",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Germany",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the exploitation risk of these vulnerabilities.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolate them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "other",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "SSA-240541: WIBU Systems CodeMeter Heap Buffer Overflow Vulnerability in Industrial Products - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-240541.json"
},
{
"category": "self",
"summary": "SSA-240541: WIBU Systems CodeMeter Heap Buffer Overflow Vulnerability in Industrial Products - HTML Version",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-240541.html"
},
{
"category": "self",
"summary": "SSA-240541: WIBU Systems CodeMeter Heap Buffer Overflow Vulnerability in Industrial Products - PDF Version",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-240541.pdf"
},
{
"category": "self",
"summary": "SSA-240541: WIBU Systems CodeMeter Heap Buffer Overflow Vulnerability in Industrial Products - TXT Version",
"url": "https://cert-portal.siemens.com/productcert/txt/ssa-240541.txt"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-23-257-06 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2023/icsa-23-257-06.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-23-257-06 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-257-06"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "Siemans WIBU Systems CodeMeter",
"tracking": {
"current_release_date": "2024-05-14T00:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-23-257-06",
"initial_release_date": "2023-09-12T00:00:00.000000Z",
"revision_history": [
{
"date": "2023-09-12T00:00:00.000000Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
},
{
"date": "2023-10-10T00:00:00.000000Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Added fix for PSS(R)E V35, SIMATIC WinCC OA V3.17 and SIMATIC WinCC OA V3.18; no fix planned for SIMATIC PCS neo V4.0"
},
{
"date": "2023-12-12T00:00:00.000000Z",
"legacy_version": "1.2",
"number": "3",
"summary": "Added fix for SINEC INS"
},
{
"date": "2024-05-14T00:00:00.000000Z",
"legacy_version": "1.3",
"number": "4",
"summary": "Added fix for SIMIT Simulation Platform"
}
],
"status": "final",
"version": "4"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV14.2023-08-23",
"product": {
"name": "PSS(R)CAPE V14",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "PSS(R)CAPE V14"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV15.0.22",
"product": {
"name": "PSS(R)CAPE V15",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "PSS(R)CAPE V15"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV34.9.6",
"product": {
"name": "PSS(R)E V34",
"product_id": "CSAFPID-0003"
}
}
],
"category": "product_name",
"name": "PSS(R)E V34"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV35.6.1",
"product": {
"name": "PSS(R)E V35",
"product_id": "CSAFPID-0004"
}
}
],
"category": "product_name",
"name": "PSS(R)E V35"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "PSS(R)ODMS V13.0",
"product_id": "CSAFPID-0005"
}
}
],
"category": "product_name",
"name": "PSS(R)ODMS V13.0"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV13.1.12.1",
"product": {
"name": "PSS(R)ODMS V13.1",
"product_id": "CSAFPID-0006"
}
}
],
"category": "product_name",
"name": "PSS(R)ODMS V13.1"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIMATIC PCS neo V3",
"product_id": "CSAFPID-0007"
}
}
],
"category": "product_name",
"name": "SIMATIC PCS neo V3"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIMATIC PCS neo V4.0",
"product_id": "CSAFPID-0008"
}
}
],
"category": "product_name",
"name": "SIMATIC PCS neo V4.0"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV3.17_P030",
"product": {
"name": "SIMATIC WinCC OA V3.17",
"product_id": "CSAFPID-0009"
}
}
],
"category": "product_name",
"name": "SIMATIC WinCC OA V3.17"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV3.18_P021",
"product": {
"name": "SIMATIC WinCC OA V3.18",
"product_id": "CSAFPID-0010"
}
}
],
"category": "product_name",
"name": "SIMATIC WinCC OA V3.18"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV3.19_P006",
"product": {
"name": "SIMATIC WinCC OA V3.19",
"product_id": "CSAFPID-0011"
}
}
],
"category": "product_name",
"name": "SIMATIC WinCC OA V3.19"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=V10.0\u003cV11.2",
"product": {
"name": "SIMIT Simulation Platform",
"product_id": "CSAFPID-0012"
}
}
],
"category": "product_name",
"name": "SIMIT Simulation Platform"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV1.0_SP2_Update_2",
"product": {
"name": "SINEC INS",
"product_id": "CSAFPID-0013"
}
}
],
"category": "product_name",
"name": "SINEC INS"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SINEMA Remote Connect",
"product_id": "CSAFPID-0014"
}
}
],
"category": "product_name",
"name": "SINEMA Remote Connect"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-3935",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "summary",
"text": "In CodeMeter Runtime versions up to 7.60b, there is a heap buffer overflow vulnerability which can potentially lead to a remote code execution. Currently, no PoC is known to us. To\r\nexploit the heap overflow, additional protection mechanisms need to be broken. Remote access is only possible if CodeMeter is configured as a server. If CodeMeter is not configured as a server, the adversary would need to log in to the machine where the CodeMeter Runtime is running or trick the user into sending a malicious request to CodeMeter. This might result in an escalation of privilege. (WIBU-230704-01)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014"
]
},
"remediations": [
{
"category": "mitigation",
"details": "If CodeMeter Runtime is configured as server: Limit remote access to systems where the CodeMeter Runtime network server is running",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014"
]
},
{
"category": "mitigation",
"details": "For affected versions: Install WIBU Systems CodeMeter Runtime V7.60c or later version manually to fix the issue: Download the package from \nhttps://www.wibu.com/support/user/user-software.html and follow the installation instructions from WIBU Systems.",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "mitigation",
"details": "For affected versions: Install WIBU Systems CodeMeter Runtime V7.60c or later version manually to fix the issue: Download the package from \nhttps://www.wibu.com/support/user/user-software.html and follow the installation instructions from WIBU Systems.",
"product_ids": [
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0006"
]
},
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0014"
]
},
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 2 or later version",
"product_ids": [
"CSAFPID-0013"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109825710/"
},
{
"category": "vendor_fix",
"details": "Update to V11.2 or later version",
"product_ids": [
"CSAFPID-0012"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109954445/"
},
{
"category": "vendor_fix",
"details": "Update to V13.1.12.1 or later version",
"product_ids": [
"CSAFPID-0006"
]
},
{
"category": "vendor_fix",
"details": "Update to V15.0.22 or later version",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.17 P030 or later version",
"product_ids": [
"CSAFPID-0009"
],
"url": "https://www.winccoa.com/downloads/category/versions-patches.html"
},
{
"category": "vendor_fix",
"details": "Update to V3.18 P021 or later version",
"product_ids": [
"CSAFPID-0010"
],
"url": "https://www.winccoa.com/downloads/category/versions-patches.html"
},
{
"category": "vendor_fix",
"details": "Update to V3.19 P006 or later version",
"product_ids": [
"CSAFPID-0011"
],
"url": "https://www.winccoa.com/downloads/category/versions-patches.html"
},
{
"category": "vendor_fix",
"details": "Update to V34.9.6 or later version",
"product_ids": [
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "Update to V35.6.1 or later version",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "CAPE V14 installations installed from material dated 2023-08-23 or later are not affected, as they contain a fixed version of CodeMeter Runtime.\n\nFor installations of CAPE V14 using material earlier than 2023-08-23: Install WIBU Systems CodeMeter Runtime V7.60c or later version manually to fix the issue: Download the package from \nhttps://www.wibu.com/support/user/user-software.html and follow the installation instructions from WIBU Systems.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Install WIBU Systems CodeMeter Runtime V7.60c or later version manually to \ufb01x the issue: Download the package from \nhttps://www.wibu.com/support/user/user-software.html and follow the installation instructions from WIBU Systems.",
"product_ids": [
"CSAFPID-0005"
]
},
{
"category": "workaround",
"details": "If CodeMeter Runtime is configured as client only in the affected product: Ensure that only trusted persons have access to the system and avoid the configuration of additional local accounts",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014"
]
}
],
"title": "CVE-2023-3935"
}
]
}
ICSA-23-257-06
Vulnerability from csaf_cisa
Published
2023-09-12 00:00
Modified
2024-05-14 00:00
Summary
Siemans WIBU Systems CodeMeter
Notes
Summary
WIBU Systems published information about a heap buffer overflow vulnerability and associated fix releases of CodeMeter Runtime, a product provided by WIBU Systems and used in several Siemens industrial products for license management.
The vulnerability is described in the section 'Vulnerability Classification' below and got assigned the CVE ID CVE-2023-3935.
Successful exploitation of this vulnerability could allow
- an unauthenticated remote attacker to execute code on vulnerable products, where CodeMeter Runtime (i.e., CodeMeter.exe) is configured as a server, or
- an authenticated local attacker to gain root/admin privileges on vulnerable products, where CodeMeter Runtime is configured as a client.
Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where fixes are not, or not yet available.
General Recommendations
As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download:
https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use
Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Advisory Conversion Disclaimer
This CISA CSAF advisory was converted from Siemens ProductCERT's CSAF advisory.
Critical infrastructure sectors
Multiple
Countries/areas deployed
Worldwide
Company headquarters location
Germany
Recommended Practices
CISA recommends users take defensive measures to minimize the exploitation risk of these vulnerabilities.
Recommended Practices
Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.
Recommended Practices
Locate control system networks and remote devices behind firewalls and isolate them from business networks.
Recommended Practices
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.
Recommended Practices
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
{
"document": {
"acknowledgments": [
{
"organization": "Siemens ProductCERT",
"summary": "reporting this vulnerability to CISA."
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "WIBU Systems published information about a heap buffer overflow vulnerability and associated fix releases of CodeMeter Runtime, a product provided by WIBU Systems and used in several Siemens industrial products for license management.\n\nThe vulnerability is described in the section \u0027Vulnerability Classification\u0027 below and got assigned the CVE ID CVE-2023-3935.\nSuccessful exploitation of this vulnerability could allow\n\n- an unauthenticated remote attacker to execute code on vulnerable products, where CodeMeter Runtime (i.e., CodeMeter.exe) is configured as a server, or\n- an authenticated local attacker to gain root/admin privileges on vulnerable products, where CodeMeter Runtime is configured as a client.\n\nSiemens has released new versions for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where fixes are not, or not yet available.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "Siemens Security Advisories are subject to the terms and conditions contained in Siemens\u0027 underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens\u0027 Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.",
"title": "Terms of Use"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "other",
"text": "This CISA CSAF advisory was converted from Siemens ProductCERT\u0027s CSAF advisory.",
"title": "Advisory Conversion Disclaimer"
},
{
"category": "other",
"text": "Multiple",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Germany",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the exploitation risk of these vulnerabilities.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolate them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "other",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "SSA-240541: WIBU Systems CodeMeter Heap Buffer Overflow Vulnerability in Industrial Products - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-240541.json"
},
{
"category": "self",
"summary": "SSA-240541: WIBU Systems CodeMeter Heap Buffer Overflow Vulnerability in Industrial Products - HTML Version",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-240541.html"
},
{
"category": "self",
"summary": "SSA-240541: WIBU Systems CodeMeter Heap Buffer Overflow Vulnerability in Industrial Products - PDF Version",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-240541.pdf"
},
{
"category": "self",
"summary": "SSA-240541: WIBU Systems CodeMeter Heap Buffer Overflow Vulnerability in Industrial Products - TXT Version",
"url": "https://cert-portal.siemens.com/productcert/txt/ssa-240541.txt"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-23-257-06 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2023/icsa-23-257-06.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-23-257-06 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-257-06"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "Siemans WIBU Systems CodeMeter",
"tracking": {
"current_release_date": "2024-05-14T00:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-23-257-06",
"initial_release_date": "2023-09-12T00:00:00.000000Z",
"revision_history": [
{
"date": "2023-09-12T00:00:00.000000Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
},
{
"date": "2023-10-10T00:00:00.000000Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Added fix for PSS(R)E V35, SIMATIC WinCC OA V3.17 and SIMATIC WinCC OA V3.18; no fix planned for SIMATIC PCS neo V4.0"
},
{
"date": "2023-12-12T00:00:00.000000Z",
"legacy_version": "1.2",
"number": "3",
"summary": "Added fix for SINEC INS"
},
{
"date": "2024-05-14T00:00:00.000000Z",
"legacy_version": "1.3",
"number": "4",
"summary": "Added fix for SIMIT Simulation Platform"
}
],
"status": "final",
"version": "4"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV14.2023-08-23",
"product": {
"name": "PSS(R)CAPE V14",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "PSS(R)CAPE V14"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV15.0.22",
"product": {
"name": "PSS(R)CAPE V15",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "PSS(R)CAPE V15"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV34.9.6",
"product": {
"name": "PSS(R)E V34",
"product_id": "CSAFPID-0003"
}
}
],
"category": "product_name",
"name": "PSS(R)E V34"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV35.6.1",
"product": {
"name": "PSS(R)E V35",
"product_id": "CSAFPID-0004"
}
}
],
"category": "product_name",
"name": "PSS(R)E V35"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "PSS(R)ODMS V13.0",
"product_id": "CSAFPID-0005"
}
}
],
"category": "product_name",
"name": "PSS(R)ODMS V13.0"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV13.1.12.1",
"product": {
"name": "PSS(R)ODMS V13.1",
"product_id": "CSAFPID-0006"
}
}
],
"category": "product_name",
"name": "PSS(R)ODMS V13.1"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIMATIC PCS neo V3",
"product_id": "CSAFPID-0007"
}
}
],
"category": "product_name",
"name": "SIMATIC PCS neo V3"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIMATIC PCS neo V4.0",
"product_id": "CSAFPID-0008"
}
}
],
"category": "product_name",
"name": "SIMATIC PCS neo V4.0"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV3.17_P030",
"product": {
"name": "SIMATIC WinCC OA V3.17",
"product_id": "CSAFPID-0009"
}
}
],
"category": "product_name",
"name": "SIMATIC WinCC OA V3.17"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV3.18_P021",
"product": {
"name": "SIMATIC WinCC OA V3.18",
"product_id": "CSAFPID-0010"
}
}
],
"category": "product_name",
"name": "SIMATIC WinCC OA V3.18"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV3.19_P006",
"product": {
"name": "SIMATIC WinCC OA V3.19",
"product_id": "CSAFPID-0011"
}
}
],
"category": "product_name",
"name": "SIMATIC WinCC OA V3.19"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=V10.0\u003cV11.2",
"product": {
"name": "SIMIT Simulation Platform",
"product_id": "CSAFPID-0012"
}
}
],
"category": "product_name",
"name": "SIMIT Simulation Platform"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV1.0_SP2_Update_2",
"product": {
"name": "SINEC INS",
"product_id": "CSAFPID-0013"
}
}
],
"category": "product_name",
"name": "SINEC INS"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SINEMA Remote Connect",
"product_id": "CSAFPID-0014"
}
}
],
"category": "product_name",
"name": "SINEMA Remote Connect"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-3935",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "summary",
"text": "In CodeMeter Runtime versions up to 7.60b, there is a heap buffer overflow vulnerability which can potentially lead to a remote code execution. Currently, no PoC is known to us. To\r\nexploit the heap overflow, additional protection mechanisms need to be broken. Remote access is only possible if CodeMeter is configured as a server. If CodeMeter is not configured as a server, the adversary would need to log in to the machine where the CodeMeter Runtime is running or trick the user into sending a malicious request to CodeMeter. This might result in an escalation of privilege. (WIBU-230704-01)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014"
]
},
"remediations": [
{
"category": "mitigation",
"details": "If CodeMeter Runtime is configured as server: Limit remote access to systems where the CodeMeter Runtime network server is running",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014"
]
},
{
"category": "mitigation",
"details": "For affected versions: Install WIBU Systems CodeMeter Runtime V7.60c or later version manually to fix the issue: Download the package from \nhttps://www.wibu.com/support/user/user-software.html and follow the installation instructions from WIBU Systems.",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "mitigation",
"details": "For affected versions: Install WIBU Systems CodeMeter Runtime V7.60c or later version manually to fix the issue: Download the package from \nhttps://www.wibu.com/support/user/user-software.html and follow the installation instructions from WIBU Systems.",
"product_ids": [
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0006"
]
},
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0014"
]
},
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 2 or later version",
"product_ids": [
"CSAFPID-0013"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109825710/"
},
{
"category": "vendor_fix",
"details": "Update to V11.2 or later version",
"product_ids": [
"CSAFPID-0012"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109954445/"
},
{
"category": "vendor_fix",
"details": "Update to V13.1.12.1 or later version",
"product_ids": [
"CSAFPID-0006"
]
},
{
"category": "vendor_fix",
"details": "Update to V15.0.22 or later version",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.17 P030 or later version",
"product_ids": [
"CSAFPID-0009"
],
"url": "https://www.winccoa.com/downloads/category/versions-patches.html"
},
{
"category": "vendor_fix",
"details": "Update to V3.18 P021 or later version",
"product_ids": [
"CSAFPID-0010"
],
"url": "https://www.winccoa.com/downloads/category/versions-patches.html"
},
{
"category": "vendor_fix",
"details": "Update to V3.19 P006 or later version",
"product_ids": [
"CSAFPID-0011"
],
"url": "https://www.winccoa.com/downloads/category/versions-patches.html"
},
{
"category": "vendor_fix",
"details": "Update to V34.9.6 or later version",
"product_ids": [
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "Update to V35.6.1 or later version",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "CAPE V14 installations installed from material dated 2023-08-23 or later are not affected, as they contain a fixed version of CodeMeter Runtime.\n\nFor installations of CAPE V14 using material earlier than 2023-08-23: Install WIBU Systems CodeMeter Runtime V7.60c or later version manually to fix the issue: Download the package from \nhttps://www.wibu.com/support/user/user-software.html and follow the installation instructions from WIBU Systems.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Install WIBU Systems CodeMeter Runtime V7.60c or later version manually to \ufb01x the issue: Download the package from \nhttps://www.wibu.com/support/user/user-software.html and follow the installation instructions from WIBU Systems.",
"product_ids": [
"CSAFPID-0005"
]
},
{
"category": "workaround",
"details": "If CodeMeter Runtime is configured as client only in the affected product: Ensure that only trusted persons have access to the system and avoid the configuration of additional local accounts",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014"
]
}
],
"title": "CVE-2023-3935"
}
]
}
icsa-23-320-03
Vulnerability from csaf_cisa
Published
2023-11-14 00:00
Modified
2024-08-13 00:00
Summary
Siemens Desigo CC product family
Notes
Summary
Versions V5.0 through V7 of the Desigo CC product family (Desigo CC, Desigo CC Compact, Desigo CC Connect, Cerberus DMS), as well as the Desigo CC-based SENTRON powermanager, are affected by multiple vulnerabilities in the underlying third-party component WIBU Systems CodeMeter Runtime.
Successful exploitation of these vulnerabilities could allow remote attackers to execute arbitrary code on the Desigo CC server, or create a denial of service condition.
While all Desigo CC version lines V5.0, V5.1 and V6 are affected by all listed vulnerabilities, V7 is only affected by CVE-2023-3935.
Siemens has released a patch to update the CodeMeter Runtime component and recommends to apply the patch on affected systems.
General Recommendations
As a general security measure Siemens strongly recommends to protect network access to affected products with appropriate mechanisms. It is advised to follow recommended security practices in order to run the devices in a protected IT environment.
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use
Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Advisory Conversion Disclaimer
This CISA CSAF advisory was converted from Siemens ProductCERT's CSAF advisory.
Critical infrastructure sectors
Multiple
Countries/areas deployed
Worldwide
Company headquarters location
Germany
Recommended Practices
CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.
Recommended Practices
Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.
Recommended Practices
Locate control system networks and remote devices behind firewalls and isolate them from business networks.
Recommended Practices
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.
Recommended Practices
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
{
"document": {
"acknowledgments": [
{
"organization": "Siemens ProductCERT",
"summary": "reporting these vulnerabilities to CISA."
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Versions V5.0 through V7 of the Desigo CC product family (Desigo CC, Desigo CC Compact, Desigo CC Connect, Cerberus DMS), as well as the Desigo CC-based SENTRON powermanager, are affected by multiple vulnerabilities in the underlying third-party component WIBU Systems CodeMeter Runtime.\nSuccessful exploitation of these vulnerabilities could allow remote attackers to execute arbitrary code on the Desigo CC server, or create a denial of service condition.\nWhile all Desigo CC version lines V5.0, V5.1 and V6 are affected by all listed vulnerabilities, V7 is only affected by CVE-2023-3935.\n\nSiemens has released a patch to update the CodeMeter Runtime component and recommends to apply the patch on affected systems.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure Siemens strongly recommends to protect network access to affected products with appropriate mechanisms. It is advised to follow recommended security practices in order to run the devices in a protected IT environment.",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "Siemens Security Advisories are subject to the terms and conditions contained in Siemens\u0027 underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens\u0027 Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.",
"title": "Terms of Use"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "other",
"text": "This CISA CSAF advisory was converted from Siemens ProductCERT\u0027s CSAF advisory.",
"title": "Advisory Conversion Disclaimer"
},
{
"category": "other",
"text": "Multiple",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Germany",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolate them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "other",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "SSA-625850: Multiple WIBU Systems CodeMeter Vulnerabilities Affecting the Desigo CC Product Family and SENTRON powermanager - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-625850.json"
},
{
"category": "self",
"summary": "SSA-625850: Multiple WIBU Systems CodeMeter Vulnerabilities Affecting the Desigo CC Product Family and SENTRON powermanager - HTML Version",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-625850.html"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-23-320-03 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2023/icsa-23-320-03.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-23-320-03 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-320-03"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "Siemens Desigo CC product family",
"tracking": {
"current_release_date": "2024-08-13T00:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-23-320-03",
"initial_release_date": "2023-11-14T00:00:00.000000Z",
"revision_history": [
{
"date": "2023-11-14T00:00:00.000000Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
},
{
"date": "2024-08-13T00:00:00.000000Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Added SENTRON powermanager"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Desigo CC family V5.0",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "Desigo CC family V5.0"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Desigo CC family V5.1",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "Desigo CC family V5.1"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Desigo CC family V6",
"product_id": "CSAFPID-0003"
}
}
],
"category": "product_name",
"name": "Desigo CC family V6"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Desigo CC family V7",
"product_id": "CSAFPID-0004"
}
}
],
"category": "product_name",
"name": "Desigo CC family V7"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=V4.0",
"product": {
"name": "SENTRON powermanager",
"product_id": "CSAFPID-0005"
}
}
],
"category": "product_name",
"name": "SENTRON powermanager"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-20093",
"cwe": {
"id": "CWE-126",
"name": "Buffer Over-read"
},
"notes": [
{
"category": "summary",
"text": "A buffer over-read vulnerability in the CodeMeter Runtime network server could cause the server to return packets containing data from the heap.\n\nAn unauthenticated remote attacker could exploit this issue to disclose heap memory contents or crash the CodeMeter Runtime Server (i.e., CodeMeter.exe).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0005"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Install the patch (available at \nhttps://support.industry.siemens.com/cs/ww/en/view/109825787/), which can be applied to all released versions",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0005"
]
}
],
"title": "CVE-2021-20093"
},
{
"cve": "CVE-2021-20094",
"cwe": {
"id": "CWE-126",
"name": "Buffer Over-read"
},
"notes": [
{
"category": "summary",
"text": "A buffer over-read vulnerability in the HTTP(S) service of the CodeMeter Runtime CmWAN server could cause the server to crash.\n\nAn unauthenticated remote attacker with access to the CmWAN port could exploit this issue to crash the CodeMeter Runtime Server (i.e., CodeMeter.exe).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0005"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Install the patch (available at \nhttps://support.industry.siemens.com/cs/ww/en/view/109825787/), which can be applied to all released versions",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0005"
]
}
],
"title": "CVE-2021-20094"
},
{
"cve": "CVE-2023-3935",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "summary",
"text": "In CodeMeter Runtime versions up to 7.60b, there is a heap buffer overflow vulnerability which can potentially lead to a remote code execution. Currently, no PoC is known to us. To\r\nexploit the heap overflow, additional protection mechanisms need to be broken. Remote access is only possible if CodeMeter is configured as a server. If CodeMeter is not configured as a server, the adversary would need to log in to the machine where the CodeMeter Runtime is running or trick the user into sending a malicious request to CodeMeter. This might result in an escalation of privilege. (WIBU-230704-01)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Install the patch (available at \nhttps://support.industry.siemens.com/cs/ww/en/view/109825787/), which can be applied to all released versions",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2023-3935"
}
]
}
icsa-25-182-02
Vulnerability from csaf_cisa
Published
2023-11-28 07:00
Modified
2023-12-05 07:00
Summary
FESTO Automation Suite, FluidDraw, and Festo Didactic Products
Notes
General recomendation
Users running communication over an untrusted network who require full protection should switch to an alternative solution such as running the communication over a VPN.
Festo strongly recommends to minimize and protect network access to connected devices with state of the art techniques and processes.
As part of a security strategy, Festo recommends the following general defense measures to reduce the risk of exploits:
- Use devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside
- Use firewalls to protect and separate the control system network from other networks
- Use VPN (Virtual Private Networks) tunnels if remote access is required
- Activate and apply user management and password features
- Use encrypted communication links
- Limit the access to both development and control system by physical means, operating system features, etc.
- Protect both development and control system by using up to date virus detecting solutions
Summary
A vulnerability in the Wibu CodeMeter Runtime, which is part of the installation packages of several Festo products, was found. An attacker exploiting the vulnerability in WIBU CodeMeter Runtime in server mode could gain full access to the affected server via network access without any user interaction. This could lead to remote code execution and escalation of privileges giving full admin access on the host system for an already authenticated user (logged in locally to the PC).
Disclaimer
Festo assumes no liability whatsoever for indirect, collateral, accidental or consequential losses that occur by the distribution and/or use of this document or any losses in connection with the distribution and/or use of this document. All information published in this document is provided free of charge and on good faith by Festo. Insofar as permissible by law, however, none of this information shall establish any warranty, guarantee, commitment or liability on the part of Festo. Note: In no case does these information release the operator or responsible person from the obligation to check the effect on his system or installation before using the information and, in the event of negative consequences, not to use the information.
In addition, the actual general terms and conditions of Festo for delivery, payment and software use shall apply, available under http://www.festo.com.
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Advisory Conversion Disclaimer
This ICSA is a verbatim republication of Festo SE & Co. KG fsa-202305 from a direct conversion of their vendor's Common Security Advisory Framework (CSAF) advisory. This is republished to CISA's website as a means of increasing visibility and is provided "as-is" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Festo SE & Co. KG directly for any questions regarding this advisory.
Critical infrastructure sectors
Critical manufacturing
Countries/areas deployed
Worldwide
Company headquarters location
Germany
Recommended Practices
CISA recommends users take defensive measures to minimize the exploitation risk of these vulnerabilities.
Recommended Practices
Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.
Recommended Practices
Locate control system networks and remote devices behind firewalls and isolate them from business networks.
Recommended Practices
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.
Recommended Practices
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination and support with this publication",
"urls": [
"https://cert.vde.com/"
]
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "general",
"text": "Users running communication over an untrusted network who require full protection should switch to an alternative solution such as running the communication over a VPN.\n\nFesto strongly recommends to minimize and protect network access to connected devices with state of the art techniques and processes. \n\nAs part of a security strategy, Festo recommends the following general defense measures to reduce the risk of exploits: \n- Use devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside \n- Use firewalls to protect and separate the control system network from other networks \n- Use VPN (Virtual Private Networks) tunnels if remote access is required \n- Activate and apply user management and password features \n- Use encrypted communication links \n- Limit the access to both development and control system by physical means, operating system features, etc. \n- Protect both development and control system by using up to date virus detecting solutions",
"title": "General recomendation"
},
{
"category": "summary",
"text": "A vulnerability in the Wibu CodeMeter Runtime, which is part of the installation packages of several Festo products, was found. An attacker exploiting the vulnerability in WIBU CodeMeter Runtime in server mode could gain full access to the affected server via network access without any user interaction. This could lead to remote code execution and escalation of privileges giving full admin access on the host system for an already authenticated user (logged in locally to the PC).",
"title": "Summary"
},
{
"category": "legal_disclaimer",
"text": "Festo assumes no liability whatsoever for indirect, collateral, accidental or consequential losses that occur by the distribution and/or use of this document or any losses in connection with the distribution and/or use of this document. All information published in this document is provided free of charge and on good faith by Festo. Insofar as permissible by law, however, none of this information shall establish any warranty, guarantee, commitment or liability on the part of Festo. Note: In no case does these information release the operator or responsible person from the obligation to check the effect on his system or installation before using the information and, in the event of negative consequences, not to use the information.\n\nIn addition, the actual general terms and conditions of Festo for delivery, payment and software use shall apply, available under http://www.festo.com.",
"title": "Disclaimer"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "other",
"text": "This ICSA is a verbatim republication of Festo SE \u0026 Co. KG fsa-202305 from a direct conversion of their vendor\u0027s Common Security Advisory Framework (CSAF) advisory. This is republished to CISA\u0027s website as a means of increasing visibility and is provided \"as-is\" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Festo SE \u0026 Co. KG directly for any questions regarding this advisory.",
"title": "Advisory Conversion Disclaimer"
},
{
"category": "other",
"text": "Critical manufacturing",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Germany",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the exploitation risk of these vulnerabilities.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolate them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "other",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-25-182-02 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2025/icsa-25-182-02.json"
},
{
"category": "external",
"summary": "CERT@VDE Security Advisories",
"url": "https://cert.vde.com/en/advisories/vendor/festo/"
},
{
"category": "external",
"summary": "For further security-related issues in Festo products please contact the Festo Product Security Incident Response Team (PSIRT)",
"url": "https://festo.com/psirt"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-25-182-02 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-182-02"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "FESTO Automation Suite, FluidDraw, and Festo Didactic Products",
"tracking": {
"aliases": [
"VDE-2023-036"
],
"current_release_date": "2023-12-05T07:00:00.000000Z",
"generator": {
"date": "2025-07-01T15:37:43.746271Z",
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-25-182-02",
"initial_release_date": "2023-11-28T07:00:00.000000Z",
"revision_history": [
{
"date": "2023-11-28T07:00:00.000000Z",
"number": "1.0.0",
"summary": "Initial version"
},
{
"date": "2023-12-05T08:00:00.000000Z",
"number": "1.1.0",
"summary": "Removed \u0027MES4 (v3)\u0027, \u0027MES4 (\u003c=v2)\u0027 and \u0027Energy-PC\u0027 from affected products as they do not install WIBU CodeMeter Runtime."
}
],
"status": "final",
"version": "1.1.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=2.6.0.481",
"product": {
"name": "FESTO Festo Automation Suite \u003c= 2.6.0.481",
"product_id": "CSAFPID-0001",
"product_identification_helper": {
"x_generic_uris": [
{
"namespace": "Festo:Ordercode",
"uri": "Festo:Ordercode:FestoAutomationSuite"
},
{
"namespace": "Festo:Partnumber",
"uri": "Festo:Partnumber:8074657"
}
]
}
}
}
],
"category": "product_name",
"name": "Festo Automation Suite"
},
{
"branches": [
{
"category": "product_version_range",
"name": "P6_\u003c=6.2k",
"product": {
"name": "FESTO FluidDraw P6 \u003c= 6.2k",
"product_id": "CSAFPID-0002",
"product_identification_helper": {
"x_generic_uris": [
{
"namespace": "Festo:Ordercode",
"uri": "Festo:Ordercode:FluidDraw"
},
{
"namespace": "Festo:Partnumber",
"uri": "Festo:Partnumber:8085496"
}
]
}
}
},
{
"category": "product_version_range",
"name": "365_\u003c=7.0a",
"product": {
"name": "FESTO FluidDraw 365 \u003c= 7.0a",
"product_id": "CSAFPID-0003",
"product_identification_helper": {
"x_generic_uris": [
{
"namespace": "Festo:Ordercode",
"uri": "Festo:Ordercode:FluidDraw"
},
{
"namespace": "Festo:Partnumber",
"uri": "Festo:Partnumber:8085497"
}
]
}
}
}
],
"category": "product_name",
"name": "FluidDraw"
}
],
"category": "vendor",
"name": "FESTO"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=6.0.0|\u003c=6.4.6",
"product": {
"name": "FESTO Didactic CIROS Studio / Education 6.0.0 - 6.4.6",
"product_id": "CSAFPID-0004",
"product_identification_helper": {
"x_generic_uris": [
{
"namespace": "Festo:Partnumber",
"uri": "Festo:Partnumber:8038980"
}
]
}
}
},
{
"category": "product_version_range",
"name": "\u003e=7.0.0|\u003c=7.1.7",
"product": {
"name": "FESTO Didactic CIROS Studio / Education 7.0.0 - 7.1.7",
"product_id": "CSAFPID-0005",
"product_identification_helper": {
"x_generic_uris": [
{
"namespace": "Festo:Partnumber",
"uri": "Festo:Partnumber:8140772"
},
{
"namespace": "Festo:Partnumber",
"uri": "Festo:Partnumber:8140773"
}
]
}
}
}
],
"category": "product_name",
"name": "CIROS Studio / Education"
},
{
"branches": [
{
"category": "product_version_range",
"name": "5_all",
"product": {
"name": "FESTO Didactic FluidSIM 5 all versions",
"product_id": "CSAFPID-0006"
}
},
{
"category": "product_version_range",
"name": "6_\u003c=6.1c",
"product": {
"name": "FESTO Didactic FluidSIM 6 \u003c= 6.1c",
"product_id": "CSAFPID-0007",
"product_identification_helper": {
"x_generic_uris": [
{
"namespace": "Festo:Partnumber",
"uri": "Festo:Partnumber:8148657"
},
{
"namespace": "Festo:Partnumber",
"uri": "Festo:Partnumber:8148658"
},
{
"namespace": "Festo:Partnumber",
"uri": "Festo:Partnumber:8148659"
},
{
"namespace": "Festo:Partnumber",
"uri": "Festo:Partnumber:8148812"
},
{
"namespace": "Festo:Partnumber",
"uri": "Festo:Partnumber:8148813"
},
{
"namespace": "Festo:Partnumber",
"uri": "Festo:Partnumber:8148814"
}
]
}
}
}
],
"category": "product_name",
"name": "FluidSIM"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cshipped_December_2023",
"product": {
"name": "FESTO Didactic MES-PC shipped before December 2023",
"product_id": "CSAFPID-0008"
}
}
],
"category": "product_name",
"name": "MES-PC"
}
],
"category": "vendor",
"name": "FESTO Didactic"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-3935",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system."
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0006",
"CSAFPID-0008",
"CSAFPID-0005",
"CSAFPID-0007"
]
},
"remediations": [
{
"category": "vendor_fix",
"date": "2023-08-14T10:00:00.000000Z",
"details": "Update CodeMeter Runtime to version \u003e= 7.60c\nThe latest version of CodeMeter Runtime can be downloaded from WIBU System\u0027s web site.",
"product_ids": [
"CSAFPID-0004",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0005",
"CSAFPID-0008"
],
"url": "https://www.wibu.com/support/user/user-software.html"
},
{
"category": "vendor_fix",
"date": "2024-10-07T10:00:00.000000Z",
"details": "Planned Fix in Summer Release 2024",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest version.",
"product_ids": [
"CSAFPID-0002",
"CSAFPID-0003"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0001"
]
},
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"availabilityRequirement": "LOW",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "LOW",
"environmentalScore": 8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"integrityRequirement": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/CR:L/IR:L/AR:L",
"version": "3.1"
},
"products": [
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0008"
]
}
],
"title": "CVE-2023-3935"
}
]
}
ICSA-24-004-01
Vulnerability from csaf_cisa
Published
2024-01-04 07:00
Modified
2024-01-04 07:00
Summary
Rockwell Automation FactoryTalk Activation
Notes
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Risk evaluation
Successful exploitation of these vulnerabilities could result in a buffer overflow and allow the attacker to gain full access to the system.
Critical infrastructure sectors
Critical Manufacturing
Countries/areas deployed
Worldwide
Company headquarters location
United States
Recommended Practices
CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:
Recommended Practices
Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the Internet.
Recommended Practices
Locate control system networks and remote devices behind firewalls and isolating them from business networks.
Recommended Practices
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.
Recommended Practices
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.
Recommended Practices
Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
Recommended Practices
No known public exploits that specifically target these vulnerabilities have been reported to CISA at this time.
{
"document": {
"acknowledgments": [
{
"names": [
"an anonymous researcher"
],
"summary": "reporting these vulnerabilities to CISA"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "summary",
"text": "Successful exploitation of these vulnerabilities could result in a buffer overflow and allow the attacker to gain full access to the system.",
"title": "Risk evaluation"
},
{
"category": "other",
"text": "Critical Manufacturing",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "United States",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the Internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolating them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "No known public exploits that specifically target these vulnerabilities have been reported to CISA at this time.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-24-004-01 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2024/icsa-24-004-01.json"
},
{
"category": "self",
"summary": "ICSA Advisory ICSA-24-004-01 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-004-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "Rockwell Automation FactoryTalk Activation",
"tracking": {
"current_release_date": "2024-01-04T07:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-24-004-01",
"initial_release_date": "2024-01-04T07:00:00.000000Z",
"revision_history": [
{
"date": "2024-01-04T07:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "Initial Publication"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV4.00_Utilizes_Wibu-Systems_CodeMeter_7.60c",
"product": {
"name": "Rockwell Automation Factory Talk Activation Manager: \u003cV4.00_Utilizes_Wibu-Systems_CodeMeter_7.60c",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "Factory Talk Activation Manager"
}
],
"category": "vendor",
"name": "Rockwell Automation"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-38545",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "Rockwell Automation FactoryTalk Activation Manager and Studio 5000 Logix Designer uses the affected Wibu-Systems\u0027 products which internally use a version of libcurl that is vulnerable to a buffer overflow attack if curl is configured to redirect traffic through a SOCKS5 proxy. A malicious proxy can exploit a bug in the implemented handshake to cause a buffer overflow. If no SOCKS5 proxy has been configured, there is no attack surface.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38545"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Users of the affected software are encouraged to apply the risk mitigations, if possible:",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Upgrade to FactoryTalk Activation Manager 5.01 which has been patched to mitigate these issues.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "For information on how to mitigate security risks on industrial automation control systems see our suggested security best practices.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight"
},
{
"category": "mitigation",
"details": "Rockwell Automation encourages users to implement their suggested security best practices to minimize risk of the vulnerability.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "For more information, please see the security advisory from Rockwell Automation",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.rockwellautomation.com/en-us/company/about-us/sustainability/trust-security/security-advisories.html?sort=pubAsc"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2023-3935",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "Rockwell Automation FactoryTalk Activation Manager and Studio 5000 Logix Designer uses the affected Wibu-Systems\u0027 products which contain a heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to Version 7.60b that allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system. ",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3935"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Users of the affected software are encouraged to apply the risk mitigations, if possible:",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Upgrade to FactoryTalk Activation Manager 5.01 which has been patched to mitigate these issues.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "For information on how to mitigate security risks on industrial automation control systems see our suggested security best practices.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight"
},
{
"category": "mitigation",
"details": "Rockwell Automation encourages users to implement their suggested security best practices to minimize risk of the vulnerability.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "For more information, please see the security advisory from Rockwell Automation",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.rockwellautomation.com/en-us/company/about-us/sustainability/trust-security/security-advisories.html?sort=pubAsc"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
}
]
}
gsd-2023-3935
Vulnerability from gsd
Modified
2023-12-13 01:20
Details
A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2023-3935",
"id": "GSD-2023-3935"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2023-3935"
],
"details": "A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system.",
"id": "GSD-2023-3935",
"modified": "2023-12-13T01:20:54.754607Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"ID": "CVE-2023-3935",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CodeMeter Runtime",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "0.0",
"version_value": "7.60b"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected",
"versions": [
{
"status": "unaffected",
"version": "7.21g"
}
]
}
}
]
}
}
]
},
"vendor_name": "Wibu"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system."
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-787",
"lang": "eng",
"value": "CWE-787 Out-of-bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/AdvisoryWIBU-230704-01-v3.0.pdf",
"refsource": "MISC",
"url": "https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/AdvisoryWIBU-230704-01-v3.0.pdf"
},
{
"name": "https://cert.vde.com/en/advisories/VDE-2023-031/",
"refsource": "MISC",
"url": "https://cert.vde.com/en/advisories/VDE-2023-031/"
},
{
"name": "https://cert.vde.com/en/advisories/VDE-2023-030/",
"refsource": "MISC",
"url": "https://cert.vde.com/en/advisories/VDE-2023-030/"
}
]
},
"source": {
"defect": [
"CERT@VDE#64566"
],
"discovery": "UNKNOWN"
}
},
"nvd.nist.gov": {
"cve": {
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wibu:codemeter_runtime:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F783582-7E13-457E-96E9-8FD2D58580F5",
"versionEndExcluding": "7.60c",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trumpf:oseon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6BCF0613-5F59-4DAA-9DDB-A9322892353A",
"versionEndIncluding": "3.0.22",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trumpf:programmingtube:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9648C643-3213-4D0B-A3E0-6C4A092E8DAE",
"versionEndIncluding": "4.6.3",
"versionStartIncluding": "1.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trumpf:teczonebend:*:*:*:*:*:*:*:*",
"matchCriteriaId": "56F0DB5E-5F18-4DA4-9488-242351FE5994",
"versionEndIncluding": "23.06.01",
"versionStartIncluding": "18.02.r8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trumpf:tops_unfold:05.03.00.00:*:*:*:*:*:*:*",
"matchCriteriaId": "926A92BB-2001-4176-9F73-F7F40F4D58CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trumpf:topscalculation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "903A6767-5E6D-4E98-A756-A3FC99BAF13F",
"versionEndIncluding": "22.00.00",
"versionStartIncluding": "14.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trumpf:trumpflicenseexpert:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54F8DF4D-3C69-4117-88A4-9C0F6838C7DD",
"versionEndIncluding": "1.11.1",
"versionStartIncluding": "1.5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trumpf:trutops:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8360F8C5-1F88-420F-91B2-C75EC8A97A0C",
"versionEndIncluding": "12.01.00.00",
"versionStartIncluding": "08.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trumpf:trutops_cell_classic:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3240055F-E26E-4BE9-89A9-D50A6FA5E8F1",
"versionEndIncluding": "09.09.02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trumpf:trutops_cell_sw48:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7CD0343C-7A91-4CF7-B70B-CB2569FFE679",
"versionEndIncluding": "02.26.0",
"versionStartIncluding": "01.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trumpf:trutops_mark_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6D30E6-031C-4104-A573-2FD3773E1CDF",
"versionEndIncluding": "06.01",
"versionStartIncluding": "01.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trumpf:trutopsboost:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B55ED3C4-B111-4A8C-BB9F-A50FCCC38432",
"versionEndIncluding": "16.0.22",
"versionStartIncluding": "06.00.23.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trumpf:trutopsfab:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A4180D87-1915-4868-9328-D310282DD7C4",
"versionEndIncluding": "22.8.25",
"versionStartIncluding": "15.00.23.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trumpf:trutopsfab_storage_smallstore:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3C7823FE-A87C-494B-AB35-AB2830884282",
"versionEndIncluding": "20.04.20.00",
"versionStartIncluding": "14.06.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trumpf:trutopsprint:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A257AA96-76DA-47CC-A3BA-3CCFB719C62E",
"versionEndIncluding": "01.00",
"versionStartIncluding": "00.06.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trumpf:trutopsprintmultilaserassistant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "607CE0A6-C1CB-4B30-A7C7-FFEDF8DB0DA1",
"versionStartIncluding": "01.02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trumpf:trutopsweld:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1561DCB8-AEAF-45A8-9F6F-EEB6A49452C9",
"versionEndIncluding": "9.0.28148.1",
"versionStartIncluding": "7.0.198.241",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trumpf:tubedesign:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D88C313D-95E2-44EA-A895-F4CA659A5846",
"versionEndIncluding": "14.06.150",
"versionStartIncluding": "08.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phoenixcontact:activation_wizard:*:*:*:*:*:moryx:*:*",
"matchCriteriaId": "E8198A71-1EA7-4DAC-8D4F-EB646A0DC635",
"versionEndIncluding": "1.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phoenixcontact:e-mobility_charging_suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B2B109F-41E0-4CC9-9F9F-F1AD06E1EA77",
"versionEndIncluding": "1.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phoenixcontact:fl_network_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C8751F63-3D03-434A-BF4E-67320F6672FD",
"versionEndIncluding": "7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phoenixcontact:iol-conf:*:*:*:*:*:*:*:*",
"matchCriteriaId": "907E5EB3-8346-4371-9CFF-0F885CC0529E",
"versionEndIncluding": "1.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phoenixcontact:module_type_package_designer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C9659319-4AEC-4112-9EAC-7892C0A37AA8",
"versionEndExcluding": "1.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phoenixcontact:module_type_package_designer:1.2.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "BB44DD6D-7685-4346-91BC-30CB9531982A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phoenixcontact:plcnext_engineer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "170FABD2-23D5-4885-AA09-B4130F945564",
"versionEndIncluding": "2023.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Desbordamiento del B\u00fafer en el servicio de red Wibu CodeMeter Runtime hasta la versi\u00f3n 7.60b permite a un atacante remoto no autenticado lograr RCE y obtener acceso completo al sistema anfitri\u00f3n."
}
],
"id": "CVE-2023-3935",
"lastModified": "2024-01-25T20:24:58.783",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "info@cert.vde.com",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
},
"published": "2023-09-13T14:15:09.147",
"references": [
{
"source": "info@cert.vde.com",
"tags": [
"Vendor Advisory"
],
"url": "https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/AdvisoryWIBU-230704-01-v3.0.pdf"
},
{
"source": "info@cert.vde.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2023-030/"
},
{
"source": "info@cert.vde.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2023-031/"
}
],
"sourceIdentifier": "info@cert.vde.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "info@cert.vde.com",
"type": "Secondary"
}
]
}
}
}
}
fkie_cve-2023-3935
Vulnerability from fkie_nvd
Published
2023-09-13 14:15
Modified
2024-11-21 08:18
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system.
References
| URL | Tags | ||
|---|---|---|---|
| info@cert.vde.com | https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/AdvisoryWIBU-230704-01-v3.0.pdf | Vendor Advisory | |
| info@cert.vde.com | https://cert.vde.com/en/advisories/VDE-2023-030/ | Third Party Advisory | |
| info@cert.vde.com | https://cert.vde.com/en/advisories/VDE-2023-031/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/AdvisoryWIBU-230704-01-v3.0.pdf | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert.vde.com/en/advisories/VDE-2023-030/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert.vde.com/en/advisories/VDE-2023-031/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| wibu | codemeter_runtime | * | |
| trumpf | oseon | * | |
| trumpf | programmingtube | * | |
| trumpf | teczonebend | * | |
| trumpf | tops_unfold | 05.03.00.00 | |
| trumpf | topscalculation | * | |
| trumpf | trumpflicenseexpert | * | |
| trumpf | trutops | * | |
| trumpf | trutops_cell_classic | * | |
| trumpf | trutops_cell_sw48 | * | |
| trumpf | trutops_mark_3d | * | |
| trumpf | trutopsboost | * | |
| trumpf | trutopsfab | * | |
| trumpf | trutopsfab_storage_smallstore | * | |
| trumpf | trutopsprint | * | |
| trumpf | trutopsprintmultilaserassistant | * | |
| trumpf | trutopsweld | * | |
| trumpf | tubedesign | * | |
| phoenixcontact | activation_wizard | * | |
| phoenixcontact | e-mobility_charging_suite | * | |
| phoenixcontact | fl_network_manager | * | |
| phoenixcontact | iol-conf | * | |
| phoenixcontact | module_type_package_designer | * | |
| phoenixcontact | module_type_package_designer | 1.2.0 | |
| phoenixcontact | plcnext_engineer | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wibu:codemeter_runtime:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F783582-7E13-457E-96E9-8FD2D58580F5",
"versionEndExcluding": "7.60c",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trumpf:oseon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6BCF0613-5F59-4DAA-9DDB-A9322892353A",
"versionEndIncluding": "3.0.22",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trumpf:programmingtube:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9648C643-3213-4D0B-A3E0-6C4A092E8DAE",
"versionEndIncluding": "4.6.3",
"versionStartIncluding": "1.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trumpf:teczonebend:*:*:*:*:*:*:*:*",
"matchCriteriaId": "56F0DB5E-5F18-4DA4-9488-242351FE5994",
"versionEndIncluding": "23.06.01",
"versionStartIncluding": "18.02.r8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trumpf:tops_unfold:05.03.00.00:*:*:*:*:*:*:*",
"matchCriteriaId": "926A92BB-2001-4176-9F73-F7F40F4D58CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trumpf:topscalculation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "903A6767-5E6D-4E98-A756-A3FC99BAF13F",
"versionEndIncluding": "22.00.00",
"versionStartIncluding": "14.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trumpf:trumpflicenseexpert:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54F8DF4D-3C69-4117-88A4-9C0F6838C7DD",
"versionEndIncluding": "1.11.1",
"versionStartIncluding": "1.5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trumpf:trutops:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8360F8C5-1F88-420F-91B2-C75EC8A97A0C",
"versionEndIncluding": "12.01.00.00",
"versionStartIncluding": "08.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trumpf:trutops_cell_classic:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3240055F-E26E-4BE9-89A9-D50A6FA5E8F1",
"versionEndIncluding": "09.09.02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trumpf:trutops_cell_sw48:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7CD0343C-7A91-4CF7-B70B-CB2569FFE679",
"versionEndIncluding": "02.26.0",
"versionStartIncluding": "01.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trumpf:trutops_mark_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6D30E6-031C-4104-A573-2FD3773E1CDF",
"versionEndIncluding": "06.01",
"versionStartIncluding": "01.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trumpf:trutopsboost:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B55ED3C4-B111-4A8C-BB9F-A50FCCC38432",
"versionEndIncluding": "16.0.22",
"versionStartIncluding": "06.00.23.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trumpf:trutopsfab:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A4180D87-1915-4868-9328-D310282DD7C4",
"versionEndIncluding": "22.8.25",
"versionStartIncluding": "15.00.23.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trumpf:trutopsfab_storage_smallstore:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3C7823FE-A87C-494B-AB35-AB2830884282",
"versionEndIncluding": "20.04.20.00",
"versionStartIncluding": "14.06.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trumpf:trutopsprint:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A257AA96-76DA-47CC-A3BA-3CCFB719C62E",
"versionEndIncluding": "01.00",
"versionStartIncluding": "00.06.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trumpf:trutopsprintmultilaserassistant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "607CE0A6-C1CB-4B30-A7C7-FFEDF8DB0DA1",
"versionStartIncluding": "01.02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trumpf:trutopsweld:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1561DCB8-AEAF-45A8-9F6F-EEB6A49452C9",
"versionEndIncluding": "9.0.28148.1",
"versionStartIncluding": "7.0.198.241",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trumpf:tubedesign:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D88C313D-95E2-44EA-A895-F4CA659A5846",
"versionEndIncluding": "14.06.150",
"versionStartIncluding": "08.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phoenixcontact:activation_wizard:*:*:*:*:*:moryx:*:*",
"matchCriteriaId": "E8198A71-1EA7-4DAC-8D4F-EB646A0DC635",
"versionEndIncluding": "1.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phoenixcontact:e-mobility_charging_suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B2B109F-41E0-4CC9-9F9F-F1AD06E1EA77",
"versionEndIncluding": "1.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phoenixcontact:fl_network_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C8751F63-3D03-434A-BF4E-67320F6672FD",
"versionEndIncluding": "7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phoenixcontact:iol-conf:*:*:*:*:*:*:*:*",
"matchCriteriaId": "907E5EB3-8346-4371-9CFF-0F885CC0529E",
"versionEndIncluding": "1.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phoenixcontact:module_type_package_designer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C9659319-4AEC-4112-9EAC-7892C0A37AA8",
"versionEndExcluding": "1.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phoenixcontact:module_type_package_designer:1.2.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "BB44DD6D-7685-4346-91BC-30CB9531982A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phoenixcontact:plcnext_engineer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "170FABD2-23D5-4885-AA09-B4130F945564",
"versionEndIncluding": "2023.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Desbordamiento del B\u00fafer en el servicio de red Wibu CodeMeter Runtime hasta la versi\u00f3n 7.60b permite a un atacante remoto no autenticado lograr RCE y obtener acceso completo al sistema anfitri\u00f3n."
}
],
"id": "CVE-2023-3935",
"lastModified": "2024-11-21T08:18:21.260",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "info@cert.vde.com",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
},
"published": "2023-09-13T14:15:09.147",
"references": [
{
"source": "info@cert.vde.com",
"tags": [
"Vendor Advisory"
],
"url": "https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/AdvisoryWIBU-230704-01-v3.0.pdf"
},
{
"source": "info@cert.vde.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2023-030/"
},
{
"source": "info@cert.vde.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2023-031/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/AdvisoryWIBU-230704-01-v3.0.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2023-030/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2023-031/"
}
],
"sourceIdentifier": "info@cert.vde.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "info@cert.vde.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cnvd-2023-69811
Vulnerability from cnvd
Title
Siemens Industrial产品WIBU系统CodeMeter堆缓冲区溢出漏洞
Description
PSS(R)CAPE是一个输配电网保护仿真软件。PSS(R)E是一种用于输电运行和规划的电力系统仿真和分析工具。PSS(R)ODMS是一种基于CIM的网络模型管理工具,具有针对输电公用事业进行规划和运营规划的网络分析功能。SIMATIC PCS neo是一种分布式控制系统(DCS)。SIMATIC WinCC Open Architecture (OA) 是SIMATIC HMI系列的一部分。它被设计用于需要高度客户特定适应性的应用程序、大型或复杂的应用程序以及强加特定系统要求或功能的项目。SIMIT Simluation Platform允许模拟工厂设置,以便在早期规划阶段预测故障。SINEC INS (Infrastructure Network Services)是一个基于web的应用程序,它将各种网络服务组合在一个工具中。SINEMA Remote Connect是一个用于远程网络的管理平台,可以简单管理总部、服务技术人员和已安装机器或工厂之间的隧道连接(VPN)。
Siemens Industrial产品WIBU系统CodeMeter存在堆缓冲区溢出漏洞,该漏洞是由于未能正确的边界检查引起的。攻击者可利用该漏洞使缓冲区溢出并在系统上执行任意代码。
Severity
高
VLAI Severity ?
Patch Name
Siemens Industrial产品WIBU系统CodeMeter堆缓冲区溢出漏洞的补丁
Patch Description
PSS(R)CAPE是一个输配电网保护仿真软件。PSS(R)E是一种用于输电运行和规划的电力系统仿真和分析工具。PSS(R)ODMS是一种基于CIM的网络模型管理工具,具有针对输电公用事业进行规划和运营规划的网络分析功能。SIMATIC PCS neo是一种分布式控制系统(DCS)。SIMATIC WinCC Open Architecture (OA) 是SIMATIC HMI系列的一部分。它被设计用于需要高度客户特定适应性的应用程序、大型或复杂的应用程序以及强加特定系统要求或功能的项目。SIMIT Simluation Platform允许模拟工厂设置,以便在早期规划阶段预测故障。SINEC INS (Infrastructure Network Services)是一个基于web的应用程序,它将各种网络服务组合在一个工具中。SINEMA Remote Connect是一个用于远程网络的管理平台,可以简单管理总部、服务技术人员和已安装机器或工厂之间的隧道连接(VPN)。
Siemens Industrial产品WIBU系统CodeMeter存在堆缓冲区溢出漏洞,该漏洞是由于未能正确的边界检查引起的。攻击者可利用该漏洞使缓冲区溢出并在系统上执行任意代码。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
用户可参考如下供应商提供的安全公告获得补丁信息: https://cert-portal.siemens.com/productcert/html/ssa-240541.html
Reference
https://cert-portal.siemens.com/productcert/html/ssa-240541.html
Impacted products
| Name | ['Siemens SINEC INS', 'Siemens SIMIT Simulation Platform', 'SIEMENS SINEMA Remote Connect', 'Siemens SIMATIC WinCC OA V3.17', 'Siemens SIMATIC WinCC OA V3.18', 'Siemens PSS(R)CAPE V14 < V14.2023-08-23', 'Siemens PSS(R)CAPE V15 < V15.0.22', 'Siemens PSS(R)E V34 < V34.9.6', 'Siemens PSS(R)ODMS V13.0', 'Siemens PSS(R)ODMS V13.1 < V13.1.12.1', 'Siemens SIMATIC PCS neo V3', 'Siemens SIMATIC PCS neo V4', 'Siemens SIMATIC WinCC OA V3.19 < V3.19 P006', 'Siemens PSS(R)E V35'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2023-3935"
}
},
"description": "PSS(R)CAPE\u662f\u4e00\u4e2a\u8f93\u914d\u7535\u7f51\u4fdd\u62a4\u4eff\u771f\u8f6f\u4ef6\u3002PSS(R)E\u662f\u4e00\u79cd\u7528\u4e8e\u8f93\u7535\u8fd0\u884c\u548c\u89c4\u5212\u7684\u7535\u529b\u7cfb\u7edf\u4eff\u771f\u548c\u5206\u6790\u5de5\u5177\u3002PSS(R)ODMS\u662f\u4e00\u79cd\u57fa\u4e8eCIM\u7684\u7f51\u7edc\u6a21\u578b\u7ba1\u7406\u5de5\u5177\uff0c\u5177\u6709\u9488\u5bf9\u8f93\u7535\u516c\u7528\u4e8b\u4e1a\u8fdb\u884c\u89c4\u5212\u548c\u8fd0\u8425\u89c4\u5212\u7684\u7f51\u7edc\u5206\u6790\u529f\u80fd\u3002SIMATIC PCS neo\u662f\u4e00\u79cd\u5206\u5e03\u5f0f\u63a7\u5236\u7cfb\u7edf\uff08DCS\uff09\u3002SIMATIC WinCC Open Architecture (OA) \u662fSIMATIC HMI\u7cfb\u5217\u7684\u4e00\u90e8\u5206\u3002\u5b83\u88ab\u8bbe\u8ba1\u7528\u4e8e\u9700\u8981\u9ad8\u5ea6\u5ba2\u6237\u7279\u5b9a\u9002\u5e94\u6027\u7684\u5e94\u7528\u7a0b\u5e8f\u3001\u5927\u578b\u6216\u590d\u6742\u7684\u5e94\u7528\u7a0b\u5e8f\u4ee5\u53ca\u5f3a\u52a0\u7279\u5b9a\u7cfb\u7edf\u8981\u6c42\u6216\u529f\u80fd\u7684\u9879\u76ee\u3002SIMIT Simluation Platform\u5141\u8bb8\u6a21\u62df\u5de5\u5382\u8bbe\u7f6e\uff0c\u4ee5\u4fbf\u5728\u65e9\u671f\u89c4\u5212\u9636\u6bb5\u9884\u6d4b\u6545\u969c\u3002SINEC INS (Infrastructure Network Services)\u662f\u4e00\u4e2a\u57fa\u4e8eweb\u7684\u5e94\u7528\u7a0b\u5e8f\uff0c\u5b83\u5c06\u5404\u79cd\u7f51\u7edc\u670d\u52a1\u7ec4\u5408\u5728\u4e00\u4e2a\u5de5\u5177\u4e2d\u3002SINEMA Remote Connect\u662f\u4e00\u4e2a\u7528\u4e8e\u8fdc\u7a0b\u7f51\u7edc\u7684\u7ba1\u7406\u5e73\u53f0\uff0c\u53ef\u4ee5\u7b80\u5355\u7ba1\u7406\u603b\u90e8\u3001\u670d\u52a1\u6280\u672f\u4eba\u5458\u548c\u5df2\u5b89\u88c5\u673a\u5668\u6216\u5de5\u5382\u4e4b\u95f4\u7684\u96a7\u9053\u8fde\u63a5\uff08VPN\uff09\u3002\n\nSiemens Industrial\u4ea7\u54c1WIBU\u7cfb\u7edfCodeMeter\u5b58\u5728\u5806\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u662f\u7531\u4e8e\u672a\u80fd\u6b63\u786e\u7684\u8fb9\u754c\u68c0\u67e5\u5f15\u8d77\u7684\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4f7f\u7f13\u51b2\u533a\u6ea2\u51fa\u5e76\u5728\u7cfb\u7edf\u4e0a\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
"formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://cert-portal.siemens.com/productcert/html/ssa-240541.html",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2023-69811",
"openTime": "2023-09-14",
"patchDescription": "PSS(R)CAPE\u662f\u4e00\u4e2a\u8f93\u914d\u7535\u7f51\u4fdd\u62a4\u4eff\u771f\u8f6f\u4ef6\u3002PSS(R)E\u662f\u4e00\u79cd\u7528\u4e8e\u8f93\u7535\u8fd0\u884c\u548c\u89c4\u5212\u7684\u7535\u529b\u7cfb\u7edf\u4eff\u771f\u548c\u5206\u6790\u5de5\u5177\u3002PSS(R)ODMS\u662f\u4e00\u79cd\u57fa\u4e8eCIM\u7684\u7f51\u7edc\u6a21\u578b\u7ba1\u7406\u5de5\u5177\uff0c\u5177\u6709\u9488\u5bf9\u8f93\u7535\u516c\u7528\u4e8b\u4e1a\u8fdb\u884c\u89c4\u5212\u548c\u8fd0\u8425\u89c4\u5212\u7684\u7f51\u7edc\u5206\u6790\u529f\u80fd\u3002SIMATIC PCS neo\u662f\u4e00\u79cd\u5206\u5e03\u5f0f\u63a7\u5236\u7cfb\u7edf\uff08DCS\uff09\u3002SIMATIC WinCC Open Architecture (OA) \u662fSIMATIC HMI\u7cfb\u5217\u7684\u4e00\u90e8\u5206\u3002\u5b83\u88ab\u8bbe\u8ba1\u7528\u4e8e\u9700\u8981\u9ad8\u5ea6\u5ba2\u6237\u7279\u5b9a\u9002\u5e94\u6027\u7684\u5e94\u7528\u7a0b\u5e8f\u3001\u5927\u578b\u6216\u590d\u6742\u7684\u5e94\u7528\u7a0b\u5e8f\u4ee5\u53ca\u5f3a\u52a0\u7279\u5b9a\u7cfb\u7edf\u8981\u6c42\u6216\u529f\u80fd\u7684\u9879\u76ee\u3002SIMIT Simluation Platform\u5141\u8bb8\u6a21\u62df\u5de5\u5382\u8bbe\u7f6e\uff0c\u4ee5\u4fbf\u5728\u65e9\u671f\u89c4\u5212\u9636\u6bb5\u9884\u6d4b\u6545\u969c\u3002SINEC INS (Infrastructure Network Services)\u662f\u4e00\u4e2a\u57fa\u4e8eweb\u7684\u5e94\u7528\u7a0b\u5e8f\uff0c\u5b83\u5c06\u5404\u79cd\u7f51\u7edc\u670d\u52a1\u7ec4\u5408\u5728\u4e00\u4e2a\u5de5\u5177\u4e2d\u3002SINEMA Remote Connect\u662f\u4e00\u4e2a\u7528\u4e8e\u8fdc\u7a0b\u7f51\u7edc\u7684\u7ba1\u7406\u5e73\u53f0\uff0c\u53ef\u4ee5\u7b80\u5355\u7ba1\u7406\u603b\u90e8\u3001\u670d\u52a1\u6280\u672f\u4eba\u5458\u548c\u5df2\u5b89\u88c5\u673a\u5668\u6216\u5de5\u5382\u4e4b\u95f4\u7684\u96a7\u9053\u8fde\u63a5\uff08VPN\uff09\u3002\r\n\r\nSiemens Industrial\u4ea7\u54c1WIBU\u7cfb\u7edfCodeMeter\u5b58\u5728\u5806\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u662f\u7531\u4e8e\u672a\u80fd\u6b63\u786e\u7684\u8fb9\u754c\u68c0\u67e5\u5f15\u8d77\u7684\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4f7f\u7f13\u51b2\u533a\u6ea2\u51fa\u5e76\u5728\u7cfb\u7edf\u4e0a\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Siemens Industrial\u4ea7\u54c1WIBU\u7cfb\u7edfCodeMeter\u5806\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"Siemens SINEC INS",
"Siemens SIMIT Simulation Platform",
"SIEMENS SINEMA Remote Connect",
"Siemens SIMATIC WinCC OA V3.17",
"Siemens SIMATIC WinCC OA V3.18",
"Siemens PSS(R)CAPE V14 \u003c V14.2023-08-23",
"Siemens PSS(R)CAPE V15 \u003c V15.0.22",
"Siemens PSS(R)E V34 \u003c V34.9.6",
"Siemens PSS(R)ODMS V13.0",
"Siemens PSS(R)ODMS V13.1 \u003c V13.1.12.1",
"Siemens SIMATIC PCS neo V3",
"Siemens SIMATIC PCS neo V4",
"Siemens SIMATIC WinCC OA V3.19 \u003c V3.19 P006",
"Siemens PSS(R)E V35"
]
},
"referenceLink": "https://cert-portal.siemens.com/productcert/html/ssa-240541.html",
"serverity": "\u9ad8",
"submitTime": "2023-09-14",
"title": "Siemens Industrial\u4ea7\u54c1WIBU\u7cfb\u7edfCodeMeter\u5806\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e"
}
ssa-625850
Vulnerability from csaf_siemens
Published
2023-11-14 00:00
Modified
2024-08-13 00:00
Summary
SSA-625850: Multiple WIBU Systems CodeMeter Vulnerabilities Affecting the Desigo CC Product Family and SENTRON powermanager
Notes
Summary
Versions V5.0 through V7 of the Desigo CC product family (Desigo CC, Desigo CC Compact, Desigo CC Connect, Cerberus DMS), as well as the Desigo CC-based SENTRON powermanager, are affected by multiple vulnerabilities in the underlying third-party component WIBU Systems CodeMeter Runtime.
Successful exploitation of these vulnerabilities could allow remote attackers to execute arbitrary code on the Desigo CC server, or create a denial of service condition.
While all Desigo CC version lines V5.0, V5.1 and V6 are affected by all listed vulnerabilities, V7 is only affected by CVE-2023-3935.
Siemens has released a patch to update the CodeMeter Runtime component and recommends to apply the patch on affected systems.
General Recommendations
As a general security measure Siemens strongly recommends to protect network access to affected products with appropriate mechanisms. It is advised to follow recommended security practices in order to run the devices in a protected IT environment.
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use
Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited. (TLPv2: TLP:CLEAR)",
"tlp": {
"label": "WHITE"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Versions V5.0 through V7 of the Desigo CC product family (Desigo CC, Desigo CC Compact, Desigo CC Connect, Cerberus DMS), as well as the Desigo CC-based SENTRON powermanager, are affected by multiple vulnerabilities in the underlying third-party component WIBU Systems CodeMeter Runtime.\nSuccessful exploitation of these vulnerabilities could allow remote attackers to execute arbitrary code on the Desigo CC server, or create a denial of service condition.\nWhile all Desigo CC version lines V5.0, V5.1 and V6 are affected by all listed vulnerabilities, V7 is only affected by CVE-2023-3935.\n\nSiemens has released a patch to update the CodeMeter Runtime component and recommends to apply the patch on affected systems.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure Siemens strongly recommends to protect network access to affected products with appropriate mechanisms. It is advised to follow recommended security practices in order to run the devices in a protected IT environment.",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "Siemens Security Advisories are subject to the terms and conditions contained in Siemens\u0027 underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens\u0027 Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "productcert@siemens.com",
"name": "Siemens ProductCERT",
"namespace": "https://www.siemens.com"
},
"references": [
{
"category": "self",
"summary": "SSA-625850: Multiple WIBU Systems CodeMeter Vulnerabilities Affecting the Desigo CC Product Family and SENTRON powermanager - HTML Version",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-625850.html"
},
{
"category": "self",
"summary": "SSA-625850: Multiple WIBU Systems CodeMeter Vulnerabilities Affecting the Desigo CC Product Family and SENTRON powermanager - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-625850.json"
}
],
"title": "SSA-625850: Multiple WIBU Systems CodeMeter Vulnerabilities Affecting the Desigo CC Product Family and SENTRON powermanager",
"tracking": {
"current_release_date": "2024-08-13T00:00:00Z",
"generator": {
"engine": {
"name": "Siemens ProductCERT CSAF Generator",
"version": "1"
}
},
"id": "SSA-625850",
"initial_release_date": "2023-11-14T00:00:00Z",
"revision_history": [
{
"date": "2023-11-14T00:00:00Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
},
{
"date": "2024-08-13T00:00:00Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Added SENTRON powermanager"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Desigo CC family V5.0",
"product_id": "1"
}
}
],
"category": "product_name",
"name": "Desigo CC family V5.0"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Desigo CC family V5.1",
"product_id": "2"
}
}
],
"category": "product_name",
"name": "Desigo CC family V5.1"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Desigo CC family V6",
"product_id": "3"
}
}
],
"category": "product_name",
"name": "Desigo CC family V6"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Desigo CC family V7",
"product_id": "4"
}
}
],
"category": "product_name",
"name": "Desigo CC family V7"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=V4.0",
"product": {
"name": "SENTRON powermanager",
"product_id": "5"
}
}
],
"category": "product_name",
"name": "SENTRON powermanager"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-20093",
"cwe": {
"id": "CWE-126",
"name": "Buffer Over-read"
},
"notes": [
{
"category": "summary",
"text": "A buffer over-read vulnerability in the CodeMeter Runtime network server could cause the server to return packets containing data from the heap.\n\nAn unauthenticated remote attacker could exploit this issue to disclose heap memory contents or crash the CodeMeter Runtime Server (i.e., CodeMeter.exe).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"5"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Install the patch (available at \nhttps://support.industry.siemens.com/cs/ww/en/view/109825787/), which can be applied to all released versions",
"product_ids": [
"1",
"2",
"3",
"5"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"5"
]
}
],
"title": "CVE-2021-20093"
},
{
"cve": "CVE-2021-20094",
"cwe": {
"id": "CWE-126",
"name": "Buffer Over-read"
},
"notes": [
{
"category": "summary",
"text": "A buffer over-read vulnerability in the HTTP(S) service of the CodeMeter Runtime CmWAN server could cause the server to crash.\n\nAn unauthenticated remote attacker with access to the CmWAN port could exploit this issue to crash the CodeMeter Runtime Server (i.e., CodeMeter.exe).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"5"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Install the patch (available at \nhttps://support.industry.siemens.com/cs/ww/en/view/109825787/), which can be applied to all released versions",
"product_ids": [
"1",
"2",
"3",
"5"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"5"
]
}
],
"title": "CVE-2021-20094"
},
{
"cve": "CVE-2023-3935",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "summary",
"text": "In CodeMeter Runtime versions up to 7.60b, there is a heap buffer overflow vulnerability which can potentially lead to a remote code execution. Currently, no PoC is known to us. To\r\nexploit the heap overflow, additional protection mechanisms need to be broken. Remote access is only possible if CodeMeter is configured as a server. If CodeMeter is not configured as a server, the adversary would need to log in to the machine where the CodeMeter Runtime is running or trick the user into sending a malicious request to CodeMeter. This might result in an escalation of privilege. (WIBU-230704-01)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Install the patch (available at \nhttps://support.industry.siemens.com/cs/ww/en/view/109825787/), which can be applied to all released versions",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-3935"
}
]
}
SSA-625850
Vulnerability from csaf_siemens
Published
2023-11-14 00:00
Modified
2024-08-13 00:00
Summary
SSA-625850: Multiple WIBU Systems CodeMeter Vulnerabilities Affecting the Desigo CC Product Family and SENTRON powermanager
Notes
Summary
Versions V5.0 through V7 of the Desigo CC product family (Desigo CC, Desigo CC Compact, Desigo CC Connect, Cerberus DMS), as well as the Desigo CC-based SENTRON powermanager, are affected by multiple vulnerabilities in the underlying third-party component WIBU Systems CodeMeter Runtime.
Successful exploitation of these vulnerabilities could allow remote attackers to execute arbitrary code on the Desigo CC server, or create a denial of service condition.
While all Desigo CC version lines V5.0, V5.1 and V6 are affected by all listed vulnerabilities, V7 is only affected by CVE-2023-3935.
Siemens has released a patch to update the CodeMeter Runtime component and recommends to apply the patch on affected systems.
General Recommendations
As a general security measure Siemens strongly recommends to protect network access to affected products with appropriate mechanisms. It is advised to follow recommended security practices in order to run the devices in a protected IT environment.
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use
Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited. (TLPv2: TLP:CLEAR)",
"tlp": {
"label": "WHITE"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Versions V5.0 through V7 of the Desigo CC product family (Desigo CC, Desigo CC Compact, Desigo CC Connect, Cerberus DMS), as well as the Desigo CC-based SENTRON powermanager, are affected by multiple vulnerabilities in the underlying third-party component WIBU Systems CodeMeter Runtime.\nSuccessful exploitation of these vulnerabilities could allow remote attackers to execute arbitrary code on the Desigo CC server, or create a denial of service condition.\nWhile all Desigo CC version lines V5.0, V5.1 and V6 are affected by all listed vulnerabilities, V7 is only affected by CVE-2023-3935.\n\nSiemens has released a patch to update the CodeMeter Runtime component and recommends to apply the patch on affected systems.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure Siemens strongly recommends to protect network access to affected products with appropriate mechanisms. It is advised to follow recommended security practices in order to run the devices in a protected IT environment.",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "Siemens Security Advisories are subject to the terms and conditions contained in Siemens\u0027 underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens\u0027 Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "productcert@siemens.com",
"name": "Siemens ProductCERT",
"namespace": "https://www.siemens.com"
},
"references": [
{
"category": "self",
"summary": "SSA-625850: Multiple WIBU Systems CodeMeter Vulnerabilities Affecting the Desigo CC Product Family and SENTRON powermanager - HTML Version",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-625850.html"
},
{
"category": "self",
"summary": "SSA-625850: Multiple WIBU Systems CodeMeter Vulnerabilities Affecting the Desigo CC Product Family and SENTRON powermanager - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-625850.json"
}
],
"title": "SSA-625850: Multiple WIBU Systems CodeMeter Vulnerabilities Affecting the Desigo CC Product Family and SENTRON powermanager",
"tracking": {
"current_release_date": "2024-08-13T00:00:00Z",
"generator": {
"engine": {
"name": "Siemens ProductCERT CSAF Generator",
"version": "1"
}
},
"id": "SSA-625850",
"initial_release_date": "2023-11-14T00:00:00Z",
"revision_history": [
{
"date": "2023-11-14T00:00:00Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
},
{
"date": "2024-08-13T00:00:00Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Added SENTRON powermanager"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Desigo CC family V5.0",
"product_id": "1"
}
}
],
"category": "product_name",
"name": "Desigo CC family V5.0"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Desigo CC family V5.1",
"product_id": "2"
}
}
],
"category": "product_name",
"name": "Desigo CC family V5.1"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Desigo CC family V6",
"product_id": "3"
}
}
],
"category": "product_name",
"name": "Desigo CC family V6"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Desigo CC family V7",
"product_id": "4"
}
}
],
"category": "product_name",
"name": "Desigo CC family V7"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=V4.0",
"product": {
"name": "SENTRON powermanager",
"product_id": "5"
}
}
],
"category": "product_name",
"name": "SENTRON powermanager"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-20093",
"cwe": {
"id": "CWE-126",
"name": "Buffer Over-read"
},
"notes": [
{
"category": "summary",
"text": "A buffer over-read vulnerability in the CodeMeter Runtime network server could cause the server to return packets containing data from the heap.\n\nAn unauthenticated remote attacker could exploit this issue to disclose heap memory contents or crash the CodeMeter Runtime Server (i.e., CodeMeter.exe).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"5"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Install the patch (available at \nhttps://support.industry.siemens.com/cs/ww/en/view/109825787/), which can be applied to all released versions",
"product_ids": [
"1",
"2",
"3",
"5"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"5"
]
}
],
"title": "CVE-2021-20093"
},
{
"cve": "CVE-2021-20094",
"cwe": {
"id": "CWE-126",
"name": "Buffer Over-read"
},
"notes": [
{
"category": "summary",
"text": "A buffer over-read vulnerability in the HTTP(S) service of the CodeMeter Runtime CmWAN server could cause the server to crash.\n\nAn unauthenticated remote attacker with access to the CmWAN port could exploit this issue to crash the CodeMeter Runtime Server (i.e., CodeMeter.exe).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"5"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Install the patch (available at \nhttps://support.industry.siemens.com/cs/ww/en/view/109825787/), which can be applied to all released versions",
"product_ids": [
"1",
"2",
"3",
"5"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"5"
]
}
],
"title": "CVE-2021-20094"
},
{
"cve": "CVE-2023-3935",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "summary",
"text": "In CodeMeter Runtime versions up to 7.60b, there is a heap buffer overflow vulnerability which can potentially lead to a remote code execution. Currently, no PoC is known to us. To\r\nexploit the heap overflow, additional protection mechanisms need to be broken. Remote access is only possible if CodeMeter is configured as a server. If CodeMeter is not configured as a server, the adversary would need to log in to the machine where the CodeMeter Runtime is running or trick the user into sending a malicious request to CodeMeter. This might result in an escalation of privilege. (WIBU-230704-01)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Install the patch (available at \nhttps://support.industry.siemens.com/cs/ww/en/view/109825787/), which can be applied to all released versions",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-3935"
}
]
}
ssa-240541
Vulnerability from csaf_siemens
Published
2023-09-12 00:00
Modified
2024-05-14 00:00
Summary
SSA-240541: WIBU Systems CodeMeter Heap Buffer Overflow Vulnerability in Industrial Products
Notes
Summary
WIBU Systems published information about a heap buffer overflow vulnerability and associated fix releases of CodeMeter Runtime, a product provided by WIBU Systems and used in several Siemens industrial products for license management.
The vulnerability is described in the section 'Vulnerability Classification' below and got assigned the CVE ID CVE-2023-3935.
Successful exploitation of this vulnerability could allow
- an unauthenticated remote attacker to execute code on vulnerable products, where CodeMeter Runtime (i.e., CodeMeter.exe) is configured as a server, or
- an authenticated local attacker to gain root/admin privileges on vulnerable products, where CodeMeter Runtime is configured as a client.
Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where fixes are not, or not yet available.
General Recommendations
As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download:
https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use
Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited. (TLPv2: TLP:CLEAR)",
"tlp": {
"label": "WHITE"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "WIBU Systems published information about a heap buffer overflow vulnerability and associated fix releases of CodeMeter Runtime, a product provided by WIBU Systems and used in several Siemens industrial products for license management.\n\nThe vulnerability is described in the section \u0027Vulnerability Classification\u0027 below and got assigned the CVE ID CVE-2023-3935.\nSuccessful exploitation of this vulnerability could allow\n\n- an unauthenticated remote attacker to execute code on vulnerable products, where CodeMeter Runtime (i.e., CodeMeter.exe) is configured as a server, or\n- an authenticated local attacker to gain root/admin privileges on vulnerable products, where CodeMeter Runtime is configured as a client.\n\nSiemens has released new versions for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where fixes are not, or not yet available.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "Siemens Security Advisories are subject to the terms and conditions contained in Siemens\u0027 underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens\u0027 Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "productcert@siemens.com",
"name": "Siemens ProductCERT",
"namespace": "https://www.siemens.com"
},
"references": [
{
"category": "self",
"summary": "SSA-240541: WIBU Systems CodeMeter Heap Buffer Overflow Vulnerability in Industrial Products - HTML Version",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-240541.html"
},
{
"category": "self",
"summary": "SSA-240541: WIBU Systems CodeMeter Heap Buffer Overflow Vulnerability in Industrial Products - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-240541.json"
},
{
"category": "self",
"summary": "SSA-240541: WIBU Systems CodeMeter Heap Buffer Overflow Vulnerability in Industrial Products - PDF Version",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-240541.pdf"
},
{
"category": "self",
"summary": "SSA-240541: WIBU Systems CodeMeter Heap Buffer Overflow Vulnerability in Industrial Products - TXT Version",
"url": "https://cert-portal.siemens.com/productcert/txt/ssa-240541.txt"
}
],
"title": "SSA-240541: WIBU Systems CodeMeter Heap Buffer Overflow Vulnerability in Industrial Products",
"tracking": {
"current_release_date": "2024-05-14T00:00:00Z",
"generator": {
"engine": {
"name": "Siemens ProductCERT CSAF Generator",
"version": "1"
}
},
"id": "SSA-240541",
"initial_release_date": "2023-09-12T00:00:00Z",
"revision_history": [
{
"date": "2023-09-12T00:00:00Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
},
{
"date": "2023-10-10T00:00:00Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Added fix for PSS(R)E V35, SIMATIC WinCC OA V3.17 and SIMATIC WinCC OA V3.18; no fix planned for SIMATIC PCS neo V4.0"
},
{
"date": "2023-12-12T00:00:00Z",
"legacy_version": "1.2",
"number": "3",
"summary": "Added fix for SINEC INS"
},
{
"date": "2024-05-14T00:00:00Z",
"legacy_version": "1.3",
"number": "4",
"summary": "Added fix for SIMIT Simulation Platform"
}
],
"status": "interim",
"version": "4"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "All versions \u003c V14.2023-08-23",
"product": {
"name": "PSS(R)CAPE V14",
"product_id": "1"
}
}
],
"category": "product_name",
"name": "PSS(R)CAPE V14"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV15.0.22",
"product": {
"name": "PSS(R)CAPE V15",
"product_id": "2"
}
}
],
"category": "product_name",
"name": "PSS(R)CAPE V15"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV34.9.6",
"product": {
"name": "PSS(R)E V34",
"product_id": "3"
}
}
],
"category": "product_name",
"name": "PSS(R)E V34"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV35.6.1",
"product": {
"name": "PSS(R)E V35",
"product_id": "4"
}
}
],
"category": "product_name",
"name": "PSS(R)E V35"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "PSS(R)ODMS V13.0",
"product_id": "5"
}
}
],
"category": "product_name",
"name": "PSS(R)ODMS V13.0"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV13.1.12.1",
"product": {
"name": "PSS(R)ODMS V13.1",
"product_id": "6"
}
}
],
"category": "product_name",
"name": "PSS(R)ODMS V13.1"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIMATIC PCS neo V3",
"product_id": "7"
}
}
],
"category": "product_name",
"name": "SIMATIC PCS neo V3"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIMATIC PCS neo V4.0",
"product_id": "8"
}
}
],
"category": "product_name",
"name": "SIMATIC PCS neo V4.0"
},
{
"branches": [
{
"category": "product_version_range",
"name": "All versions \u003c V3.17 P030",
"product": {
"name": "SIMATIC WinCC OA V3.17",
"product_id": "9"
}
}
],
"category": "product_name",
"name": "SIMATIC WinCC OA V3.17"
},
{
"branches": [
{
"category": "product_version_range",
"name": "All versions \u003c V3.18 P021",
"product": {
"name": "SIMATIC WinCC OA V3.18",
"product_id": "10"
}
}
],
"category": "product_name",
"name": "SIMATIC WinCC OA V3.18"
},
{
"branches": [
{
"category": "product_version_range",
"name": "All versions \u003c V3.19 P006",
"product": {
"name": "SIMATIC WinCC OA V3.19",
"product_id": "11"
}
}
],
"category": "product_name",
"name": "SIMATIC WinCC OA V3.19"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=V10.0\u003cV11.2",
"product": {
"name": "SIMIT Simulation Platform",
"product_id": "12"
}
}
],
"category": "product_name",
"name": "SIMIT Simulation Platform"
},
{
"branches": [
{
"category": "product_version_range",
"name": "All versions \u003c V1.0 SP2 Update 2",
"product": {
"name": "SINEC INS",
"product_id": "13"
}
}
],
"category": "product_name",
"name": "SINEC INS"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SINEMA Remote Connect",
"product_id": "14"
}
}
],
"category": "product_name",
"name": "SINEMA Remote Connect"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-3935",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "summary",
"text": "In CodeMeter Runtime versions up to 7.60b, there is a heap buffer overflow vulnerability which can potentially lead to a remote code execution. Currently, no PoC is known to us. To\r\nexploit the heap overflow, additional protection mechanisms need to be broken. Remote access is only possible if CodeMeter is configured as a server. If CodeMeter is not configured as a server, the adversary would need to log in to the machine where the CodeMeter Runtime is running or trick the user into sending a malicious request to CodeMeter. This might result in an escalation of privilege. (WIBU-230704-01)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14"
]
},
"remediations": [
{
"category": "mitigation",
"details": "If CodeMeter Runtime is configured as server: Limit remote access to systems where the CodeMeter Runtime network server is running",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14"
]
},
{
"category": "mitigation",
"details": "For affected versions: Install WIBU Systems CodeMeter Runtime V7.60c or later version manually to fix the issue: Download the package from \nhttps://www.wibu.com/support/user/user-software.html and follow the installation instructions from WIBU Systems.",
"product_ids": [
"4"
]
},
{
"category": "mitigation",
"details": "For affected versions: Install WIBU Systems CodeMeter Runtime V7.60c or later version manually to fix the issue: Download the package from \nhttps://www.wibu.com/support/user/user-software.html and follow the installation instructions from WIBU Systems.",
"product_ids": [
"2",
"3",
"6"
]
},
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"7",
"8",
"14"
]
},
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 2 or later version",
"product_ids": [
"13"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109825710/"
},
{
"category": "vendor_fix",
"details": "Update to V11.2 or later version",
"product_ids": [
"12"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109954445/"
},
{
"category": "vendor_fix",
"details": "Update to V13.1.12.1 or later version",
"product_ids": [
"6"
]
},
{
"category": "vendor_fix",
"details": "Update to V15.0.22 or later version",
"product_ids": [
"2"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.17 P030 or later version",
"product_ids": [
"9"
],
"url": "https://www.winccoa.com/downloads/category/versions-patches.html"
},
{
"category": "vendor_fix",
"details": "Update to V3.18 P021 or later version",
"product_ids": [
"10"
],
"url": "https://www.winccoa.com/downloads/category/versions-patches.html"
},
{
"category": "vendor_fix",
"details": "Update to V3.19 P006 or later version",
"product_ids": [
"11"
],
"url": "https://www.winccoa.com/downloads/category/versions-patches.html"
},
{
"category": "vendor_fix",
"details": "Update to V34.9.6 or later version",
"product_ids": [
"3"
]
},
{
"category": "vendor_fix",
"details": "Update to V35.6.1 or later version",
"product_ids": [
"4"
]
},
{
"category": "vendor_fix",
"details": "CAPE V14 installations installed from material dated 2023-08-23 or later are not affected, as they contain a fixed version of CodeMeter Runtime.\n\nFor installations of CAPE V14 using material earlier than 2023-08-23: Install WIBU Systems CodeMeter Runtime V7.60c or later version manually to fix the issue: Download the package from \nhttps://www.wibu.com/support/user/user-software.html and follow the installation instructions from WIBU Systems.",
"product_ids": [
"1"
]
},
{
"category": "vendor_fix",
"details": "Install WIBU Systems CodeMeter Runtime V7.60c or later version manually to \ufb01x the issue: Download the package from \nhttps://www.wibu.com/support/user/user-software.html and follow the installation instructions from WIBU Systems.",
"product_ids": [
"5"
]
},
{
"category": "workaround",
"details": "If CodeMeter Runtime is configured as client only in the affected product: Ensure that only trusted persons have access to the system and avoid the configuration of additional local accounts",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14"
]
}
],
"title": "CVE-2023-3935"
}
]
}
SSA-240541
Vulnerability from csaf_siemens
Published
2023-09-12 00:00
Modified
2024-05-14 00:00
Summary
SSA-240541: WIBU Systems CodeMeter Heap Buffer Overflow Vulnerability in Industrial Products
Notes
Summary
WIBU Systems published information about a heap buffer overflow vulnerability and associated fix releases of CodeMeter Runtime, a product provided by WIBU Systems and used in several Siemens industrial products for license management.
The vulnerability is described in the section 'Vulnerability Classification' below and got assigned the CVE ID CVE-2023-3935.
Successful exploitation of this vulnerability could allow
- an unauthenticated remote attacker to execute code on vulnerable products, where CodeMeter Runtime (i.e., CodeMeter.exe) is configured as a server, or
- an authenticated local attacker to gain root/admin privileges on vulnerable products, where CodeMeter Runtime is configured as a client.
Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where fixes are not, or not yet available.
General Recommendations
As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download:
https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use
Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited. (TLPv2: TLP:CLEAR)",
"tlp": {
"label": "WHITE"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "WIBU Systems published information about a heap buffer overflow vulnerability and associated fix releases of CodeMeter Runtime, a product provided by WIBU Systems and used in several Siemens industrial products for license management.\n\nThe vulnerability is described in the section \u0027Vulnerability Classification\u0027 below and got assigned the CVE ID CVE-2023-3935.\nSuccessful exploitation of this vulnerability could allow\n\n- an unauthenticated remote attacker to execute code on vulnerable products, where CodeMeter Runtime (i.e., CodeMeter.exe) is configured as a server, or\n- an authenticated local attacker to gain root/admin privileges on vulnerable products, where CodeMeter Runtime is configured as a client.\n\nSiemens has released new versions for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where fixes are not, or not yet available.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "Siemens Security Advisories are subject to the terms and conditions contained in Siemens\u0027 underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens\u0027 Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "productcert@siemens.com",
"name": "Siemens ProductCERT",
"namespace": "https://www.siemens.com"
},
"references": [
{
"category": "self",
"summary": "SSA-240541: WIBU Systems CodeMeter Heap Buffer Overflow Vulnerability in Industrial Products - HTML Version",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-240541.html"
},
{
"category": "self",
"summary": "SSA-240541: WIBU Systems CodeMeter Heap Buffer Overflow Vulnerability in Industrial Products - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-240541.json"
},
{
"category": "self",
"summary": "SSA-240541: WIBU Systems CodeMeter Heap Buffer Overflow Vulnerability in Industrial Products - PDF Version",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-240541.pdf"
},
{
"category": "self",
"summary": "SSA-240541: WIBU Systems CodeMeter Heap Buffer Overflow Vulnerability in Industrial Products - TXT Version",
"url": "https://cert-portal.siemens.com/productcert/txt/ssa-240541.txt"
}
],
"title": "SSA-240541: WIBU Systems CodeMeter Heap Buffer Overflow Vulnerability in Industrial Products",
"tracking": {
"current_release_date": "2024-05-14T00:00:00Z",
"generator": {
"engine": {
"name": "Siemens ProductCERT CSAF Generator",
"version": "1"
}
},
"id": "SSA-240541",
"initial_release_date": "2023-09-12T00:00:00Z",
"revision_history": [
{
"date": "2023-09-12T00:00:00Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
},
{
"date": "2023-10-10T00:00:00Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Added fix for PSS(R)E V35, SIMATIC WinCC OA V3.17 and SIMATIC WinCC OA V3.18; no fix planned for SIMATIC PCS neo V4.0"
},
{
"date": "2023-12-12T00:00:00Z",
"legacy_version": "1.2",
"number": "3",
"summary": "Added fix for SINEC INS"
},
{
"date": "2024-05-14T00:00:00Z",
"legacy_version": "1.3",
"number": "4",
"summary": "Added fix for SIMIT Simulation Platform"
}
],
"status": "interim",
"version": "4"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "All versions \u003c V14.2023-08-23",
"product": {
"name": "PSS(R)CAPE V14",
"product_id": "1"
}
}
],
"category": "product_name",
"name": "PSS(R)CAPE V14"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV15.0.22",
"product": {
"name": "PSS(R)CAPE V15",
"product_id": "2"
}
}
],
"category": "product_name",
"name": "PSS(R)CAPE V15"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV34.9.6",
"product": {
"name": "PSS(R)E V34",
"product_id": "3"
}
}
],
"category": "product_name",
"name": "PSS(R)E V34"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV35.6.1",
"product": {
"name": "PSS(R)E V35",
"product_id": "4"
}
}
],
"category": "product_name",
"name": "PSS(R)E V35"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "PSS(R)ODMS V13.0",
"product_id": "5"
}
}
],
"category": "product_name",
"name": "PSS(R)ODMS V13.0"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV13.1.12.1",
"product": {
"name": "PSS(R)ODMS V13.1",
"product_id": "6"
}
}
],
"category": "product_name",
"name": "PSS(R)ODMS V13.1"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIMATIC PCS neo V3",
"product_id": "7"
}
}
],
"category": "product_name",
"name": "SIMATIC PCS neo V3"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIMATIC PCS neo V4.0",
"product_id": "8"
}
}
],
"category": "product_name",
"name": "SIMATIC PCS neo V4.0"
},
{
"branches": [
{
"category": "product_version_range",
"name": "All versions \u003c V3.17 P030",
"product": {
"name": "SIMATIC WinCC OA V3.17",
"product_id": "9"
}
}
],
"category": "product_name",
"name": "SIMATIC WinCC OA V3.17"
},
{
"branches": [
{
"category": "product_version_range",
"name": "All versions \u003c V3.18 P021",
"product": {
"name": "SIMATIC WinCC OA V3.18",
"product_id": "10"
}
}
],
"category": "product_name",
"name": "SIMATIC WinCC OA V3.18"
},
{
"branches": [
{
"category": "product_version_range",
"name": "All versions \u003c V3.19 P006",
"product": {
"name": "SIMATIC WinCC OA V3.19",
"product_id": "11"
}
}
],
"category": "product_name",
"name": "SIMATIC WinCC OA V3.19"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=V10.0\u003cV11.2",
"product": {
"name": "SIMIT Simulation Platform",
"product_id": "12"
}
}
],
"category": "product_name",
"name": "SIMIT Simulation Platform"
},
{
"branches": [
{
"category": "product_version_range",
"name": "All versions \u003c V1.0 SP2 Update 2",
"product": {
"name": "SINEC INS",
"product_id": "13"
}
}
],
"category": "product_name",
"name": "SINEC INS"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SINEMA Remote Connect",
"product_id": "14"
}
}
],
"category": "product_name",
"name": "SINEMA Remote Connect"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-3935",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "summary",
"text": "In CodeMeter Runtime versions up to 7.60b, there is a heap buffer overflow vulnerability which can potentially lead to a remote code execution. Currently, no PoC is known to us. To\r\nexploit the heap overflow, additional protection mechanisms need to be broken. Remote access is only possible if CodeMeter is configured as a server. If CodeMeter is not configured as a server, the adversary would need to log in to the machine where the CodeMeter Runtime is running or trick the user into sending a malicious request to CodeMeter. This might result in an escalation of privilege. (WIBU-230704-01)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14"
]
},
"remediations": [
{
"category": "mitigation",
"details": "If CodeMeter Runtime is configured as server: Limit remote access to systems where the CodeMeter Runtime network server is running",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14"
]
},
{
"category": "mitigation",
"details": "For affected versions: Install WIBU Systems CodeMeter Runtime V7.60c or later version manually to fix the issue: Download the package from \nhttps://www.wibu.com/support/user/user-software.html and follow the installation instructions from WIBU Systems.",
"product_ids": [
"4"
]
},
{
"category": "mitigation",
"details": "For affected versions: Install WIBU Systems CodeMeter Runtime V7.60c or later version manually to fix the issue: Download the package from \nhttps://www.wibu.com/support/user/user-software.html and follow the installation instructions from WIBU Systems.",
"product_ids": [
"2",
"3",
"6"
]
},
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"7",
"8",
"14"
]
},
{
"category": "vendor_fix",
"details": "Update to V1.0 SP2 Update 2 or later version",
"product_ids": [
"13"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109825710/"
},
{
"category": "vendor_fix",
"details": "Update to V11.2 or later version",
"product_ids": [
"12"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109954445/"
},
{
"category": "vendor_fix",
"details": "Update to V13.1.12.1 or later version",
"product_ids": [
"6"
]
},
{
"category": "vendor_fix",
"details": "Update to V15.0.22 or later version",
"product_ids": [
"2"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.17 P030 or later version",
"product_ids": [
"9"
],
"url": "https://www.winccoa.com/downloads/category/versions-patches.html"
},
{
"category": "vendor_fix",
"details": "Update to V3.18 P021 or later version",
"product_ids": [
"10"
],
"url": "https://www.winccoa.com/downloads/category/versions-patches.html"
},
{
"category": "vendor_fix",
"details": "Update to V3.19 P006 or later version",
"product_ids": [
"11"
],
"url": "https://www.winccoa.com/downloads/category/versions-patches.html"
},
{
"category": "vendor_fix",
"details": "Update to V34.9.6 or later version",
"product_ids": [
"3"
]
},
{
"category": "vendor_fix",
"details": "Update to V35.6.1 or later version",
"product_ids": [
"4"
]
},
{
"category": "vendor_fix",
"details": "CAPE V14 installations installed from material dated 2023-08-23 or later are not affected, as they contain a fixed version of CodeMeter Runtime.\n\nFor installations of CAPE V14 using material earlier than 2023-08-23: Install WIBU Systems CodeMeter Runtime V7.60c or later version manually to fix the issue: Download the package from \nhttps://www.wibu.com/support/user/user-software.html and follow the installation instructions from WIBU Systems.",
"product_ids": [
"1"
]
},
{
"category": "vendor_fix",
"details": "Install WIBU Systems CodeMeter Runtime V7.60c or later version manually to \ufb01x the issue: Download the package from \nhttps://www.wibu.com/support/user/user-software.html and follow the installation instructions from WIBU Systems.",
"product_ids": [
"5"
]
},
{
"category": "workaround",
"details": "If CodeMeter Runtime is configured as client only in the affected product: Ensure that only trusted persons have access to the system and avoid the configuration of additional local accounts",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14"
]
}
],
"title": "CVE-2023-3935"
}
]
}
WID-SEC-W-2023-2311
Vulnerability from csaf_certbund
Published
2023-09-12 22:00
Modified
2024-01-22 23:00
Summary
Wibu-Systems CodeMeter: Schwachstelle ermöglicht Codeausführung und Privilegienerweiterung
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
CodeMeter ist eine Software zur Durchsetzung von Lizenzrechten.
Angriff
Ein entfernter anonymer Angreifer kann eine Schwachstelle in Wibu-Systems CodeMeter ausnutzen, um beliebigen Code auszuführen oder seine Privilegien zu erweitern.
Betroffene Betriebssysteme
- Linux
- MacOS X
- Windows
- Sonstiges
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "CodeMeter ist eine Software zur Durchsetzung von Lizenzrechten.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter anonymer Angreifer kann eine Schwachstelle in Wibu-Systems CodeMeter ausnutzen, um beliebigen Code auszuf\u00fchren oder seine Privilegien zu erweitern.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- MacOS X\n- Windows\n- Sonstiges",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-2311 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2311.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-2311 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2311"
},
{
"category": "external",
"summary": "Siemens Security Advisory SSA-240541 vom 2023-09-12",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-240541.html"
},
{
"category": "external",
"summary": "WIBU Security Advisory WIBU-230802-01 vom 2023-08-17",
"url": "https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/AdvisoryWIBU-230802-01.pdf"
}
],
"source_lang": "en-US",
"title": "Wibu-Systems CodeMeter: Schwachstelle erm\u00f6glicht Codeausf\u00fchrung und Privilegienerweiterung",
"tracking": {
"current_release_date": "2024-01-22T23:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:58:15.711+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-2311",
"initial_release_date": "2023-09-12T22:00:00.000+00:00",
"revision_history": [
{
"date": "2023-09-12T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-01-22T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von WIBU-SYSTEMS aufgenommen"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Wibu-Systems CodeMeter",
"product": {
"name": "Wibu-Systems CodeMeter",
"product_id": "T029822",
"product_identification_helper": {
"cpe": "cpe:/a:wibu:codemeter:-"
}
}
}
],
"category": "vendor",
"name": "Wibu-Systems"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-3935",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in Wibu-Systems CodeMeter. Dieser Fehler besteht aufgrund eines Heap-Puffer\u00fcberlaufs in der Runtime-Komponente. Ein entfernter, anonymer Angreifer kann diese Schwachstelle zur Ausf\u00fchrung von beliebigem Code ausnutzen. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern."
}
],
"product_status": {
"known_affected": [
"T029822"
]
},
"release_date": "2023-09-12T22:00:00.000+00:00",
"title": "CVE-2023-3935"
}
]
}
wid-sec-w-2023-2311
Vulnerability from csaf_certbund
Published
2023-09-12 22:00
Modified
2024-01-22 23:00
Summary
Wibu-Systems CodeMeter: Schwachstelle ermöglicht Codeausführung und Privilegienerweiterung
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
CodeMeter ist eine Software zur Durchsetzung von Lizenzrechten.
Angriff
Ein entfernter anonymer Angreifer kann eine Schwachstelle in Wibu-Systems CodeMeter ausnutzen, um beliebigen Code auszuführen oder seine Privilegien zu erweitern.
Betroffene Betriebssysteme
- Linux
- MacOS X
- Windows
- Sonstiges
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "CodeMeter ist eine Software zur Durchsetzung von Lizenzrechten.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter anonymer Angreifer kann eine Schwachstelle in Wibu-Systems CodeMeter ausnutzen, um beliebigen Code auszuf\u00fchren oder seine Privilegien zu erweitern.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- MacOS X\n- Windows\n- Sonstiges",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-2311 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2311.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-2311 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2311"
},
{
"category": "external",
"summary": "Siemens Security Advisory SSA-240541 vom 2023-09-12",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-240541.html"
},
{
"category": "external",
"summary": "WIBU Security Advisory WIBU-230802-01 vom 2023-08-17",
"url": "https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/AdvisoryWIBU-230802-01.pdf"
}
],
"source_lang": "en-US",
"title": "Wibu-Systems CodeMeter: Schwachstelle erm\u00f6glicht Codeausf\u00fchrung und Privilegienerweiterung",
"tracking": {
"current_release_date": "2024-01-22T23:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:58:15.711+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-2311",
"initial_release_date": "2023-09-12T22:00:00.000+00:00",
"revision_history": [
{
"date": "2023-09-12T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-01-22T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von WIBU-SYSTEMS aufgenommen"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Wibu-Systems CodeMeter",
"product": {
"name": "Wibu-Systems CodeMeter",
"product_id": "T029822",
"product_identification_helper": {
"cpe": "cpe:/a:wibu:codemeter:-"
}
}
}
],
"category": "vendor",
"name": "Wibu-Systems"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-3935",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in Wibu-Systems CodeMeter. Dieser Fehler besteht aufgrund eines Heap-Puffer\u00fcberlaufs in der Runtime-Komponente. Ein entfernter, anonymer Angreifer kann diese Schwachstelle zur Ausf\u00fchrung von beliebigem Code ausnutzen. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern."
}
],
"product_status": {
"known_affected": [
"T029822"
]
},
"release_date": "2023-09-12T22:00:00.000+00:00",
"title": "CVE-2023-3935"
}
]
}
WID-SEC-W-2024-0943
Vulnerability from csaf_certbund
Published
2024-04-21 22:00
Modified
2025-01-07 23:00
Summary
CODESYS: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
CODESYS ist eine herstellerunabhängige Automatisierungssoftware für die Entwicklung von Steuerungsanwendungen in der industriellen Automatisierung.
Angriff
Ein Angreifer kann mehrere Schwachstellen in CODESYS ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen, Dateien zu manipulieren oder einen Brute-Force-Angriff durchzuführen.
Betroffene Betriebssysteme
- Sonstiges
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "CODESYS ist eine herstellerunabh\u00e4ngige Automatisierungssoftware f\u00fcr die Entwicklung von Steuerungsanwendungen in der industriellen Automatisierung.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in CODESYS ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren oder einen Brute-Force-Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-0943 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0943.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-0943 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0943"
},
{
"category": "external",
"summary": "CODESYS Advisory vom 2023-06-27",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17090\u0026token=6cd08b169916366df31388d2e7ba58e7bce93508\u0026download="
},
{
"category": "external",
"summary": "CODESYS Advisory vom 2023-04-03",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17555\u0026token=212fc7e39bdd260cab6d6ca84333d42f50bcb3da\u0026download="
},
{
"category": "external",
"summary": "CODESYS Advisory vom 2023-03-08",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17764\u0026token=4b2f3cf3a800d076b22f18d49f278bd8883dbd46\u0026download="
},
{
"category": "external",
"summary": "CODESYS Advisory vom 2023-10-31",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17765\u0026token=04e117e1408fdb8e02b4bc821aa3be819668aef4\u0026download="
},
{
"category": "external",
"summary": "CODESYS Advisory vom 2023-08-03",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17766\u0026token=667d36292e99e6f6b7eb8c0b4a86d27137c31f98\u0026download="
},
{
"category": "external",
"summary": "CODESYS Advisory vom 2023-10-31",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17767\u0026token=7ed2d9324eff98a0a319c455d0256dc7627c705e\u0026download="
},
{
"category": "external",
"summary": "CODESYS Advisory vom 2023-08-03",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17768\u0026token=9d206ea9e0449cd9d3ee60d5179d2761dad2d2dd\u0026download="
},
{
"category": "external",
"summary": "CODESYS Advisory vom 2023-07-26",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17769\u0026token=a1a34cd304aebfbc1e2619e401a9a6cb5d4dc117\u0026download="
},
{
"category": "external",
"summary": "CODESYS Advisory vom 2023-12-05",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17809\u0026token=c3b4e3ec4956099de26f0c6caf194d1ba341040a\u0026download="
},
{
"category": "external",
"summary": "CODESYS Advisory vom 2024-02-26",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=18027\u0026token=43109051cf95d3445bc616e4efb8414336ebcc47\u0026download="
},
{
"category": "external",
"summary": "ABB Security Advisory vom 2025-01-07",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=3ADR011377\u0026LanguageCode=en\u0026DocumentPartId=CSAF\u0026Action=Launch"
}
],
"source_lang": "en-US",
"title": "CODESYS: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-01-07T23:00:00.000+00:00",
"generator": {
"date": "2025-01-08T10:42:29.688+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.10"
}
},
"id": "WID-SEC-W-2024-0943",
"initial_release_date": "2024-04-21T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-04-21T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-04-25T22:00:00.000+00:00",
"number": "2",
"summary": "Datum der Codesys Meldungen korrigiert."
},
{
"date": "2025-01-07T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates aufgenommen"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c3.8.0",
"product": {
"name": "ABB AC-500 \u003c3.8.0",
"product_id": "T040044"
}
},
{
"category": "product_version",
"name": "3.8.0",
"product": {
"name": "ABB AC-500 3.8.0",
"product_id": "T040044-fixed",
"product_identification_helper": {
"cpe": "cpe:/h:abb:ac-500:3.8.0"
}
}
}
],
"category": "product_name",
"name": "AC-500"
}
],
"category": "vendor",
"name": "ABB"
},
{
"branches": [
{
"category": "product_name",
"name": "CODESYS CODESYS",
"product": {
"name": "CODESYS CODESYS",
"product_id": "T034337",
"product_identification_helper": {
"cpe": "cpe:/a:codesys:codesys:-"
}
}
}
],
"category": "vendor",
"name": "CODESYS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-22516",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in CODESYS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Control, Development System oder dem SysDrv3S.sys-Treiber, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer OS-Befehlsinjektion, einem Out-of-bounds-Write oder einer unzul\u00e4ssigen Einschr\u00e4nkung von Authentifizierungsversuchen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand auszul\u00f6sen, vertrauliche Informationen offenzulegen, Dateien zu manipulieren oder Brute-Force-Angriffe durchzuf\u00fchren. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion oder eine Anmeldung, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T034337",
"T040044"
]
},
"release_date": "2024-04-21T22:00:00.000+00:00",
"title": "CVE-2022-22516"
},
{
"cve": "CVE-2022-4046",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in CODESYS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Control, Development System oder dem SysDrv3S.sys-Treiber, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer OS-Befehlsinjektion, einem Out-of-bounds-Write oder einer unzul\u00e4ssigen Einschr\u00e4nkung von Authentifizierungsversuchen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand auszul\u00f6sen, vertrauliche Informationen offenzulegen, Dateien zu manipulieren oder Brute-Force-Angriffe durchzuf\u00fchren. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion oder eine Anmeldung, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T034337",
"T040044"
]
},
"release_date": "2024-04-21T22:00:00.000+00:00",
"title": "CVE-2022-4046"
},
{
"cve": "CVE-2022-47391",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in CODESYS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Control, Development System oder dem SysDrv3S.sys-Treiber, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer OS-Befehlsinjektion, einem Out-of-bounds-Write oder einer unzul\u00e4ssigen Einschr\u00e4nkung von Authentifizierungsversuchen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand auszul\u00f6sen, vertrauliche Informationen offenzulegen, Dateien zu manipulieren oder Brute-Force-Angriffe durchzuf\u00fchren. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion oder eine Anmeldung, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T034337",
"T040044"
]
},
"release_date": "2024-04-21T22:00:00.000+00:00",
"title": "CVE-2022-47391"
},
{
"cve": "CVE-2023-28355",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in CODESYS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Control, Development System oder dem SysDrv3S.sys-Treiber, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer OS-Befehlsinjektion, einem Out-of-bounds-Write oder einer unzul\u00e4ssigen Einschr\u00e4nkung von Authentifizierungsversuchen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand auszul\u00f6sen, vertrauliche Informationen offenzulegen, Dateien zu manipulieren oder Brute-Force-Angriffe durchzuf\u00fchren. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion oder eine Anmeldung, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T034337",
"T040044"
]
},
"release_date": "2024-04-21T22:00:00.000+00:00",
"title": "CVE-2023-28355"
},
{
"cve": "CVE-2023-3662",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in CODESYS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Control, Development System oder dem SysDrv3S.sys-Treiber, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer OS-Befehlsinjektion, einem Out-of-bounds-Write oder einer unzul\u00e4ssigen Einschr\u00e4nkung von Authentifizierungsversuchen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand auszul\u00f6sen, vertrauliche Informationen offenzulegen, Dateien zu manipulieren oder Brute-Force-Angriffe durchzuf\u00fchren. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion oder eine Anmeldung, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T034337",
"T040044"
]
},
"release_date": "2024-04-21T22:00:00.000+00:00",
"title": "CVE-2023-3662"
},
{
"cve": "CVE-2023-3663",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in CODESYS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Control, Development System oder dem SysDrv3S.sys-Treiber, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer OS-Befehlsinjektion, einem Out-of-bounds-Write oder einer unzul\u00e4ssigen Einschr\u00e4nkung von Authentifizierungsversuchen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand auszul\u00f6sen, vertrauliche Informationen offenzulegen, Dateien zu manipulieren oder Brute-Force-Angriffe durchzuf\u00fchren. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion oder eine Anmeldung, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T034337",
"T040044"
]
},
"release_date": "2024-04-21T22:00:00.000+00:00",
"title": "CVE-2023-3663"
},
{
"cve": "CVE-2023-3669",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in CODESYS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Control, Development System oder dem SysDrv3S.sys-Treiber, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer OS-Befehlsinjektion, einem Out-of-bounds-Write oder einer unzul\u00e4ssigen Einschr\u00e4nkung von Authentifizierungsversuchen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand auszul\u00f6sen, vertrauliche Informationen offenzulegen, Dateien zu manipulieren oder Brute-Force-Angriffe durchzuf\u00fchren. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion oder eine Anmeldung, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T034337",
"T040044"
]
},
"release_date": "2024-04-21T22:00:00.000+00:00",
"title": "CVE-2023-3669"
},
{
"cve": "CVE-2023-3670",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in CODESYS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Control, Development System oder dem SysDrv3S.sys-Treiber, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer OS-Befehlsinjektion, einem Out-of-bounds-Write oder einer unzul\u00e4ssigen Einschr\u00e4nkung von Authentifizierungsversuchen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand auszul\u00f6sen, vertrauliche Informationen offenzulegen, Dateien zu manipulieren oder Brute-Force-Angriffe durchzuf\u00fchren. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion oder eine Anmeldung, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T034337",
"T040044"
]
},
"release_date": "2024-04-21T22:00:00.000+00:00",
"title": "CVE-2023-3670"
},
{
"cve": "CVE-2023-37545",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in CODESYS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Control, Development System oder dem SysDrv3S.sys-Treiber, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer OS-Befehlsinjektion, einem Out-of-bounds-Write oder einer unzul\u00e4ssigen Einschr\u00e4nkung von Authentifizierungsversuchen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand auszul\u00f6sen, vertrauliche Informationen offenzulegen, Dateien zu manipulieren oder Brute-Force-Angriffe durchzuf\u00fchren. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion oder eine Anmeldung, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T034337",
"T040044"
]
},
"release_date": "2024-04-21T22:00:00.000+00:00",
"title": "CVE-2023-37545"
},
{
"cve": "CVE-2023-37546",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in CODESYS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Control, Development System oder dem SysDrv3S.sys-Treiber, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer OS-Befehlsinjektion, einem Out-of-bounds-Write oder einer unzul\u00e4ssigen Einschr\u00e4nkung von Authentifizierungsversuchen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand auszul\u00f6sen, vertrauliche Informationen offenzulegen, Dateien zu manipulieren oder Brute-Force-Angriffe durchzuf\u00fchren. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion oder eine Anmeldung, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T034337",
"T040044"
]
},
"release_date": "2024-04-21T22:00:00.000+00:00",
"title": "CVE-2023-37546"
},
{
"cve": "CVE-2023-37547",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in CODESYS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Control, Development System oder dem SysDrv3S.sys-Treiber, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer OS-Befehlsinjektion, einem Out-of-bounds-Write oder einer unzul\u00e4ssigen Einschr\u00e4nkung von Authentifizierungsversuchen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand auszul\u00f6sen, vertrauliche Informationen offenzulegen, Dateien zu manipulieren oder Brute-Force-Angriffe durchzuf\u00fchren. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion oder eine Anmeldung, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T034337",
"T040044"
]
},
"release_date": "2024-04-21T22:00:00.000+00:00",
"title": "CVE-2023-37547"
},
{
"cve": "CVE-2023-37548",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in CODESYS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Control, Development System oder dem SysDrv3S.sys-Treiber, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer OS-Befehlsinjektion, einem Out-of-bounds-Write oder einer unzul\u00e4ssigen Einschr\u00e4nkung von Authentifizierungsversuchen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand auszul\u00f6sen, vertrauliche Informationen offenzulegen, Dateien zu manipulieren oder Brute-Force-Angriffe durchzuf\u00fchren. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion oder eine Anmeldung, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T034337",
"T040044"
]
},
"release_date": "2024-04-21T22:00:00.000+00:00",
"title": "CVE-2023-37548"
},
{
"cve": "CVE-2023-37549",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in CODESYS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Control, Development System oder dem SysDrv3S.sys-Treiber, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer OS-Befehlsinjektion, einem Out-of-bounds-Write oder einer unzul\u00e4ssigen Einschr\u00e4nkung von Authentifizierungsversuchen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand auszul\u00f6sen, vertrauliche Informationen offenzulegen, Dateien zu manipulieren oder Brute-Force-Angriffe durchzuf\u00fchren. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion oder eine Anmeldung, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T034337",
"T040044"
]
},
"release_date": "2024-04-21T22:00:00.000+00:00",
"title": "CVE-2023-37549"
},
{
"cve": "CVE-2023-37550",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in CODESYS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Control, Development System oder dem SysDrv3S.sys-Treiber, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer OS-Befehlsinjektion, einem Out-of-bounds-Write oder einer unzul\u00e4ssigen Einschr\u00e4nkung von Authentifizierungsversuchen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand auszul\u00f6sen, vertrauliche Informationen offenzulegen, Dateien zu manipulieren oder Brute-Force-Angriffe durchzuf\u00fchren. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion oder eine Anmeldung, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T034337",
"T040044"
]
},
"release_date": "2024-04-21T22:00:00.000+00:00",
"title": "CVE-2023-37550"
},
{
"cve": "CVE-2023-37551",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in CODESYS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Control, Development System oder dem SysDrv3S.sys-Treiber, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer OS-Befehlsinjektion, einem Out-of-bounds-Write oder einer unzul\u00e4ssigen Einschr\u00e4nkung von Authentifizierungsversuchen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand auszul\u00f6sen, vertrauliche Informationen offenzulegen, Dateien zu manipulieren oder Brute-Force-Angriffe durchzuf\u00fchren. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion oder eine Anmeldung, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T034337",
"T040044"
]
},
"release_date": "2024-04-21T22:00:00.000+00:00",
"title": "CVE-2023-37551"
},
{
"cve": "CVE-2023-37552",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in CODESYS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Control, Development System oder dem SysDrv3S.sys-Treiber, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer OS-Befehlsinjektion, einem Out-of-bounds-Write oder einer unzul\u00e4ssigen Einschr\u00e4nkung von Authentifizierungsversuchen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand auszul\u00f6sen, vertrauliche Informationen offenzulegen, Dateien zu manipulieren oder Brute-Force-Angriffe durchzuf\u00fchren. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion oder eine Anmeldung, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T034337",
"T040044"
]
},
"release_date": "2024-04-21T22:00:00.000+00:00",
"title": "CVE-2023-37552"
},
{
"cve": "CVE-2023-37553",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in CODESYS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Control, Development System oder dem SysDrv3S.sys-Treiber, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer OS-Befehlsinjektion, einem Out-of-bounds-Write oder einer unzul\u00e4ssigen Einschr\u00e4nkung von Authentifizierungsversuchen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand auszul\u00f6sen, vertrauliche Informationen offenzulegen, Dateien zu manipulieren oder Brute-Force-Angriffe durchzuf\u00fchren. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion oder eine Anmeldung, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T034337",
"T040044"
]
},
"release_date": "2024-04-21T22:00:00.000+00:00",
"title": "CVE-2023-37553"
},
{
"cve": "CVE-2023-37554",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in CODESYS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Control, Development System oder dem SysDrv3S.sys-Treiber, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer OS-Befehlsinjektion, einem Out-of-bounds-Write oder einer unzul\u00e4ssigen Einschr\u00e4nkung von Authentifizierungsversuchen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand auszul\u00f6sen, vertrauliche Informationen offenzulegen, Dateien zu manipulieren oder Brute-Force-Angriffe durchzuf\u00fchren. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion oder eine Anmeldung, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T034337",
"T040044"
]
},
"release_date": "2024-04-21T22:00:00.000+00:00",
"title": "CVE-2023-37554"
},
{
"cve": "CVE-2023-37555",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in CODESYS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Control, Development System oder dem SysDrv3S.sys-Treiber, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer OS-Befehlsinjektion, einem Out-of-bounds-Write oder einer unzul\u00e4ssigen Einschr\u00e4nkung von Authentifizierungsversuchen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand auszul\u00f6sen, vertrauliche Informationen offenzulegen, Dateien zu manipulieren oder Brute-Force-Angriffe durchzuf\u00fchren. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion oder eine Anmeldung, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T034337",
"T040044"
]
},
"release_date": "2024-04-21T22:00:00.000+00:00",
"title": "CVE-2023-37555"
},
{
"cve": "CVE-2023-37556",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in CODESYS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Control, Development System oder dem SysDrv3S.sys-Treiber, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer OS-Befehlsinjektion, einem Out-of-bounds-Write oder einer unzul\u00e4ssigen Einschr\u00e4nkung von Authentifizierungsversuchen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand auszul\u00f6sen, vertrauliche Informationen offenzulegen, Dateien zu manipulieren oder Brute-Force-Angriffe durchzuf\u00fchren. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion oder eine Anmeldung, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T034337",
"T040044"
]
},
"release_date": "2024-04-21T22:00:00.000+00:00",
"title": "CVE-2023-37556"
},
{
"cve": "CVE-2023-37557",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in CODESYS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Control, Development System oder dem SysDrv3S.sys-Treiber, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer OS-Befehlsinjektion, einem Out-of-bounds-Write oder einer unzul\u00e4ssigen Einschr\u00e4nkung von Authentifizierungsversuchen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand auszul\u00f6sen, vertrauliche Informationen offenzulegen, Dateien zu manipulieren oder Brute-Force-Angriffe durchzuf\u00fchren. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion oder eine Anmeldung, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T034337",
"T040044"
]
},
"release_date": "2024-04-21T22:00:00.000+00:00",
"title": "CVE-2023-37557"
},
{
"cve": "CVE-2023-37558",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in CODESYS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Control, Development System oder dem SysDrv3S.sys-Treiber, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer OS-Befehlsinjektion, einem Out-of-bounds-Write oder einer unzul\u00e4ssigen Einschr\u00e4nkung von Authentifizierungsversuchen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand auszul\u00f6sen, vertrauliche Informationen offenzulegen, Dateien zu manipulieren oder Brute-Force-Angriffe durchzuf\u00fchren. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion oder eine Anmeldung, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T034337",
"T040044"
]
},
"release_date": "2024-04-21T22:00:00.000+00:00",
"title": "CVE-2023-37558"
},
{
"cve": "CVE-2023-37559",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in CODESYS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Control, Development System oder dem SysDrv3S.sys-Treiber, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer OS-Befehlsinjektion, einem Out-of-bounds-Write oder einer unzul\u00e4ssigen Einschr\u00e4nkung von Authentifizierungsversuchen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand auszul\u00f6sen, vertrauliche Informationen offenzulegen, Dateien zu manipulieren oder Brute-Force-Angriffe durchzuf\u00fchren. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion oder eine Anmeldung, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T034337",
"T040044"
]
},
"release_date": "2024-04-21T22:00:00.000+00:00",
"title": "CVE-2023-37559"
},
{
"cve": "CVE-2023-3935",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in CODESYS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Control, Development System oder dem SysDrv3S.sys-Treiber, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer OS-Befehlsinjektion, einem Out-of-bounds-Write oder einer unzul\u00e4ssigen Einschr\u00e4nkung von Authentifizierungsversuchen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand auszul\u00f6sen, vertrauliche Informationen offenzulegen, Dateien zu manipulieren oder Brute-Force-Angriffe durchzuf\u00fchren. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion oder eine Anmeldung, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T034337",
"T040044"
]
},
"release_date": "2024-04-21T22:00:00.000+00:00",
"title": "CVE-2023-3935"
},
{
"cve": "CVE-2023-6357",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in CODESYS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Control, Development System oder dem SysDrv3S.sys-Treiber, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer OS-Befehlsinjektion, einem Out-of-bounds-Write oder einer unzul\u00e4ssigen Einschr\u00e4nkung von Authentifizierungsversuchen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand auszul\u00f6sen, vertrauliche Informationen offenzulegen, Dateien zu manipulieren oder Brute-Force-Angriffe durchzuf\u00fchren. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion oder eine Anmeldung, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T034337",
"T040044"
]
},
"release_date": "2024-04-21T22:00:00.000+00:00",
"title": "CVE-2023-6357"
}
]
}
wid-sec-w-2024-0943
Vulnerability from csaf_certbund
Published
2024-04-21 22:00
Modified
2025-01-07 23:00
Summary
CODESYS: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
CODESYS ist eine herstellerunabhängige Automatisierungssoftware für die Entwicklung von Steuerungsanwendungen in der industriellen Automatisierung.
Angriff
Ein Angreifer kann mehrere Schwachstellen in CODESYS ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen, Dateien zu manipulieren oder einen Brute-Force-Angriff durchzuführen.
Betroffene Betriebssysteme
- Sonstiges
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "CODESYS ist eine herstellerunabh\u00e4ngige Automatisierungssoftware f\u00fcr die Entwicklung von Steuerungsanwendungen in der industriellen Automatisierung.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in CODESYS ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren oder einen Brute-Force-Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-0943 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0943.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-0943 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0943"
},
{
"category": "external",
"summary": "CODESYS Advisory vom 2023-06-27",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17090\u0026token=6cd08b169916366df31388d2e7ba58e7bce93508\u0026download="
},
{
"category": "external",
"summary": "CODESYS Advisory vom 2023-04-03",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17555\u0026token=212fc7e39bdd260cab6d6ca84333d42f50bcb3da\u0026download="
},
{
"category": "external",
"summary": "CODESYS Advisory vom 2023-03-08",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17764\u0026token=4b2f3cf3a800d076b22f18d49f278bd8883dbd46\u0026download="
},
{
"category": "external",
"summary": "CODESYS Advisory vom 2023-10-31",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17765\u0026token=04e117e1408fdb8e02b4bc821aa3be819668aef4\u0026download="
},
{
"category": "external",
"summary": "CODESYS Advisory vom 2023-08-03",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17766\u0026token=667d36292e99e6f6b7eb8c0b4a86d27137c31f98\u0026download="
},
{
"category": "external",
"summary": "CODESYS Advisory vom 2023-10-31",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17767\u0026token=7ed2d9324eff98a0a319c455d0256dc7627c705e\u0026download="
},
{
"category": "external",
"summary": "CODESYS Advisory vom 2023-08-03",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17768\u0026token=9d206ea9e0449cd9d3ee60d5179d2761dad2d2dd\u0026download="
},
{
"category": "external",
"summary": "CODESYS Advisory vom 2023-07-26",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17769\u0026token=a1a34cd304aebfbc1e2619e401a9a6cb5d4dc117\u0026download="
},
{
"category": "external",
"summary": "CODESYS Advisory vom 2023-12-05",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17809\u0026token=c3b4e3ec4956099de26f0c6caf194d1ba341040a\u0026download="
},
{
"category": "external",
"summary": "CODESYS Advisory vom 2024-02-26",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=18027\u0026token=43109051cf95d3445bc616e4efb8414336ebcc47\u0026download="
},
{
"category": "external",
"summary": "ABB Security Advisory vom 2025-01-07",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=3ADR011377\u0026LanguageCode=en\u0026DocumentPartId=CSAF\u0026Action=Launch"
}
],
"source_lang": "en-US",
"title": "CODESYS: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-01-07T23:00:00.000+00:00",
"generator": {
"date": "2025-01-08T10:42:29.688+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.10"
}
},
"id": "WID-SEC-W-2024-0943",
"initial_release_date": "2024-04-21T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-04-21T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-04-25T22:00:00.000+00:00",
"number": "2",
"summary": "Datum der Codesys Meldungen korrigiert."
},
{
"date": "2025-01-07T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates aufgenommen"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c3.8.0",
"product": {
"name": "ABB AC-500 \u003c3.8.0",
"product_id": "T040044"
}
},
{
"category": "product_version",
"name": "3.8.0",
"product": {
"name": "ABB AC-500 3.8.0",
"product_id": "T040044-fixed",
"product_identification_helper": {
"cpe": "cpe:/h:abb:ac-500:3.8.0"
}
}
}
],
"category": "product_name",
"name": "AC-500"
}
],
"category": "vendor",
"name": "ABB"
},
{
"branches": [
{
"category": "product_name",
"name": "CODESYS CODESYS",
"product": {
"name": "CODESYS CODESYS",
"product_id": "T034337",
"product_identification_helper": {
"cpe": "cpe:/a:codesys:codesys:-"
}
}
}
],
"category": "vendor",
"name": "CODESYS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-22516",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in CODESYS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Control, Development System oder dem SysDrv3S.sys-Treiber, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer OS-Befehlsinjektion, einem Out-of-bounds-Write oder einer unzul\u00e4ssigen Einschr\u00e4nkung von Authentifizierungsversuchen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand auszul\u00f6sen, vertrauliche Informationen offenzulegen, Dateien zu manipulieren oder Brute-Force-Angriffe durchzuf\u00fchren. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion oder eine Anmeldung, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T034337",
"T040044"
]
},
"release_date": "2024-04-21T22:00:00.000+00:00",
"title": "CVE-2022-22516"
},
{
"cve": "CVE-2022-4046",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in CODESYS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Control, Development System oder dem SysDrv3S.sys-Treiber, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer OS-Befehlsinjektion, einem Out-of-bounds-Write oder einer unzul\u00e4ssigen Einschr\u00e4nkung von Authentifizierungsversuchen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand auszul\u00f6sen, vertrauliche Informationen offenzulegen, Dateien zu manipulieren oder Brute-Force-Angriffe durchzuf\u00fchren. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion oder eine Anmeldung, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T034337",
"T040044"
]
},
"release_date": "2024-04-21T22:00:00.000+00:00",
"title": "CVE-2022-4046"
},
{
"cve": "CVE-2022-47391",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in CODESYS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Control, Development System oder dem SysDrv3S.sys-Treiber, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer OS-Befehlsinjektion, einem Out-of-bounds-Write oder einer unzul\u00e4ssigen Einschr\u00e4nkung von Authentifizierungsversuchen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand auszul\u00f6sen, vertrauliche Informationen offenzulegen, Dateien zu manipulieren oder Brute-Force-Angriffe durchzuf\u00fchren. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion oder eine Anmeldung, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T034337",
"T040044"
]
},
"release_date": "2024-04-21T22:00:00.000+00:00",
"title": "CVE-2022-47391"
},
{
"cve": "CVE-2023-28355",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in CODESYS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Control, Development System oder dem SysDrv3S.sys-Treiber, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer OS-Befehlsinjektion, einem Out-of-bounds-Write oder einer unzul\u00e4ssigen Einschr\u00e4nkung von Authentifizierungsversuchen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand auszul\u00f6sen, vertrauliche Informationen offenzulegen, Dateien zu manipulieren oder Brute-Force-Angriffe durchzuf\u00fchren. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion oder eine Anmeldung, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T034337",
"T040044"
]
},
"release_date": "2024-04-21T22:00:00.000+00:00",
"title": "CVE-2023-28355"
},
{
"cve": "CVE-2023-3662",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in CODESYS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Control, Development System oder dem SysDrv3S.sys-Treiber, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer OS-Befehlsinjektion, einem Out-of-bounds-Write oder einer unzul\u00e4ssigen Einschr\u00e4nkung von Authentifizierungsversuchen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand auszul\u00f6sen, vertrauliche Informationen offenzulegen, Dateien zu manipulieren oder Brute-Force-Angriffe durchzuf\u00fchren. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion oder eine Anmeldung, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T034337",
"T040044"
]
},
"release_date": "2024-04-21T22:00:00.000+00:00",
"title": "CVE-2023-3662"
},
{
"cve": "CVE-2023-3663",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in CODESYS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Control, Development System oder dem SysDrv3S.sys-Treiber, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer OS-Befehlsinjektion, einem Out-of-bounds-Write oder einer unzul\u00e4ssigen Einschr\u00e4nkung von Authentifizierungsversuchen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand auszul\u00f6sen, vertrauliche Informationen offenzulegen, Dateien zu manipulieren oder Brute-Force-Angriffe durchzuf\u00fchren. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion oder eine Anmeldung, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T034337",
"T040044"
]
},
"release_date": "2024-04-21T22:00:00.000+00:00",
"title": "CVE-2023-3663"
},
{
"cve": "CVE-2023-3669",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in CODESYS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Control, Development System oder dem SysDrv3S.sys-Treiber, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer OS-Befehlsinjektion, einem Out-of-bounds-Write oder einer unzul\u00e4ssigen Einschr\u00e4nkung von Authentifizierungsversuchen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand auszul\u00f6sen, vertrauliche Informationen offenzulegen, Dateien zu manipulieren oder Brute-Force-Angriffe durchzuf\u00fchren. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion oder eine Anmeldung, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T034337",
"T040044"
]
},
"release_date": "2024-04-21T22:00:00.000+00:00",
"title": "CVE-2023-3669"
},
{
"cve": "CVE-2023-3670",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in CODESYS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Control, Development System oder dem SysDrv3S.sys-Treiber, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer OS-Befehlsinjektion, einem Out-of-bounds-Write oder einer unzul\u00e4ssigen Einschr\u00e4nkung von Authentifizierungsversuchen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand auszul\u00f6sen, vertrauliche Informationen offenzulegen, Dateien zu manipulieren oder Brute-Force-Angriffe durchzuf\u00fchren. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion oder eine Anmeldung, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T034337",
"T040044"
]
},
"release_date": "2024-04-21T22:00:00.000+00:00",
"title": "CVE-2023-3670"
},
{
"cve": "CVE-2023-37545",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in CODESYS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Control, Development System oder dem SysDrv3S.sys-Treiber, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer OS-Befehlsinjektion, einem Out-of-bounds-Write oder einer unzul\u00e4ssigen Einschr\u00e4nkung von Authentifizierungsversuchen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand auszul\u00f6sen, vertrauliche Informationen offenzulegen, Dateien zu manipulieren oder Brute-Force-Angriffe durchzuf\u00fchren. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion oder eine Anmeldung, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T034337",
"T040044"
]
},
"release_date": "2024-04-21T22:00:00.000+00:00",
"title": "CVE-2023-37545"
},
{
"cve": "CVE-2023-37546",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in CODESYS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Control, Development System oder dem SysDrv3S.sys-Treiber, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer OS-Befehlsinjektion, einem Out-of-bounds-Write oder einer unzul\u00e4ssigen Einschr\u00e4nkung von Authentifizierungsversuchen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand auszul\u00f6sen, vertrauliche Informationen offenzulegen, Dateien zu manipulieren oder Brute-Force-Angriffe durchzuf\u00fchren. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion oder eine Anmeldung, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T034337",
"T040044"
]
},
"release_date": "2024-04-21T22:00:00.000+00:00",
"title": "CVE-2023-37546"
},
{
"cve": "CVE-2023-37547",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in CODESYS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Control, Development System oder dem SysDrv3S.sys-Treiber, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer OS-Befehlsinjektion, einem Out-of-bounds-Write oder einer unzul\u00e4ssigen Einschr\u00e4nkung von Authentifizierungsversuchen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand auszul\u00f6sen, vertrauliche Informationen offenzulegen, Dateien zu manipulieren oder Brute-Force-Angriffe durchzuf\u00fchren. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion oder eine Anmeldung, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T034337",
"T040044"
]
},
"release_date": "2024-04-21T22:00:00.000+00:00",
"title": "CVE-2023-37547"
},
{
"cve": "CVE-2023-37548",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in CODESYS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Control, Development System oder dem SysDrv3S.sys-Treiber, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer OS-Befehlsinjektion, einem Out-of-bounds-Write oder einer unzul\u00e4ssigen Einschr\u00e4nkung von Authentifizierungsversuchen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand auszul\u00f6sen, vertrauliche Informationen offenzulegen, Dateien zu manipulieren oder Brute-Force-Angriffe durchzuf\u00fchren. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion oder eine Anmeldung, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T034337",
"T040044"
]
},
"release_date": "2024-04-21T22:00:00.000+00:00",
"title": "CVE-2023-37548"
},
{
"cve": "CVE-2023-37549",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in CODESYS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Control, Development System oder dem SysDrv3S.sys-Treiber, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer OS-Befehlsinjektion, einem Out-of-bounds-Write oder einer unzul\u00e4ssigen Einschr\u00e4nkung von Authentifizierungsversuchen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand auszul\u00f6sen, vertrauliche Informationen offenzulegen, Dateien zu manipulieren oder Brute-Force-Angriffe durchzuf\u00fchren. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion oder eine Anmeldung, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T034337",
"T040044"
]
},
"release_date": "2024-04-21T22:00:00.000+00:00",
"title": "CVE-2023-37549"
},
{
"cve": "CVE-2023-37550",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in CODESYS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Control, Development System oder dem SysDrv3S.sys-Treiber, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer OS-Befehlsinjektion, einem Out-of-bounds-Write oder einer unzul\u00e4ssigen Einschr\u00e4nkung von Authentifizierungsversuchen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand auszul\u00f6sen, vertrauliche Informationen offenzulegen, Dateien zu manipulieren oder Brute-Force-Angriffe durchzuf\u00fchren. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion oder eine Anmeldung, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T034337",
"T040044"
]
},
"release_date": "2024-04-21T22:00:00.000+00:00",
"title": "CVE-2023-37550"
},
{
"cve": "CVE-2023-37551",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in CODESYS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Control, Development System oder dem SysDrv3S.sys-Treiber, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer OS-Befehlsinjektion, einem Out-of-bounds-Write oder einer unzul\u00e4ssigen Einschr\u00e4nkung von Authentifizierungsversuchen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand auszul\u00f6sen, vertrauliche Informationen offenzulegen, Dateien zu manipulieren oder Brute-Force-Angriffe durchzuf\u00fchren. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion oder eine Anmeldung, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T034337",
"T040044"
]
},
"release_date": "2024-04-21T22:00:00.000+00:00",
"title": "CVE-2023-37551"
},
{
"cve": "CVE-2023-37552",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in CODESYS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Control, Development System oder dem SysDrv3S.sys-Treiber, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer OS-Befehlsinjektion, einem Out-of-bounds-Write oder einer unzul\u00e4ssigen Einschr\u00e4nkung von Authentifizierungsversuchen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand auszul\u00f6sen, vertrauliche Informationen offenzulegen, Dateien zu manipulieren oder Brute-Force-Angriffe durchzuf\u00fchren. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion oder eine Anmeldung, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T034337",
"T040044"
]
},
"release_date": "2024-04-21T22:00:00.000+00:00",
"title": "CVE-2023-37552"
},
{
"cve": "CVE-2023-37553",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in CODESYS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Control, Development System oder dem SysDrv3S.sys-Treiber, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer OS-Befehlsinjektion, einem Out-of-bounds-Write oder einer unzul\u00e4ssigen Einschr\u00e4nkung von Authentifizierungsversuchen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand auszul\u00f6sen, vertrauliche Informationen offenzulegen, Dateien zu manipulieren oder Brute-Force-Angriffe durchzuf\u00fchren. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion oder eine Anmeldung, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T034337",
"T040044"
]
},
"release_date": "2024-04-21T22:00:00.000+00:00",
"title": "CVE-2023-37553"
},
{
"cve": "CVE-2023-37554",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in CODESYS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Control, Development System oder dem SysDrv3S.sys-Treiber, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer OS-Befehlsinjektion, einem Out-of-bounds-Write oder einer unzul\u00e4ssigen Einschr\u00e4nkung von Authentifizierungsversuchen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand auszul\u00f6sen, vertrauliche Informationen offenzulegen, Dateien zu manipulieren oder Brute-Force-Angriffe durchzuf\u00fchren. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion oder eine Anmeldung, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T034337",
"T040044"
]
},
"release_date": "2024-04-21T22:00:00.000+00:00",
"title": "CVE-2023-37554"
},
{
"cve": "CVE-2023-37555",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in CODESYS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Control, Development System oder dem SysDrv3S.sys-Treiber, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer OS-Befehlsinjektion, einem Out-of-bounds-Write oder einer unzul\u00e4ssigen Einschr\u00e4nkung von Authentifizierungsversuchen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand auszul\u00f6sen, vertrauliche Informationen offenzulegen, Dateien zu manipulieren oder Brute-Force-Angriffe durchzuf\u00fchren. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion oder eine Anmeldung, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T034337",
"T040044"
]
},
"release_date": "2024-04-21T22:00:00.000+00:00",
"title": "CVE-2023-37555"
},
{
"cve": "CVE-2023-37556",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in CODESYS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Control, Development System oder dem SysDrv3S.sys-Treiber, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer OS-Befehlsinjektion, einem Out-of-bounds-Write oder einer unzul\u00e4ssigen Einschr\u00e4nkung von Authentifizierungsversuchen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand auszul\u00f6sen, vertrauliche Informationen offenzulegen, Dateien zu manipulieren oder Brute-Force-Angriffe durchzuf\u00fchren. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion oder eine Anmeldung, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T034337",
"T040044"
]
},
"release_date": "2024-04-21T22:00:00.000+00:00",
"title": "CVE-2023-37556"
},
{
"cve": "CVE-2023-37557",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in CODESYS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Control, Development System oder dem SysDrv3S.sys-Treiber, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer OS-Befehlsinjektion, einem Out-of-bounds-Write oder einer unzul\u00e4ssigen Einschr\u00e4nkung von Authentifizierungsversuchen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand auszul\u00f6sen, vertrauliche Informationen offenzulegen, Dateien zu manipulieren oder Brute-Force-Angriffe durchzuf\u00fchren. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion oder eine Anmeldung, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T034337",
"T040044"
]
},
"release_date": "2024-04-21T22:00:00.000+00:00",
"title": "CVE-2023-37557"
},
{
"cve": "CVE-2023-37558",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in CODESYS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Control, Development System oder dem SysDrv3S.sys-Treiber, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer OS-Befehlsinjektion, einem Out-of-bounds-Write oder einer unzul\u00e4ssigen Einschr\u00e4nkung von Authentifizierungsversuchen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand auszul\u00f6sen, vertrauliche Informationen offenzulegen, Dateien zu manipulieren oder Brute-Force-Angriffe durchzuf\u00fchren. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion oder eine Anmeldung, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T034337",
"T040044"
]
},
"release_date": "2024-04-21T22:00:00.000+00:00",
"title": "CVE-2023-37558"
},
{
"cve": "CVE-2023-37559",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in CODESYS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Control, Development System oder dem SysDrv3S.sys-Treiber, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer OS-Befehlsinjektion, einem Out-of-bounds-Write oder einer unzul\u00e4ssigen Einschr\u00e4nkung von Authentifizierungsversuchen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand auszul\u00f6sen, vertrauliche Informationen offenzulegen, Dateien zu manipulieren oder Brute-Force-Angriffe durchzuf\u00fchren. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion oder eine Anmeldung, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T034337",
"T040044"
]
},
"release_date": "2024-04-21T22:00:00.000+00:00",
"title": "CVE-2023-37559"
},
{
"cve": "CVE-2023-3935",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in CODESYS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Control, Development System oder dem SysDrv3S.sys-Treiber, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer OS-Befehlsinjektion, einem Out-of-bounds-Write oder einer unzul\u00e4ssigen Einschr\u00e4nkung von Authentifizierungsversuchen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand auszul\u00f6sen, vertrauliche Informationen offenzulegen, Dateien zu manipulieren oder Brute-Force-Angriffe durchzuf\u00fchren. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion oder eine Anmeldung, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T034337",
"T040044"
]
},
"release_date": "2024-04-21T22:00:00.000+00:00",
"title": "CVE-2023-3935"
},
{
"cve": "CVE-2023-6357",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in CODESYS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Control, Development System oder dem SysDrv3S.sys-Treiber, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer OS-Befehlsinjektion, einem Out-of-bounds-Write oder einer unzul\u00e4ssigen Einschr\u00e4nkung von Authentifizierungsversuchen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand auszul\u00f6sen, vertrauliche Informationen offenzulegen, Dateien zu manipulieren oder Brute-Force-Angriffe durchzuf\u00fchren. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion oder eine Anmeldung, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T034337",
"T040044"
]
},
"release_date": "2024-04-21T22:00:00.000+00:00",
"title": "CVE-2023-6357"
}
]
}
ghsa-c9rf-qf73-r46f
Vulnerability from github
Published
2023-09-13 15:31
Modified
2023-09-13 15:31
Severity ?
VLAI Severity ?
Details
A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system.
{
"affected": [],
"aliases": [
"CVE-2023-3935"
],
"database_specific": {
"cwe_ids": [
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-09-13T14:15:09Z",
"severity": null
},
"details": "A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system.",
"id": "GHSA-c9rf-qf73-r46f",
"modified": "2023-09-13T15:31:14Z",
"published": "2023-09-13T15:31:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3935"
},
{
"type": "WEB",
"url": "https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/AdvisoryWIBU-230704-01-v3.0.pdf"
},
{
"type": "WEB",
"url": "https://cert.vde.com/en/advisories/VDE-2023-030"
},
{
"type": "WEB",
"url": "https://cert.vde.com/en/advisories/VDE-2023-031"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
CERTFR-2023-AVI-0935
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, un déni de service à distance et une exécution de code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Siemens | N/A | RUGGEDCOM RSG920P V4.X versions antérieures à V4.3.8 | ||
| Siemens | N/A | SCALANCE W786-2 SFP (6GK5786-2FE00-0AA0) toutes les versions | ||
| Siemens | N/A | SCALANCE XC208G (6GK5208-0GA00-2AC2) versions antérieures à V4.5 | ||
| Siemens | N/A | SCALANCE W721-1 RJ45 (6GK5721-1FC00-0AB0) toutes les versions | ||
| Siemens | N/A | SCALANCE W778-1 M12 EEC (6GK5778-1GY00-0TA0) toutes les versions | ||
| Siemens | N/A | SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AB0) toutes les versions | ||
| Siemens | N/A | SCALANCE W786-2IA RJ45 (6GK5786-2HC00-0AA0) toutes les versions | ||
| Siemens | N/A | Applications Mendix basées sur Mendix 10 versions antérieures à V10.4.0 | ||
| Siemens | N/A | RUGGEDCOM RS416PNC toutes les versions | ||
| Siemens | N/A | SCALANCE XB205-3LD (SC, E/IP) (6GK5205-3BF00-2TB2) versions antérieures à V4.5 | ||
| Siemens | N/A | SIPLUS NET SCALANCE XC206-2SFP (6AG1206-2BS00-7AC2) versions antérieures à V4.5 | ||
| Siemens | N/A | RUGGEDCOM RSG2200NC toutes les versions | ||
| Siemens | N/A | RUGGEDCOM RS8000NC toutes les versions | ||
| Siemens | N/A | RUGGEDCOM RSG2300PF toutes les versions | ||
| Siemens | N/A | SCALANCE XC206-2SFP EEC (6GK5206-2BS00-2FC2) versions antérieures à V4.5 | ||
| Siemens | N/A | SCALANCE XB205-3 (SC, PN) (6GK5205-3BB00-2AB2) versions antérieures à V4.5 | ||
| Siemens | N/A | RUGGEDCOM RS416Pv2 V4.X versions antérieures à V4.3.8 | ||
| Siemens | N/A | RUGGEDCOM RST2228P versions antérieures à V5.6.0 | ||
| Siemens | N/A | SCALANCE XC216-4C G EEC (6GK5216-4GS00-2FC2) versions antérieures à V4.5 | ||
| Siemens | N/A | SCALANCE XR328-4C WG (28xGE, AC 230V) (6GK5328-4SS00-3AR3) versions antérieures à V4.5 | ||
| Siemens | N/A | SCALANCE XC208EEC (6GK5208-0BA00-2FC2) versions antérieures à V4.5 | ||
| Siemens | N/A | RUGGEDCOM RSG2300P V5.X versions antérieures à V5.6.0 | ||
| Siemens | N/A | RUGGEDCOM RS969 versions antérieures à V4.3.8 | ||
| Siemens | N/A | SCALANCE W1788-2 M12 (6GK5788-2GY01-0AA0) toutes les versions | ||
| Siemens | N/A | RUGGEDCOM RS940GNC toutes les versions | ||
| Siemens | N/A | SCALANCE W774-1 M12 EEC (6GK5774-1FY00-0TA0) toutes les versions | ||
| Siemens | N/A | Mendix Studio Pro 8 versions antérieures à V8.18.27 | ||
| Siemens | N/A | RUGGEDCOM RS900GNC toutes les versions | ||
| Siemens | N/A | RUGGEDCOM M2200F toutes les versions | ||
| Siemens | N/A | RUGGEDCOM RSG2200F toutes les versions | ||
| Siemens | N/A | RUGGEDCOM RS900LNC toutes les versions | ||
| Siemens | N/A | RUGGEDCOM RS416PNCv2 V5.X toutes les versions | ||
| Siemens | N/A | SCALANCE XC216-4C G (EIP Def.) (6GK5216-4GS00-2TC2) versions antérieures à V4.5 | ||
| Siemens | N/A | SCALANCE XB205-3 (ST, PN) (6GK5205-3BD00-2AB2) versions antérieures à V4.5 | ||
| Siemens | N/A | Siemens OPC UA Modelling Editor (SiOME) versions antérieures à V2.8 | ||
| Siemens | N/A | SCALANCE W734-1 RJ45 (6GK5734-1FX00-0AA0) toutes les versions | ||
| Siemens | N/A | SCALANCE XB205-3 (ST, E/IP) (6GK5205-3BD00-2TB2) versions antérieures à V4.5 | ||
| Siemens | N/A | RUGGEDCOM RSG2488NC V5.X toutes les versions | ||
| Siemens | N/A | SCALANCE XB205-3 (ST, E/IP) (6GK5205-3BB00-2TB2) versions antérieures à V4.5 | ||
| Siemens | N/A | RUGGEDCOM RS1600TNC toutes les versions | ||
| Siemens | N/A | SCALANCE XB213-3LD (SC, PN) (6GK5213-3BF00-2AB2) versions antérieures à V4.5 | ||
| Siemens | N/A | SCALANCE W721-1 RJ45 (6GK5721-1FC00-0AA0) toutes les versions | ||
| Siemens | N/A | SCALANCE XC216-3G PoE (6GK5216-3RS00-2AC2) versions antérieures à V4.5 | ||
| Siemens | N/A | RUGGEDCOM M2100 versions antérieures à V4.3.8 | ||
| Siemens | N/A | SCALANCE XC208 (6GK5208-0BA00-2AC2) versions antérieures à V4.5 | ||
| Siemens | N/A | RUGGEDCOM RSG2288NC V4.X toutes les versions | ||
| Siemens | N/A | SCALANCE W788-2 RJ45 (6GK5788-2FC00-0AC0) toutes les versions | ||
| Siemens | N/A | SCALANCE XP216EEC (6GK5216-0HA00-2ES6) versions antérieures à V4.5 | ||
| Siemens | N/A | SCALANCE XC216-4C G (6GK5216-4GS00-2AC2) versions antérieures à V4.5 | ||
| Siemens | N/A | RUGGEDCOM RS900M-GETS-XX versions antérieures à V4.3.8 | ||
| Siemens | N/A | Mendix Studio Pro 10 versions antérieures à V10.3.1 | ||
| Siemens | N/A | SCALANCE XP216 (Ethernet/IP) (6GK5216-0HA00-2TS6) versions antérieures à V4.5 | ||
| Siemens | N/A | SCALANCE XP208EEC (6GK5208-0HA00-2ES6) versions antérieures à V4.5 | ||
| Siemens | N/A | RUGGEDCOM RS900MNC-GETS-C01 toutes les versions | ||
| Siemens | N/A | RUGGEDCOM RS900NC(32M) V4.X toutes les versions | ||
| Siemens | N/A | RUGGEDCOM M2200 versions antérieures à V4.3.8 | ||
| Siemens | N/A | SCALANCE XP216 (6GK5216-0HA00-2AS6) versions antérieures à V4.5 | ||
| Siemens | N/A | RUGGEDCOM i801NC toutes les versions | ||
| Siemens | N/A | SCALANCE XR326-2C PoE WG (6GK5326-2QS00-3AR3) versions antérieures à V4.5 | ||
| Siemens | N/A | RUGGEDCOM RST916C versions antérieures à V5.6.0 | ||
| Siemens | N/A | RUGGEDCOM i800 versions antérieures à V4.3.8 | ||
| Siemens | N/A | RUGGEDCOM RSG2300NC V4.X toutes les versions | ||
| Siemens | N/A | RUGGEDCOM RS910LNC toutes les versions | ||
| Siemens | N/A | Tecnomatix Plant Simulation V2302 versions antérieures à V2302.0004 | ||
| Siemens | N/A | RUGGEDCOM RS900GP versions antérieures à V4.3.8 | ||
| Siemens | N/A | RUGGEDCOM RS400 versions antérieures à V4.3.8 | ||
| Siemens | N/A | RUGGEDCOM RS900M-STND-C01 versions antérieures à V4.3.8 | ||
| Siemens | N/A | RUGGEDCOM RS940GF toutes les versions | ||
| Siemens | N/A | RUGGEDCOM RS416F toutes les versions | ||
| Siemens | N/A | SCALANCE WUM766-1 (US) (6GK5766-1GE00-3DB0) toutes les versions | ||
| Siemens | N/A | SCALANCE W778-1 M12 (6GK5778-1GY00-0AA0) toutes les versions | ||
| Siemens | N/A | SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AC0) toutes les versions | ||
| Siemens | N/A | RUGGEDCOM RSG2100 (32M) V4.X versions antérieures à V4.3.8 | ||
| Siemens | N/A | RUGGEDCOM RSG2300 V4.X versions antérieures à V4.3.8 | ||
| Siemens | N/A | RUGGEDCOM RS900 (32M) V5.X versions antérieures à V5.6.0 | ||
| Siemens | N/A | SCALANCE XC206-2 (ST/BFOC) (6GK5206-2BB00-2AC2) versions antérieures à V4.5 | ||
| Siemens | N/A | RUGGEDCOM RS900G versions antérieures à V4.3.8 | ||
| Siemens | N/A | SCALANCE W786-1 RJ45 (6GK5786-1FC00-0AA0) toutes les versions | ||
| Siemens | N/A | RUGGEDCOM RMC8388NC V5.X toutes les versions | ||
| Siemens | N/A | RUGGEDCOM RMC8388NC V4.X toutes les versions | ||
| Siemens | N/A | SCALANCE W748-1 M12 (6GK5748-1GD00-0AB0) toutes les versions | ||
| Siemens | N/A | RUGGEDCOM RS900GF toutes les versions | ||
| Siemens | N/A | RUGGEDCOM RSG2288 V4.X versions antérieures à V4.3.8 | ||
| Siemens | N/A | SINEC PNI versions antérieures à V2.0 | ||
| Siemens | N/A | SCALANCE XC206-2G PoE EEC (54 V DC) (6GK5206-2RS00-5FC2) versions antérieures à V4.5 | ||
| Siemens | N/A | RUGGEDCOM RSG2488NC V4.X toutes les versions | ||
| Siemens | N/A | Desigo CC product family V7 toutes les versions sans le dernier correctif de sécurité | ||
| Siemens | N/A | SCALANCE XC206-2SFP G (EIP DEF.) (6GK5206-2GS00-2TC2) versions antérieures à V4.5 | ||
| Siemens | N/A | RUGGEDCOM RS8000TNC toutes les versions | ||
| Siemens | N/A | SCALANCE W786-2 RJ45 (6GK5786-2FC00-0AC0) toutes les versions | ||
| Siemens | N/A | SCALANCE W778-1 M12 (6GK5778-1GY00-0AB0) toutes les versions | ||
| Siemens | N/A | RUGGEDCOM RS400NC toutes les versions | ||
| Siemens | N/A | SCALANCE XF204 DNA (6GK5204-0BA00-2YF2) versions antérieures à V4.5 | ||
| Siemens | N/A | RUGGEDCOM i803NC toutes les versions | ||
| Siemens | N/A | RUGGEDCOM RS910W versions antérieures à V4.3.8 | ||
| Siemens | N/A | SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (6GK5328-4FS00-3RR3) versions antérieures à V4.5 | ||
| Siemens | N/A | SCALANCE XC216-4C (6GK5216-4BS00-2AC2) versions antérieures à V4.5 | ||
| Siemens | N/A | SCALANCE XC224-4C G (6GK5224-4GS00-2AC2) versions antérieures à V4.5 | ||
| Siemens | N/A | RUGGEDCOM RS416NCv2 V4.X toutes les versions | ||
| Siemens | N/A | RUGGEDCOM RSG2100F toutes les versions | ||
| Siemens | N/A | RUGGEDCOM RSG2100PF toutes les versions | ||
| Siemens | N/A | RUGGEDCOM RS1600T versions antérieures à V4.3.8 | ||
| Siemens | N/A | SCALANCE XC206-2G PoE (6GK5206-2RS00-2AC2) versions antérieures à V4.5 | ||
| Siemens | N/A | SCALANCE XC208G EEC (6GK5208-0GA00-2FC2) versions antérieures à V4.5 | ||
| Siemens | N/A | Desigo CC product family V5.0 toutes les versions sans le dernier correctif de sécurité | ||
| Siemens | N/A | SCALANCE XC206-2SFP (6GK5206-2BS00-2AC2) versions antérieures à V4.5 | ||
| Siemens | N/A | SCALANCE W748-1 RJ45 (6GK5748-1FC00-0AB0) toutes les versions | ||
| Siemens | N/A | SCALANCE W786-1 RJ45 (6GK5786-1FC00-0AB0) toutes les versions | ||
| Siemens | N/A | SCALANCE XB205-3LD (SC, PN) (6GK5205-3BF00-2AB2) versions antérieures à V4.5 | ||
| Siemens | N/A | SCALANCE XR328-4C WG (24XFE, 4XGE, 24V) (6GK5328-4FS00-2AR3) versions antérieures à V4.5 | ||
| Siemens | N/A | RUGGEDCOM RSG2300PNC V4.X toutes les versions | ||
| Siemens | N/A | RUGGEDCOM RSG2300P V4.X versions antérieures à V4.3.8 | ||
| Siemens | N/A | RUGGEDCOM RMC30 versions antérieures à V4.3.8 | ||
| Siemens | N/A | RUGGEDCOM RS920W versions antérieures à V4.3.8 | ||
| Siemens | N/A | RUGGEDCOM RS416PF toutes les versions | ||
| Siemens | N/A | RUGGEDCOM i803 versions antérieures à V4.3.8 | ||
| Siemens | N/A | RUGGEDCOM APE1808 toutes versions utilisées avec Nozomi Guardian / CMC versions V22.6.3 à 23.1.0sans le dernier correctif de sécurité | ||
| Siemens | N/A | Applications Mendix basées sur Mendix 7.x versions antérieures à V7.23.37 | ||
| Siemens | N/A | RUGGEDCOM RSG908C versions antérieures à V5.6.0 | ||
| Siemens | N/A | Applications Mendix basées sur Mendix 9.x versions antérieures à V9.24.10 | ||
| Siemens | N/A | RUGGEDCOM RSG920P V5.X versions antérieures à V5.6.0 | ||
| Siemens | N/A | RUGGEDCOM RS900W versions antérieures à V4.3.8 | ||
| Siemens | N/A | SCALANCE XF204-2BA (6GK5204-2AA00-2GF2) versions antérieures à V4.5 | ||
| Siemens | N/A | RUGGEDCOM RS401NC toutes les versions | ||
| Siemens | N/A | SCALANCE XC216-3G PoE (54 V DC) (6GK5216-3RS00-5AC2) versions antérieures à V4.5 | ||
| Siemens | N/A | SCALANCE W738-1 M12 (6GK5738-1GY00-0AA0) toutes les versions | ||
| Siemens | N/A | SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0) toutes les versions | ||
| Siemens | N/A | SCALANCE W748-1 M12 (6GK5748-1GD00-0AA0) toutes les versions | ||
| Siemens | N/A | SCALANCE W788-2 RJ45 (6GK5788-2FC00-0AB0) toutes les versions | ||
| Siemens | N/A | SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AC0) toutes les versions | ||
| Siemens | N/A | Desigo CC product family V5.1 toutes les versions sans le dernier correctif de sécurité | ||
| Siemens | N/A | SCALANCE XC224 (6GK5224-0BA00-2AC2) versions antérieures à V4.5 | ||
| Siemens | N/A | RUGGEDCOM RS900MNC-STND-XX toutes les versions | ||
| Siemens | N/A | SIMATIC MV500 family versions antérieures à V3.3.5 | ||
| Siemens | N/A | RUGGEDCOM RST916P versions antérieures à V5.6.0 | ||
| Siemens | N/A | RUGGEDCOM RS401 versions antérieures à V4.3.8 | ||
| Siemens | N/A | SCALANCE XR328-4C WG (24xFE, 4xGE,DC24V) (6GK5328-4FS00-2RR3) versions antérieures à V4.5 | ||
| Siemens | N/A | RUGGEDCOM RSG2488 V4.X versions antérieures à V4.3.8 | ||
| Siemens | N/A | RUGGEDCOM RS910 versions antérieures à V4.3.8 | ||
| Siemens | N/A | SCALANCE XC224-4C G EEC (6GK5224-4GS00-2FC2) versions antérieures à V4.5 | ||
| Siemens | N/A | SCALANCE WUM763-1 (6GK5763-1AL00-3DA0) toutes les versions | ||
| Siemens | N/A | RUGGEDCOM RS416v2 V4.X versions antérieures à V4.3.8 | ||
| Siemens | N/A | RUGGEDCOM RSG2488F toutes les versions | ||
| Siemens | N/A | SCALANCE XC216EEC (6GK5216-0BA00-2FC2) versions antérieures à V4.5 | ||
| Siemens | N/A | SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (6GK5328-4FS00-3AR3) versions antérieures à V4.5 | ||
| Siemens | N/A | SCALANCE XB213-3LD (SC, E/IP) (6GK5213-3BF00-2TB2) versions antérieures à V4.5 | ||
| Siemens | N/A | RUGGEDCOM RS900GNC(32M) V4.X toutes les versions | ||
| Siemens | N/A | RUGGEDCOM RST2228 versions antérieures à V5.6.0 | ||
| Siemens | N/A | RUGGEDCOM RS416P versions antérieures à V4.3.8 | ||
| Siemens | N/A | RUGGEDCOM RSG2288NC V5.X toutes les versions | ||
| Siemens | N/A | SCALANCE W788-2 M12 EEC (6GK5788-2GD00-0TB0) toutes les versions | ||
| Siemens | N/A | RUGGEDCOM M2100F toutes les versions | ||
| Siemens | N/A | RUGGEDCOM RS8000 versions antérieures à V4.3.8 | ||
| Siemens | N/A | Applications Mendix basées sur Mendix 8.x versions antérieures à V8.18.27 | ||
| Siemens | N/A | SCALANCE XC206-2SFP G (6GK5206-2GS00-2AC2) versions antérieures à V4.5 | ||
| Siemens | N/A | SCALANCE W1748-1 M12 (6GK5748-1GY01-0TA0) toutes les versions | ||
| Siemens | N/A | SCALANCE XB213-3 (SC, E/IP) (6GK5213-3BD00-2TB2) versions antérieures à V4.5 | ||
| Siemens | N/A | RUGGEDCOM RS900NC toutes les versions | ||
| Siemens | N/A | RUGGEDCOM RP110NC toutes les versions | ||
| Siemens | N/A | SCALANCE XR324WG (24 x FE, AC 230V) (6GK5324-0BA00-3AR3) versions antérieures à V4.5 | ||
| Siemens | N/A | RUGGEDCOM RSG2100P versions antérieures à V4.3.8 | ||
| Siemens | N/A | SIPLUS NET SCALANCE XC206-2 (6AG1206-2BB00-7AC2) versions antérieures à V4.5 | ||
| Siemens | N/A | RUGGEDCOM M969F toutes les versions | ||
| Siemens | N/A | RUGGEDCOM RS900GPF toutes les versions | ||
| Siemens | N/A | SCALANCE XR324WG (24 X FE, DC 24V) (6GK5324-0BA00-2AR3) versions antérieures à V4.5 | ||
| Siemens | N/A | RUGGEDCOM RSG907R versions antérieures à V5.6.0 | ||
| Siemens | N/A | RUGGEDCOM i802 versions antérieures à V4.3.8 | ||
| Siemens | N/A | RUGGEDCOM M969 versions antérieures à V4.3.8 | ||
| Siemens | N/A | RUGGEDCOM RSG920PNC V5.X toutes les versions | ||
| Siemens | N/A | RUGGEDCOM RS920L versions antérieures à V4.3.8 | ||
| Siemens | N/A | RUGGEDCOM RS900MNC-STND-XX-C01 toutes les versions | ||
| Siemens | N/A | SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AA0) toutes les versions | ||
| Siemens | N/A | RUGGEDCOM RS900F toutes les versions | ||
| Siemens | N/A | SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AA6) toutes les versions | ||
| Siemens | N/A | RUGGEDCOM RS900G (32M) V5.X versions antérieures à V5.6.0 | ||
| Siemens | N/A | SCALANCE W1788-2 EEC M12 (6GK5788-2GY01-0TA0) toutes les versions | ||
| Siemens | N/A | SCALANCE W788-1 M12 (6GK5788-1GD00-0AB0) toutes les versions | ||
| Siemens | N/A | Simcenter Femap V2301 versions antérieures à V2301.0003 | ||
| Siemens | N/A | RUGGEDCOM RSG2100NC(32M) V4.X toutes les versions | ||
| Siemens | N/A | RUGGEDCOM RSG2288 V5.X versions antérieures à V5.6.0 | ||
| Siemens | N/A | RUGGEDCOM RSG920PNC V4.X toutes les versions | ||
| Siemens | N/A | RUGGEDCOM RS8000H versions antérieures à V4.3.8 | ||
| Siemens | N/A | SCALANCE WUM763-1 (6GK5763-1AL00-3AA0) toutes les versions | ||
| Siemens | N/A | RUGGEDCOM RMC8388 V5.X versions antérieures à V5.6.0 | ||
| Siemens | N/A | RUGGEDCOM RSG910C versions antérieures à V5.6.0 | ||
| Siemens | N/A | SCALANCE W788-2 M12 EEC (6GK5788-2GD00-0TA0) toutes les versions | ||
| Siemens | N/A | RUGGEDCOM RSG909R versions antérieures à V5.6.0 | ||
| Siemens | N/A | SCALANCE W788-1 RJ45 (6GK5788-1FC00-0AB0) toutes les versions | ||
| Siemens | N/A | RUGGEDCOM RS416PNCv2 V4.X toutes les versions | ||
| Siemens | N/A | SCALANCE W788-2 RJ45 (6GK5788-2FC00-0AA0) toutes les versions | ||
| Siemens | N/A | RUGGEDCOM RS910NC toutes les versions | ||
| Siemens | N/A | SCALANCE W774-1 RJ45 (USA) (6GK5774-1FX00-0AB6) toutes les versions | ||
| Siemens | N/A | SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0) toutes les versions | ||
| Siemens | N/A | SCALANCE XB216 (PN) (6GK5216-0BA00-2AB2) versions antérieures à V4.5 | ||
| Siemens | N/A | Desigo CC product family V6 toutes les versions sans le dernier correctif de sécurité | ||
| Siemens | N/A | RUGGEDCOM RS416Pv2 V5.X versions antérieures à V5.6.0 | ||
| Siemens | N/A | SCALANCE W734-1 RJ45 (6GK5734-1FX00-0AA6) toutes les versions | ||
| Siemens | N/A | RUGGEDCOM i800NC toutes les versions | ||
| Siemens | N/A | SCALANCE XC206-2G PoE (54 V DC) (6GK5206-2RS00-5AC2) versions antérieures à V4.5 | ||
| Siemens | N/A | SCALANCE W748-1 RJ45 (6GK5748-1FC00-0AA0) toutes les versions | ||
| Siemens | N/A | SCALANCE XB213-3 (ST, E/IP) (6GK5213-3BB00-2TB2) versions antérieures à V4.5 | ||
| Siemens | N/A | RUGGEDCOM RS930LNC toutes les versions | ||
| Siemens | N/A | RUGGEDCOM RMC8388 V4.X versions antérieures à V4.3.8 | ||
| Siemens | N/A | SIMATIC PCS neo versions antérieures à V4.1 | ||
| Siemens | N/A | RUGGEDCOM RS900M-STND-XX versions antérieures à V4.3.8 | ||
| Siemens | N/A | RUGGEDCOM RS910L versions antérieures à V4.3.8 | ||
| Siemens | N/A | SCALANCE XC206-2SFP G EEC (6GK5206-2GS00-2FC2) versions antérieures à V4.5 | ||
| Siemens | N/A | SCALANCE XB208 (PN) (6GK5208-0BA00-2AB2) versions antérieures à V4.5 | ||
| Siemens | N/A | SCALANCE W734-1 RJ45 (USA) (6GK5734-1FX00-0AB6) toutes les versions | ||
| Siemens | N/A | RUGGEDCOM i802NC toutes les versions | ||
| Siemens | N/A | SIPLUS NET SCALANCE XC208 (6AG1208-0BA00-7AC2) versions antérieures à V4.5 | ||
| Siemens | N/A | SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AA0) toutes les versions | ||
| Siemens | N/A | RUGGEDCOM RS1600FNC toutes les versions | ||
| Siemens | N/A | SCALANCE W1748-1 M12 (6GK5748-1GY01-0AA0) toutes les versions | ||
| Siemens | N/A | SCALANCE W761-1 RJ45 (6GK5761-1FC00-0AA0) toutes les versions | ||
| Siemens | N/A | RUGGEDCOM RSG2100PNC toutes les versions | ||
| Siemens | N/A | SCALANCE XP208 (Ethernet/IP) (6GK5208-0HA00-2TS6) versions antérieures à V4.5 | ||
| Siemens | N/A | RUGGEDCOM RS400F toutes les versions | ||
| Siemens | N/A | Mendix Studio Pro 7 versions antérieures à V7.23.37 | ||
| Siemens | N/A | RUGGEDCOM RSG2100 versions antérieures à V4.3.8 | ||
| Siemens | N/A | RUGGEDCOM RS8000A versions antérieures à V4.3.8 | ||
| Siemens | N/A | RUGGEDCOM RS900L versions antérieures à V4.3.8 | ||
| Siemens | N/A | SCALANCE XB208 (E/IP) (6GK5208-0BA00-2TB2) versions antérieures à V4.5 | ||
| Siemens | N/A | RUGGEDCOM RS920LNC toutes les versions | ||
| Siemens | N/A | RUGGEDCOM RS8000T versions antérieures à V4.3.8 | ||
| Siemens | N/A | SCALANCE W786-2 SFP (6GK5786-2FE00-0AB0) toutes les versions | ||
| Siemens | N/A | SCALANCE W786-2 RJ45 (6GK5786-2FC00-0AB0) toutes les versions | ||
| Siemens | N/A | SIPLUS NET SCALANCE XC216-4C (6AG1216-4BS00-7AC2) versions antérieures à V4.5 | ||
| Siemens | N/A | RUGGEDCOM RMC30NC toutes les versions | ||
| Siemens | N/A | COMOS versions antérieures à V10.4.4, les vulnérabilités CVE-2023-43505, CVE-2023-46601 ne seront pas corrigées par l'éditeur | ||
| Siemens | N/A | RUGGEDCOM RS900GNC(32M) V5.X toutes les versions | ||
| Siemens | N/A | RUGGEDCOM RSG2488 V5.X versions antérieures à V5.6.0 | ||
| Siemens | N/A | RUGGEDCOM RS8000ANC toutes les versions | ||
| Siemens | N/A | SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AB0) toutes les versions | ||
| Siemens | N/A | SCALANCE XC216 (6GK5216-0BA00-2AC2) versions antérieures à V4.5 | ||
| Siemens | N/A | SCALANCE W778-1 M12 EEC (USA) (6GK5778-1GY00-0TB0) toutes les versions | ||
| Siemens | N/A | RUGGEDCOM RS930L versions antérieures à V4.3.8 | ||
| Siemens | N/A | SCALANCE XB216 (E/IP) (6GK5216-0BA00-2TB2) versions antérieures à V4.5 | ||
| Siemens | N/A | SCALANCE W774-1 M12 EEC (6GK5774-1FY00-0TB0) toutes les versions | ||
| Siemens | N/A | SCALANCE WUM766-1 (EU) (6GK5766-1GE00-3DA0) toutes les versions | ||
| Siemens | N/A | SCALANCE WAM766-1 EEC (EU) (6GK5766-1GE00-7TA0) toutes les versions | ||
| Siemens | N/A | RUGGEDCOM RSL910NC toutes les versions | ||
| Siemens | N/A | RUGGEDCOM RSG2300 V5.X versions antérieures à V5.6.0 | ||
| Siemens | N/A | RUGGEDCOM RSG2300PNC V5.X toutes les versions | ||
| Siemens | N/A | RUGGEDCOM i801 versions antérieures à V4.3.8 | ||
| Siemens | N/A | Mendix Studio Pro 9 versions antérieures à V9.24.0 | ||
| Siemens | N/A | RUGGEDCOM M2100NC toutes les versions | ||
| Siemens | N/A | RUGGEDCOM RS416NCv2 V5.X toutes les versions | ||
| Siemens | N/A | RUGGEDCOM RSG2100NC toutes les versions | ||
| Siemens | N/A | SCALANCE XR326-2C PoE WG (without UL) (6GK5326-2QS00-3RR3) versions antérieures à V4.5 | ||
| Siemens | N/A | RUGGEDCOM RS900M-GETS-C01 versions antérieures à V4.3.8 | ||
| Siemens | N/A | RUGGEDCOM RS969NC toutes les versions | ||
| Siemens | N/A | SCALANCE XP208 (6GK5208-0HA00-2AS6) versions antérieures à V4.5 | ||
| Siemens | N/A | SCALANCE W788-1 M12 (6GK5788-1GD00-0AA0) toutes les versions | ||
| Siemens | N/A | SCALANCE XR328-4C WG (28xGE, DC 24V) (6GK5328-4SS00-2AR3) versions antérieures à V4.5 | ||
| Siemens | N/A | SCALANCE XC208G PoE (6GK5208-0RA00-2AC2) versions antérieures à V4.5 | ||
| Siemens | N/A | RUGGEDCOM RS900G (32M) V4.X versions antérieures à V4.3.8 | ||
| Siemens | N/A | Tecnomatix Plant Simulation V2201 versions antérieures à V2201.0010 | ||
| Siemens | N/A | SCALANCE W761-1 RJ45 (6GK5761-1FC00-0AB0) toutes les versions | ||
| Siemens | N/A | SCALANCE W1788-2IA M12 (6GK5788-2HY01-0AA0) toutes les versions | ||
| Siemens | N/A | RUGGEDCOM RS900 versions antérieures à V4.3.8 | ||
| Siemens | N/A | SCALANCE XP216POE EEC (6GK5216-0UA00-5ES6) versions antérieures à V4.5 | ||
| Siemens | N/A | RUGGEDCOM RS8000HNC toutes les versions | ||
| Siemens | N/A | SCALANCE XB213-3 (SC, PN) (6GK5213-3BD00-2AB2) versions antérieures à V4.5 | ||
| Siemens | N/A | Simcenter Femap V2306 versions antérieures à V2306.0001 | ||
| Siemens | N/A | RUGGEDCOM RP110 versions antérieures à V4.3.8 | ||
| Siemens | N/A | RUGGEDCOM RS900 (32M) V4.X versions antérieures à V4.3.8 | ||
| Siemens | N/A | RUGGEDCOM RSG2100 (32M) V5.X versions antérieures à V5.6.0 | ||
| Siemens | N/A | SCALANCE W734-1 RJ45 (6GK5734-1FX00-0AB0) toutes les versions | ||
| Siemens | N/A | SCALANCE W786-2IA RJ45 (6GK5786-2HC00-0AB0) toutes les versions | ||
| Siemens | N/A | RUGGEDCOM M969NC toutes les versions | ||
| Siemens | N/A | SCALANCE XC208G PoE (54 V DC) (6GK5208-0RA00-5AC2) versions antérieures à V4.5 | ||
| Siemens | N/A | SCALANCE XC224-4C G (EIP Def.) (6GK5224-4GS00-2TC2) versions antérieures à V4.5 | ||
| Siemens | N/A | SCALANCE XC206-2 (SC) (6GK5206-2BD00-2AC2) versions antérieures à V4.5 | ||
| Siemens | N/A | RUGGEDCOM RSL910 versions antérieures à V5.6.0 | ||
| Siemens | N/A | RUGGEDCOM RS1600F versions antérieures à V4.3.8 | ||
| Siemens | N/A | RUGGEDCOM RS900NC(32M) V5.X toutes les versions | ||
| Siemens | N/A | RUGGEDCOM RS416 versions antérieures à V4.3.8 | ||
| Siemens | N/A | SCALANCE W1788-1 M12 (6GK5788-1GY01-0AA0) toutes les versions | ||
| Siemens | N/A | SCALANCE WAM763-1 (6GK5763-1AL00-7DA0) toutes les versions | ||
| Siemens | N/A | SCALANCE W788-2 M12 EEC (6GK5788-2GD00-0TC0) toutes les versions | ||
| Siemens | N/A | SCALANCE XF204 (6GK5204-0BA00-2GF2) versions antérieures à V4.5 | ||
| Siemens | N/A | RUGGEDCOM RSG2300NC V5.X toutes les versions | ||
| Siemens | N/A | RUGGEDCOM RS900MNC-GETS-XX toutes les versions | ||
| Siemens | N/A | SCALANCE XB213-3 (ST, PN) (6GK5213-3BB00-2AB2) versions antérieures à V4.5 | ||
| Siemens | N/A | RUGGEDCOM RS930W versions antérieures à V4.3.8 | ||
| Siemens | N/A | RUGGEDCOM M2200NC toutes les versions | ||
| Siemens | N/A | RUGGEDCOM RS416v2 V5.X versions antérieures à V5.6.0 | ||
| Siemens | N/A | RUGGEDCOM RS900GPNC toutes les versions | ||
| Siemens | N/A | SCALANCE W738-1 M12 (6GK5738-1GY00-0AB0) toutes les versions | ||
| Siemens | N/A | SCALANCE XP208PoE EEC (6GK5208-0UA00-5ES6) versions antérieures à V4.5 | ||
| Siemens | N/A | RUGGEDCOM RS1600 versions antérieures à V4.3.8 | ||
| Siemens | N/A | RUGGEDCOM RS940G versions antérieures à V4.3.8 | ||
| Siemens | N/A | SCALANCE W788-1 RJ45 (6GK5788-1FC00-0AA0) toutes les versions | ||
| Siemens | N/A | SIPROTEC 4 7SJ66 versions antérieures à V4.41 | ||
| Siemens | N/A | RUGGEDCOM RSG2300F toutes les versions | ||
| Siemens | N/A | SCALANCE W788-2 M12 (6GK5788-2GD00-0AA0) toutes les versions | ||
| Siemens | N/A | SCALANCE XC208G (EIP def.) (6GK5208-0GA00-2TC2) versions antérieures à V4.5 | ||
| Siemens | N/A | RUGGEDCOM RS1600NC toutes les versions | ||
| Siemens | N/A | SCALANCE XF204-2BA DNA (6GK5204-2AA00-2YF2) versions antérieures à V4.5 | ||
| Siemens | N/A | RUGGEDCOM RSG2100NC(32M) V5.X toutes les versions | ||
| Siemens | N/A | SCALANCE WAM766-1 (EU) (6GK5766-1GE00-7DA0) toutes les versions | ||
| Siemens | N/A | SCALANCE W788-2 M12 (6GK5788-2GD00-0AB0) toutes les versions | ||
| Siemens | N/A | RUGGEDCOM RS416NC toutes les versions | ||
| Siemens | N/A | SCALANCE W786-2 RJ45 (6GK5786-2FC00-0AA0) toutes les versions | ||
| Siemens | N/A | RUGGEDCOM RSG2200 versions antérieures à V4.3.8 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "RUGGEDCOM RSG920P V4.X versions ant\u00e9rieures \u00e0 V4.3.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE W786-2 SFP (6GK5786-2FE00-0AA0) toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XC208G (6GK5208-0GA00-2AC2) versions ant\u00e9rieures \u00e0 V4.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE W721-1 RJ45 (6GK5721-1FC00-0AB0) toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE W778-1 M12 EEC (6GK5778-1GY00-0TA0) toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AB0) toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE W786-2IA RJ45 (6GK5786-2HC00-0AA0) toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Applications Mendix bas\u00e9es sur Mendix 10 versions ant\u00e9rieures \u00e0 V10.4.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RS416PNC toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XB205-3LD (SC, E/IP) (6GK5205-3BF00-2TB2) versions ant\u00e9rieures \u00e0 V4.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS NET SCALANCE XC206-2SFP (6AG1206-2BS00-7AC2) versions ant\u00e9rieures \u00e0 V4.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RSG2200NC toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RS8000NC toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RSG2300PF toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XC206-2SFP EEC (6GK5206-2BS00-2FC2) versions ant\u00e9rieures \u00e0 V4.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XB205-3 (SC, PN) (6GK5205-3BB00-2AB2) versions ant\u00e9rieures \u00e0 V4.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RS416Pv2 V4.X versions ant\u00e9rieures \u00e0 V4.3.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RST2228P versions ant\u00e9rieures \u00e0 V5.6.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XC216-4C G EEC (6GK5216-4GS00-2FC2) versions ant\u00e9rieures \u00e0 V4.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR328-4C WG (28xGE, AC 230V) (6GK5328-4SS00-3AR3) versions ant\u00e9rieures \u00e0 V4.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XC208EEC (6GK5208-0BA00-2FC2) versions ant\u00e9rieures \u00e0 V4.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RSG2300P V5.X versions ant\u00e9rieures \u00e0 V5.6.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RS969 versions ant\u00e9rieures \u00e0 V4.3.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE W1788-2 M12 (6GK5788-2GY01-0AA0) toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RS940GNC toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE W774-1 M12 EEC (6GK5774-1FY00-0TA0) toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Mendix Studio Pro 8 versions ant\u00e9rieures \u00e0 V8.18.27",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RS900GNC toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM M2200F toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RSG2200F toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RS900LNC toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RS416PNCv2 V5.X toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XC216-4C G (EIP Def.) (6GK5216-4GS00-2TC2) versions ant\u00e9rieures \u00e0 V4.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XB205-3 (ST, PN) (6GK5205-3BD00-2AB2) versions ant\u00e9rieures \u00e0 V4.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Siemens OPC UA Modelling Editor (SiOME) versions ant\u00e9rieures \u00e0 V2.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE W734-1 RJ45 (6GK5734-1FX00-0AA0) toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XB205-3 (ST, E/IP) (6GK5205-3BD00-2TB2) versions ant\u00e9rieures \u00e0 V4.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RSG2488NC V5.X toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XB205-3 (ST, E/IP) (6GK5205-3BB00-2TB2) versions ant\u00e9rieures \u00e0 V4.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RS1600TNC toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XB213-3LD (SC, PN) (6GK5213-3BF00-2AB2) versions ant\u00e9rieures \u00e0 V4.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE W721-1 RJ45 (6GK5721-1FC00-0AA0) toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XC216-3G PoE (6GK5216-3RS00-2AC2) versions ant\u00e9rieures \u00e0 V4.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM M2100 versions ant\u00e9rieures \u00e0 V4.3.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XC208 (6GK5208-0BA00-2AC2) versions ant\u00e9rieures \u00e0 V4.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RSG2288NC V4.X toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE W788-2 RJ45 (6GK5788-2FC00-0AC0) toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XP216EEC (6GK5216-0HA00-2ES6) versions ant\u00e9rieures \u00e0 V4.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XC216-4C G (6GK5216-4GS00-2AC2) versions ant\u00e9rieures \u00e0 V4.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RS900M-GETS-XX versions ant\u00e9rieures \u00e0 V4.3.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Mendix Studio Pro 10 versions ant\u00e9rieures \u00e0 V10.3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XP216 (Ethernet/IP) (6GK5216-0HA00-2TS6) versions ant\u00e9rieures \u00e0 V4.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XP208EEC (6GK5208-0HA00-2ES6) versions ant\u00e9rieures \u00e0 V4.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RS900MNC-GETS-C01 toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RS900NC(32M) V4.X toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM M2200 versions ant\u00e9rieures \u00e0 V4.3.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XP216 (6GK5216-0HA00-2AS6) versions ant\u00e9rieures \u00e0 V4.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM i801NC toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR326-2C PoE WG (6GK5326-2QS00-3AR3) versions ant\u00e9rieures \u00e0 V4.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RST916C versions ant\u00e9rieures \u00e0 V5.6.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM i800 versions ant\u00e9rieures \u00e0 V4.3.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RSG2300NC V4.X toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RS910LNC toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Tecnomatix Plant Simulation V2302 versions ant\u00e9rieures \u00e0 V2302.0004",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RS900GP versions ant\u00e9rieures \u00e0 V4.3.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RS400 versions ant\u00e9rieures \u00e0 V4.3.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RS900M-STND-C01 versions ant\u00e9rieures \u00e0 V4.3.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RS940GF toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RS416F toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE WUM766-1 (US) (6GK5766-1GE00-3DB0) toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE W778-1 M12 (6GK5778-1GY00-0AA0) toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AC0) toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RSG2100 (32M) V4.X versions ant\u00e9rieures \u00e0 V4.3.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RSG2300 V4.X versions ant\u00e9rieures \u00e0 V4.3.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RS900 (32M) V5.X versions ant\u00e9rieures \u00e0 V5.6.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XC206-2 (ST/BFOC) (6GK5206-2BB00-2AC2) versions ant\u00e9rieures \u00e0 V4.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RS900G versions ant\u00e9rieures \u00e0 V4.3.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE W786-1 RJ45 (6GK5786-1FC00-0AA0) toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RMC8388NC V5.X toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RMC8388NC V4.X toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE W748-1 M12 (6GK5748-1GD00-0AB0) toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RS900GF toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RSG2288 V4.X versions ant\u00e9rieures \u00e0 V4.3.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINEC PNI versions ant\u00e9rieures \u00e0 V2.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XC206-2G PoE EEC (54 V DC) (6GK5206-2RS00-5FC2) versions ant\u00e9rieures \u00e0 V4.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RSG2488NC V4.X toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Desigo CC product family V7 toutes les versions sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XC206-2SFP G (EIP DEF.) (6GK5206-2GS00-2TC2) versions ant\u00e9rieures \u00e0 V4.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RS8000TNC toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE W786-2 RJ45 (6GK5786-2FC00-0AC0) toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE W778-1 M12 (6GK5778-1GY00-0AB0) toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RS400NC toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XF204 DNA (6GK5204-0BA00-2YF2) versions ant\u00e9rieures \u00e0 V4.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM i803NC toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RS910W versions ant\u00e9rieures \u00e0 V4.3.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (6GK5328-4FS00-3RR3) versions ant\u00e9rieures \u00e0 V4.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XC216-4C (6GK5216-4BS00-2AC2) versions ant\u00e9rieures \u00e0 V4.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XC224-4C G (6GK5224-4GS00-2AC2) versions ant\u00e9rieures \u00e0 V4.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RS416NCv2 V4.X toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RSG2100F toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RSG2100PF toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RS1600T versions ant\u00e9rieures \u00e0 V4.3.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XC206-2G PoE (6GK5206-2RS00-2AC2) versions ant\u00e9rieures \u00e0 V4.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XC208G EEC (6GK5208-0GA00-2FC2) versions ant\u00e9rieures \u00e0 V4.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Desigo CC product family V5.0 toutes les versions sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XC206-2SFP (6GK5206-2BS00-2AC2) versions ant\u00e9rieures \u00e0 V4.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE W748-1 RJ45 (6GK5748-1FC00-0AB0) toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE W786-1 RJ45 (6GK5786-1FC00-0AB0) toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XB205-3LD (SC, PN) (6GK5205-3BF00-2AB2) versions ant\u00e9rieures \u00e0 V4.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR328-4C WG (24XFE, 4XGE, 24V) (6GK5328-4FS00-2AR3) versions ant\u00e9rieures \u00e0 V4.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RSG2300PNC V4.X toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RSG2300P V4.X versions ant\u00e9rieures \u00e0 V4.3.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RMC30 versions ant\u00e9rieures \u00e0 V4.3.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RS920W versions ant\u00e9rieures \u00e0 V4.3.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RS416PF toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM i803 versions ant\u00e9rieures \u00e0 V4.3.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM APE1808 toutes versions utilis\u00e9es avec Nozomi Guardian / CMC versions V22.6.3 \u00e0 23.1.0sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Applications Mendix bas\u00e9es sur Mendix 7.x versions ant\u00e9rieures \u00e0 V7.23.37",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RSG908C versions ant\u00e9rieures \u00e0 V5.6.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Applications Mendix bas\u00e9es sur Mendix 9.x versions ant\u00e9rieures \u00e0 V9.24.10",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RSG920P V5.X versions ant\u00e9rieures \u00e0 V5.6.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RS900W versions ant\u00e9rieures \u00e0 V4.3.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XF204-2BA (6GK5204-2AA00-2GF2) versions ant\u00e9rieures \u00e0 V4.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RS401NC toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XC216-3G PoE (54 V DC) (6GK5216-3RS00-5AC2) versions ant\u00e9rieures \u00e0 V4.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE W738-1 M12 (6GK5738-1GY00-0AA0) toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0) toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE W748-1 M12 (6GK5748-1GD00-0AA0) toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE W788-2 RJ45 (6GK5788-2FC00-0AB0) toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AC0) toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Desigo CC product family V5.1 toutes les versions sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XC224 (6GK5224-0BA00-2AC2) versions ant\u00e9rieures \u00e0 V4.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RS900MNC-STND-XX toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC MV500 family versions ant\u00e9rieures \u00e0 V3.3.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RST916P versions ant\u00e9rieures \u00e0 V5.6.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RS401 versions ant\u00e9rieures \u00e0 V4.3.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR328-4C WG (24xFE, 4xGE,DC24V) (6GK5328-4FS00-2RR3) versions ant\u00e9rieures \u00e0 V4.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RSG2488 V4.X versions ant\u00e9rieures \u00e0 V4.3.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RS910 versions ant\u00e9rieures \u00e0 V4.3.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XC224-4C G EEC (6GK5224-4GS00-2FC2) versions ant\u00e9rieures \u00e0 V4.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE WUM763-1 (6GK5763-1AL00-3DA0) toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RS416v2 V4.X versions ant\u00e9rieures \u00e0 V4.3.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RSG2488F toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XC216EEC (6GK5216-0BA00-2FC2) versions ant\u00e9rieures \u00e0 V4.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (6GK5328-4FS00-3AR3) versions ant\u00e9rieures \u00e0 V4.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XB213-3LD (SC, E/IP) (6GK5213-3BF00-2TB2) versions ant\u00e9rieures \u00e0 V4.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RS900GNC(32M) V4.X toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RST2228 versions ant\u00e9rieures \u00e0 V5.6.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RS416P versions ant\u00e9rieures \u00e0 V4.3.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RSG2288NC V5.X toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE W788-2 M12 EEC (6GK5788-2GD00-0TB0) toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM M2100F toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RS8000 versions ant\u00e9rieures \u00e0 V4.3.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Applications Mendix bas\u00e9es sur Mendix 8.x versions ant\u00e9rieures \u00e0 V8.18.27",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XC206-2SFP G (6GK5206-2GS00-2AC2) versions ant\u00e9rieures \u00e0 V4.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE W1748-1 M12 (6GK5748-1GY01-0TA0) toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XB213-3 (SC, E/IP) (6GK5213-3BD00-2TB2) versions ant\u00e9rieures \u00e0 V4.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RS900NC toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RP110NC toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR324WG (24 x FE, AC 230V) (6GK5324-0BA00-3AR3) versions ant\u00e9rieures \u00e0 V4.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RSG2100P versions ant\u00e9rieures \u00e0 V4.3.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS NET SCALANCE XC206-2 (6AG1206-2BB00-7AC2) versions ant\u00e9rieures \u00e0 V4.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM M969F toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RS900GPF toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR324WG (24 X FE, DC 24V) (6GK5324-0BA00-2AR3) versions ant\u00e9rieures \u00e0 V4.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RSG907R versions ant\u00e9rieures \u00e0 V5.6.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM i802 versions ant\u00e9rieures \u00e0 V4.3.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM M969 versions ant\u00e9rieures \u00e0 V4.3.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RSG920PNC V5.X toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RS920L versions ant\u00e9rieures \u00e0 V4.3.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RS900MNC-STND-XX-C01 toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AA0) toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RS900F toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AA6) toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RS900G (32M) V5.X versions ant\u00e9rieures \u00e0 V5.6.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE W1788-2 EEC M12 (6GK5788-2GY01-0TA0) toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE W788-1 M12 (6GK5788-1GD00-0AB0) toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Simcenter Femap V2301 versions ant\u00e9rieures \u00e0 V2301.0003",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RSG2100NC(32M) V4.X toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RSG2288 V5.X versions ant\u00e9rieures \u00e0 V5.6.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RSG920PNC V4.X toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RS8000H versions ant\u00e9rieures \u00e0 V4.3.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE WUM763-1 (6GK5763-1AL00-3AA0) toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RMC8388 V5.X versions ant\u00e9rieures \u00e0 V5.6.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RSG910C versions ant\u00e9rieures \u00e0 V5.6.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE W788-2 M12 EEC (6GK5788-2GD00-0TA0) toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RSG909R versions ant\u00e9rieures \u00e0 V5.6.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE W788-1 RJ45 (6GK5788-1FC00-0AB0) toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RS416PNCv2 V4.X toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE W788-2 RJ45 (6GK5788-2FC00-0AA0) toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RS910NC toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE W774-1 RJ45 (USA) (6GK5774-1FX00-0AB6) toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0) toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XB216 (PN) (6GK5216-0BA00-2AB2) versions ant\u00e9rieures \u00e0 V4.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Desigo CC product family V6 toutes les versions sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RS416Pv2 V5.X versions ant\u00e9rieures \u00e0 V5.6.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE W734-1 RJ45 (6GK5734-1FX00-0AA6) toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM i800NC toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XC206-2G PoE (54 V DC) (6GK5206-2RS00-5AC2) versions ant\u00e9rieures \u00e0 V4.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE W748-1 RJ45 (6GK5748-1FC00-0AA0) toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XB213-3 (ST, E/IP) (6GK5213-3BB00-2TB2) versions ant\u00e9rieures \u00e0 V4.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RS930LNC toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RMC8388 V4.X versions ant\u00e9rieures \u00e0 V4.3.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC PCS neo versions ant\u00e9rieures \u00e0 V4.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RS900M-STND-XX versions ant\u00e9rieures \u00e0 V4.3.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RS910L versions ant\u00e9rieures \u00e0 V4.3.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XC206-2SFP G EEC (6GK5206-2GS00-2FC2) versions ant\u00e9rieures \u00e0 V4.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XB208 (PN) (6GK5208-0BA00-2AB2) versions ant\u00e9rieures \u00e0 V4.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE W734-1 RJ45 (USA) (6GK5734-1FX00-0AB6) toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM i802NC toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS NET SCALANCE XC208 (6AG1208-0BA00-7AC2) versions ant\u00e9rieures \u00e0 V4.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AA0) toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RS1600FNC toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE W1748-1 M12 (6GK5748-1GY01-0AA0) toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE W761-1 RJ45 (6GK5761-1FC00-0AA0) toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RSG2100PNC toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XP208 (Ethernet/IP) (6GK5208-0HA00-2TS6) versions ant\u00e9rieures \u00e0 V4.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RS400F toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Mendix Studio Pro 7 versions ant\u00e9rieures \u00e0 V7.23.37",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RSG2100 versions ant\u00e9rieures \u00e0 V4.3.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RS8000A versions ant\u00e9rieures \u00e0 V4.3.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RS900L versions ant\u00e9rieures \u00e0 V4.3.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XB208 (E/IP) (6GK5208-0BA00-2TB2) versions ant\u00e9rieures \u00e0 V4.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RS920LNC toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RS8000T versions ant\u00e9rieures \u00e0 V4.3.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE W786-2 SFP (6GK5786-2FE00-0AB0) toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE W786-2 RJ45 (6GK5786-2FC00-0AB0) toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS NET SCALANCE XC216-4C (6AG1216-4BS00-7AC2) versions ant\u00e9rieures \u00e0 V4.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RMC30NC toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "COMOS versions ant\u00e9rieures \u00e0 V10.4.4, les vuln\u00e9rabilit\u00e9s CVE-2023-43505, CVE-2023-46601 ne seront pas corrig\u00e9es par l\u0027\u00e9diteur",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RS900GNC(32M) V5.X toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RSG2488 V5.X versions ant\u00e9rieures \u00e0 V5.6.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RS8000ANC toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AB0) toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XC216 (6GK5216-0BA00-2AC2) versions ant\u00e9rieures \u00e0 V4.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE W778-1 M12 EEC (USA) (6GK5778-1GY00-0TB0) toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RS930L versions ant\u00e9rieures \u00e0 V4.3.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XB216 (E/IP) (6GK5216-0BA00-2TB2) versions ant\u00e9rieures \u00e0 V4.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE W774-1 M12 EEC (6GK5774-1FY00-0TB0) toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE WUM766-1 (EU) (6GK5766-1GE00-3DA0) toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE WAM766-1 EEC (EU) (6GK5766-1GE00-7TA0) toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RSL910NC toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RSG2300 V5.X versions ant\u00e9rieures \u00e0 V5.6.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RSG2300PNC V5.X toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM i801 versions ant\u00e9rieures \u00e0 V4.3.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Mendix Studio Pro 9 versions ant\u00e9rieures \u00e0 V9.24.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM M2100NC toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RS416NCv2 V5.X toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RSG2100NC toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR326-2C PoE WG (without UL) (6GK5326-2QS00-3RR3) versions ant\u00e9rieures \u00e0 V4.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RS900M-GETS-C01 versions ant\u00e9rieures \u00e0 V4.3.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RS969NC toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XP208 (6GK5208-0HA00-2AS6) versions ant\u00e9rieures \u00e0 V4.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE W788-1 M12 (6GK5788-1GD00-0AA0) toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR328-4C WG (28xGE, DC 24V) (6GK5328-4SS00-2AR3) versions ant\u00e9rieures \u00e0 V4.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XC208G PoE (6GK5208-0RA00-2AC2) versions ant\u00e9rieures \u00e0 V4.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RS900G (32M) V4.X versions ant\u00e9rieures \u00e0 V4.3.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Tecnomatix Plant Simulation V2201 versions ant\u00e9rieures \u00e0 V2201.0010",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE W761-1 RJ45 (6GK5761-1FC00-0AB0) toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE W1788-2IA M12 (6GK5788-2HY01-0AA0) toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RS900 versions ant\u00e9rieures \u00e0 V4.3.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XP216POE EEC (6GK5216-0UA00-5ES6) versions ant\u00e9rieures \u00e0 V4.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RS8000HNC toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XB213-3 (SC, PN) (6GK5213-3BD00-2AB2) versions ant\u00e9rieures \u00e0 V4.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Simcenter Femap V2306 versions ant\u00e9rieures \u00e0 V2306.0001",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RP110 versions ant\u00e9rieures \u00e0 V4.3.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RS900 (32M) V4.X versions ant\u00e9rieures \u00e0 V4.3.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RSG2100 (32M) V5.X versions ant\u00e9rieures \u00e0 V5.6.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE W734-1 RJ45 (6GK5734-1FX00-0AB0) toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE W786-2IA RJ45 (6GK5786-2HC00-0AB0) toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM M969NC toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XC208G PoE (54 V DC) (6GK5208-0RA00-5AC2) versions ant\u00e9rieures \u00e0 V4.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XC224-4C G (EIP Def.) (6GK5224-4GS00-2TC2) versions ant\u00e9rieures \u00e0 V4.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XC206-2 (SC) (6GK5206-2BD00-2AC2) versions ant\u00e9rieures \u00e0 V4.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RSL910 versions ant\u00e9rieures \u00e0 V5.6.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RS1600F versions ant\u00e9rieures \u00e0 V4.3.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RS900NC(32M) V5.X toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RS416 versions ant\u00e9rieures \u00e0 V4.3.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE W1788-1 M12 (6GK5788-1GY01-0AA0) toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE WAM763-1 (6GK5763-1AL00-7DA0) toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE W788-2 M12 EEC (6GK5788-2GD00-0TC0) toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XF204 (6GK5204-0BA00-2GF2) versions ant\u00e9rieures \u00e0 V4.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RSG2300NC V5.X toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RS900MNC-GETS-XX toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XB213-3 (ST, PN) (6GK5213-3BB00-2AB2) versions ant\u00e9rieures \u00e0 V4.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RS930W versions ant\u00e9rieures \u00e0 V4.3.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM M2200NC toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RS416v2 V5.X versions ant\u00e9rieures \u00e0 V5.6.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RS900GPNC toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE W738-1 M12 (6GK5738-1GY00-0AB0) toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XP208PoE EEC (6GK5208-0UA00-5ES6) versions ant\u00e9rieures \u00e0 V4.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RS1600 versions ant\u00e9rieures \u00e0 V4.3.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RS940G versions ant\u00e9rieures \u00e0 V4.3.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE W788-1 RJ45 (6GK5788-1FC00-0AA0) toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 4 7SJ66 versions ant\u00e9rieures \u00e0 V4.41",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RSG2300F toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE W788-2 M12 (6GK5788-2GD00-0AA0) toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XC208G (EIP def.) (6GK5208-0GA00-2TC2) versions ant\u00e9rieures \u00e0 V4.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RS1600NC toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XF204-2BA DNA (6GK5204-2AA00-2YF2) versions ant\u00e9rieures \u00e0 V4.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RSG2100NC(32M) V5.X toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE WAM766-1 (EU) (6GK5766-1GE00-7DA0) toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE W788-2 M12 (6GK5788-2GD00-0AB0) toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RS416NC toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE W786-2 RJ45 (6GK5786-2FC00-0AA0) toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RSG2200 versions ant\u00e9rieures \u00e0 V4.3.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-24895",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24895"
},
{
"name": "CVE-2023-0216",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0216"
},
{
"name": "CVE-2020-35460",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35460"
},
{
"name": "CVE-2023-0401",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0401"
},
{
"name": "CVE-2023-33135",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33135"
},
{
"name": "CVE-2023-1530",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1530"
},
{
"name": "CVE-2023-22669",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22669"
},
{
"name": "CVE-2023-44321",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44321"
},
{
"name": "CVE-2023-3935",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3935"
},
{
"name": "CVE-2023-46096",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46096"
},
{
"name": "CVE-2023-44317",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44317"
},
{
"name": "CVE-2022-4304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
},
{
"name": "CVE-2023-38072",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38072"
},
{
"name": "CVE-2023-24897",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24897"
},
{
"name": "CVE-2022-44792",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-44792"
},
{
"name": "CVE-2023-3817",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3817"
},
{
"name": "CVE-2023-38075",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38075"
},
{
"name": "CVE-2019-12256",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12256"
},
{
"name": "CVE-2023-35788",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35788"
},
{
"name": "CVE-2022-28809",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28809"
},
{
"name": "CVE-2023-24936",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24936"
},
{
"name": "CVE-2023-38073",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38073"
},
{
"name": "CVE-2023-46097",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46097"
},
{
"name": "CVE-2019-12258",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12258"
},
{
"name": "CVE-2020-25020",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25020"
},
{
"name": "CVE-2022-4203",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4203"
},
{
"name": "CVE-2022-44793",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-44793"
},
{
"name": "CVE-2023-33128",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33128"
},
{
"name": "CVE-2019-12259",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12259"
},
{
"name": "CVE-2023-0217",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0217"
},
{
"name": "CVE-2023-44320",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44320"
},
{
"name": "CVE-2022-39158",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39158"
},
{
"name": "CVE-2022-28808",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28808"
},
{
"name": "CVE-2019-12261",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12261"
},
{
"name": "CVE-2023-46099",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46099"
},
{
"name": "CVE-2023-46590",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46590"
},
{
"name": "CVE-2023-2932",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2932"
},
{
"name": "CVE-2023-41033",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41033"
},
{
"name": "CVE-2023-46098",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46098"
},
{
"name": "CVE-2022-37434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37434"
},
{
"name": "CVE-2021-20094",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20094"
},
{
"name": "CVE-2022-28807",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28807"
},
{
"name": "CVE-2023-38071",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38071"
},
{
"name": "CVE-2023-45794",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45794"
},
{
"name": "CVE-2019-12263",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12263"
},
{
"name": "CVE-2021-20093",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20093"
},
{
"name": "CVE-2023-44319",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44319"
},
{
"name": "CVE-2023-46601",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46601"
},
{
"name": "CVE-2023-32032",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32032"
},
{
"name": "CVE-2022-4450",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
},
{
"name": "CVE-2023-2650",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2650"
},
{
"name": "CVE-2022-47522",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47522"
},
{
"name": "CVE-2023-38070",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38070"
},
{
"name": "CVE-2022-23095",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23095"
},
{
"name": "CVE-2023-44322",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44322"
},
{
"name": "CVE-2023-29245",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29245"
},
{
"name": "CVE-2023-43503",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43503"
},
{
"name": "CVE-2019-12260",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12260"
},
{
"name": "CVE-2022-23218",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23218"
},
{
"name": "CVE-2023-28260",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28260"
},
{
"name": "CVE-2023-43505",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43505"
},
{
"name": "CVE-2023-38074",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38074"
},
{
"name": "CVE-2019-12262",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12262"
},
{
"name": "CVE-2023-29331",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29331"
},
{
"name": "CVE-2019-12255",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12255"
},
{
"name": "CVE-2023-44374",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44374"
},
{
"name": "CVE-2023-43504",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43504"
},
{
"name": "CVE-2023-0933",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0933"
},
{
"name": "CVE-2023-2567",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2567"
},
{
"name": "CVE-2023-32649",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32649"
},
{
"name": "CVE-2022-41032",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41032"
},
{
"name": "CVE-2023-4863",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4863"
},
{
"name": "CVE-2023-21808",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21808"
},
{
"name": "CVE-2023-2931",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2931"
},
{
"name": "CVE-2023-2975",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2975"
},
{
"name": "CVE-2022-30184",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30184"
},
{
"name": "CVE-2019-12265",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12265"
},
{
"name": "CVE-2023-44373",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44373"
},
{
"name": "CVE-2023-3446",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3446"
},
{
"name": "CVE-2022-23219",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23219"
},
{
"name": "CVE-2023-38076",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38076"
},
{
"name": "CVE-2023-41032",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41032"
},
{
"name": "CVE-2023-33126",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33126"
},
{
"name": "CVE-2023-44318",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44318"
},
{
"name": "CVE-2023-22670",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22670"
}
],
"initial_release_date": "2023-11-14T00:00:00",
"last_revision_date": "2023-11-14T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0935",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-11-14T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Siemens\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, un\nd\u00e9ni de service \u00e0 distance et une ex\u00e9cution de code arbitraire \u00e0\ndistance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-617233 du 14 novembre 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-292063.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-268517 du 14 novembre 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-084182.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-197270 du 14 novembre 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-787941.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-099606 du 14 novembre 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-625850.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-137900 du 14 novembre 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-137900.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-456933 du 14 novembre 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-456933.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-787941 du 14 novembre 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-457702.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-084182 du 14 novembre 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-887122.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-887122 du 08 novembre 2022",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-150063.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-150063 du 14 novembre 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-268517.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-699386 du 14 novembre 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-197270.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-292063 du 14 novembre 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-617233.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-625850 du 14 novembre 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-699386.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-457702 du 14 novembre 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-099606.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-478780 du 14 novembre 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-478780.html"
}
]
}
CERTFR-2023-AVI-0733
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Siemens | N/A | RUGGEDCOM APE1808 ELAN CC (6GK6015-0AL20-0GP1) versions antérieures à 1.0.212N | ||
| Siemens | N/A | SIMIT Simulation Platform toutes versions | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1517H-3 PN (6ES7517-3HP00-0AB0) versions antérieures à 3.0.3 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN02-0AB0) versions antérieures à 2.9.7 | ||
| Siemens | N/A | SIPLUS ET 200SP CPU 1512SP-1 PN (6AG1512-1DK01-7AB0) versions antérieures à 2.9.7 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1510SP-1 PN (6ES7510-1DJ01-0AB0) versions antérieures à 2.9.7 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL02-0AB0) versions antérieures à 2.9.7 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1517-3 PN/DP (6ES7517-3AP00-0AB0) versions antérieures à 3.0.3 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CK00-0AB0) versions antérieures à 2.9.7 | ||
| Siemens | N/A | SIPLUS ET 200SP CPU 1512SP F-1 PN (6AG1512-1SK01-7AB0) versions antérieures à 2.9.7 | ||
| Siemens | N/A | SIPLUS ET 200SP CPU 1510SP-1 PN RAIL (6AG2510-1DJ01-1AB0) versions antérieures à 2.9.7 | ||
| Siemens | N/A | Teamcenter Visualization versions 14.1.x antérieures à 14.1.0.11 | ||
| Siemens | N/A | PSS(R)ODMS V13.0 toutes versions | ||
| Siemens | N/A | SIPLUS S7-1500 CPU 1511-1 PN (6AG1511-1AK02-2AB0) versions antérieures à 2.9.7 | ||
| Siemens | N/A | RUGGEDCOM APE1808 ADM CC (6GK6015-0AL20-0GL1) versions antérieures à 1.0.212N | ||
| Siemens | N/A | SIPLUS S7-1500 CPU 1515F-2 PN (6AG1515-2FM01-2AB0) versions antérieures à 2.9.7 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL02-0AB0) versions antérieures à 2.9.7 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1518F-4 PN/DP (6ES7518-4FP00-0AB0) versions antérieures à 3.0.3 | ||
| Siemens | N/A | SIMATIC S7-1500 Software Controller V2 versions antérieures à 21.9.7 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK02-0AB0) versions antérieures à 2.9.7 | ||
| Siemens | N/A | SIPLUS S7-1500 CPU 1516F-3 PN/DP RAIL (6AG2516-3FN02-2AB0) versions antérieures à 2.9.7 | ||
| Siemens | N/A | SIPLUS ET 200SP CPU 1512SP-1 PN RAIL (6AG2512-1DK01-4AB0) versions antérieures à 2.9.7 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TL03-0AB0) versions antérieures à 3.0.3 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TK01-0AB0) versions antérieures à 2.9.7 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODK (6ES7518-4AP00-3AB0) versions antérieures à 2.9.7 | ||
| Siemens | N/A | Parasolid versions 36.0.x antérieures à 36.0.142 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FP03-0AB0) versions antérieures à 3.0.3 | ||
| Siemens | N/A | RUGGEDCOM APE1808CLA-S1 (6GK6015-0AL20-1AB0) versions antérieures à 1.0.212N | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UL03-0AB0) versions antérieures à 3.0.3 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1517TF-3 PN/DP (6ES7517-3UP00-0AB0) versions antérieures à 3.0.3 | ||
| Siemens | N/A | RUGGEDCOM APE1808CLA-S3 CC (6GK6015-0AL20-1AD1) versions antérieures à 1.0.212N | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1518TF-4 PN/DP (6ES7518-4UP00-0AB0) versions antérieures à 3.0.3 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN02-0AB0) versions antérieures à 2.9.7 | ||
| Siemens | N/A | RUGGEDCOM APE1808CLA-S5 CC (6GK6015-0AL20-1AF1) versions antérieures à 1.0.212N | ||
| Siemens | N/A | SIPLUS S7-1500 CPU 1511-1 PN (6AG1511-1AK02-7AB0) versions antérieures à 2.9.7 | ||
| Siemens | N/A | SIPLUS S7-1500 CPU 1516-3 PN/DP (6AG1516-3AN02-7AB0) versions antérieures à 2.9.7 | ||
| Siemens | N/A | Teamcenter Visualization versions 14.2.x antérieures à 14.2.0.6 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1513R-1 PN (6ES7513-1RM03-0AB0) versions antérieures à 3.0.3 | ||
| Siemens | N/A | SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0) versions antérieures à 3.0.3 | ||
| Siemens | N/A | RUGGEDCOM APE1808 CLOUDCONNECT (6GK6015-0AL20-0GM0) versions antérieures à 1.0.212N | ||
| Siemens | N/A | SIPLUS S7-1500 CPU 1516-3 PN/DP (6AG1516-3AN01-7AB0) versions antérieures à 2.9.7 | ||
| Siemens | N/A | SIPLUS ET 200SP CPU 1510SP-1 PN RAIL (6AG2510-1DJ01-4AB0) versions antérieures à 2.9.7 | ||
| Siemens | N/A | SIPLUS S7-1500 CPU 1511-1 PN (6AG1511-1AK01-2AB0) versions antérieures à 2.9.7 | ||
| Siemens | N/A | Parasolid versions 35.0.x antérieures à 35.0.253 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1512SP F-1 PN (6ES7512-1SK01-0AB0) versions antérieures à 2.9.7 | ||
| Siemens | N/A | Parasolid versions 34.1.x antérieures à 34.1.258 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AL03-0AB0) versions antérieures à 3.0.3 | ||
| Siemens | N/A | SIPLUS S7-1500 CPU 1516-3 PN/DP RAIL (6AG2516-3AN02-4AB0) versions antérieures à 2.9.7 | ||
| Siemens | N/A | RUGGEDCOM APE1808CLA-S3 (6GK6015-0AL20-1AD0) versions antérieures à 1.0.212N | ||
| Siemens | N/A | SIPLUS S7-1500 CPU 1513-1 PN (6AG1513-1AL02-2AB0) versions antérieures à 2.9.7 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1517T-3 PN/DP (6ES7517-3TP00-0AB0) versions antérieures à 3.0.3 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODK (6ES7518-4FP00-3AB0) versions antérieures à 2.9.7 | ||
| Siemens | N/A | SIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PN (6ES7516-2GN00-0AB0) versions antérieures à 2.9.7 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1514SPT F-2 PN (6ES7514-2WN03-0AB0) versions antérieures à 3.0.3 | ||
| Siemens | N/A | SIPLUS S7-1500 CPU 1511-1 PN T1 RAIL (6AG2511-1AK01-1AB0) versions antérieures à 2.9.7 | ||
| Siemens | N/A | SIPLUS S7-1500 CPU 1518F-4 PN/DP (6AG1518-4FP00-4AB0) versions antérieures à 3.0.3 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1516T-3 PN/DP (6ES7516-3TN00-0AB0) versions antérieures à 3.0.3 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AN03-0AB0) versions antérieures à 3.0.3 | ||
| Siemens | N/A | RUGGEDCOM APE1808 CKP CC (6GK6015-0AL20-0GK1) versions antérieures à 1.0.212N | ||
| Siemens | N/A | RUGGEDCOM APE1808CLA-P CC (6GK6015-0AL20-1AA1) versions antérieures à 1.0.212N | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1512SP-1 PN (6ES7512-1DM03-0AB0) versions antérieures à 3.0.3 | ||
| Siemens | N/A | RUGGEDCOM APE1808CLA-S5 (6GK6015-0AL20-1AF0) versions antérieures à 1.0.212N | ||
| Siemens | N/A | RUGGEDCOM APE1808 CKP (6GK6015-0AL20-0GK0) versions antérieures à 1.0.212N | ||
| Siemens | N/A | SIPLUS S7-1500 CPU 1515R-2 PN TX RAIL (6AG2515-2RM00-4AB0) versions antérieures à 2.9.7 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FN03-0AB0) versions antérieures à 3.0.3 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1518HF-4 PN (6ES7518-4JP00-0AB0) versions antérieures à 3.0.3 | ||
| Siemens | N/A | PSS(R)CAPE versions 14.x antérieures à 14.2023-08-23 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM01-0AB0) versions antérieures à 2.9.7 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM02-0AB0) versions antérieures à 2.9.7 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1515R-2 PN (6ES7515-2RM00-0AB0) versions antérieures à 2.9.7 | ||
| Siemens | N/A | SIPLUS S7-1500 CPU 1516F-3 PN/DP (6AG1516-3FN02-2AB0) versions antérieures à 2.9.7 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL01-0AB0) versions antérieures à 2.9.7 | ||
| Siemens | N/A | SIPLUS S7-1500 CPU 1516-3 PN/DP TX RAIL (6AG2516-3AN01-4AB0) versions antérieures à 2.9.7 | ||
| Siemens | N/A | RUGGEDCOM APE1808 ADM (6GK6015-0AL20-0GL0) versions antérieures à 1.0.212N | ||
| Siemens | N/A | SIPLUS S7-1500 CPU 1518-4 PN/DP (6AG1518-4AP00-4AB0) versions antérieures à 3.0.3 | ||
| Siemens | N/A | PSS(R)ODMS versions 13.1.x antérieures à 13.1.12.1 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FM03-0AB0) versions antérieures à 3.0.3 | ||
| Siemens | N/A | SIPLUS ET 200SP CPU 1512SP F-1 PN (6AG1512-1SK01-2AB0) versions antérieures à 2.9.7 | ||
| Siemens | N/A | SIPLUS S7-1500 CPU 1513-1 PN (6AG1513-1AL01-7AB0) versions antérieures à 2.9.7 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1510SP F-1 PN (6ES7510-1SK03-0AB0) versions antérieures à 3.0.3 | ||
| Siemens | N/A | SIPLUS S7-1500 CPU 1511-1 PN T1 RAIL (6AG2511-1AK02-1AB0) versions antérieures à 2.9.7 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CK01-0AB0) versions antérieures à 2.9.7 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FL03-0AB0) versions antérieures à 3.0.3 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN01-0AB0) versions antérieures à 2.9.7 | ||
| Siemens | N/A | Teamcenter Visualization versions 14.3.x antérieures à 14.3.0.1 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK01-0AB0) versions antérieures à 2.9.7 | ||
| Siemens | N/A | SIMATIC Drive Controller CPU 1504D TF (6ES7615-4DF10-0AB0) versions antérieures à 2.9.7 | ||
| Siemens | N/A | SIPLUS S7-1500 CPU 1513F-1 PN (6AG1513-1FL01-2AB0) versions antérieures à 2.9.7 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM02-0AB0) versions antérieures à 2.9.7 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UN03-0AB0) versions antérieures à 3.0.3 | ||
| Siemens | N/A | SIPLUS S7-1500 CPU 1513-1 PN (6AG1513-1AL01-2AB0) versions antérieures à 2.9.7 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1510SP-1 PN (6ES7510-1DK03-0AB0) versions antérieures à 3.0.3 | ||
| Siemens | N/A | SIPLUS ET 200SP CPU 1510SP F-1 PN (6AG1510-1SJ01-2AB0) versions antérieures à 2.9.7 | ||
| Siemens | N/A | RUGGEDCOM APE1808 CLOUDCONNECT CC (6GK6015-0AL20-0GM1) versions antérieures à 1.0.212N | ||
| Siemens | N/A | SIPLUS S7-1500 CPU 1515F-2 PN (6AG1515-2FM02-2AB0) versions antérieures à 2.9.7 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1518-4 PN/DP (6ES7518-4AP00-0AB0) versions antérieures à 3.0.3 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AP03-0AB0) versions antérieures à 3.0.3 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TM01-0AB0) versions antérieures à 2.9.7 | ||
| Siemens | N/A | SIPLUS ET 200SP CPU 1510SP F-1 PN RAIL (6AG2510-1SJ01-1AB0) versions antérieures à 2.9.7 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN01-0AB0) versions antérieures à 2.9.7 | ||
| Siemens | N/A | SIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PN (6ES7516-2PN00-0AB0) versions antérieures à 2.9.7 | ||
| Siemens | N/A | SIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PN (6ES7513-2GL00-0AB0) versions antérieures à 2.9.7 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1516TF-3 PN/DP (6ES7516-3UN00-0AB0) versions antérieures à 3.0.3 | ||
| Siemens | N/A | RUGGEDCOM APE1808 SAM-L (6GK6015-0AL20-0GN0) versions antérieures à 1.0.212N | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK02-0AB0) versions antérieures à 2.9.7 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1513R-1 PN (6ES7513-1RL00-0AB0) versions antérieures à 2.9.7 | ||
| Siemens | N/A | SIPLUS ET 200SP CPU 1512SP-1 PN (6AG1512-1DK01-2AB0) versions antérieures à 2.9.7 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1512SP F-1 PN (6ES7512-1SM03-0AB0) versions antérieures à 3.0.3 | ||
| Siemens | N/A | RUGGEDCOM APE1808 SAM-L CC (6GK6015-0AL20-0GN1) versions antérieures à 1.0.212N | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1518T-4 PN/DP (6ES7518-4TP00-0AB0) versions antérieures à 3.0.3 | ||
| Siemens | N/A | SIMATIC Cloud Connect 7 CC712 (6GK1411-1AC00) versions antérieures à 2.2 | ||
| Siemens | N/A | Teamcenter Visualization versions 13.3.x antérieures à 13.3.0.12 | ||
| Siemens | N/A | RUGGEDCOM APE1808W10 CC (6GK6015-0AL20-0GJ1) versions antérieures à 1.0.212N | ||
| Siemens | N/A | PSS(R)E versions 34.x antérieures à 34.9.6 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK01-0AB0) versions antérieures à 2.9.7 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP00-0AB0) versions antérieures à 3.0.3 | ||
| Siemens | N/A | SIPLUS S7-1500 CPU 1515F-2 PN T2 RAIL (6AG2515-2FM01-2AB0) versions antérieures à 2.9.7 | ||
| Siemens | N/A | SIMATIC Drive Controller CPU 1507D TF (6ES7615-7DF10-0AB0) versions antérieures à 2.9.7 | ||
| Siemens | N/A | SIPLUS ET 200SP CPU 1510SP-1 PN (6AG1510-1DJ01-7AB0) versions antérieures à 2.9.7 | ||
| Siemens | N/A | SIPLUS S7-1500 CPU 1517H-3 PN (6AG1517-3HP00-4AB0) versions antérieures à 3.0.3 | ||
| Siemens | N/A | SIMATIC Cloud Connect 7 CC716 (6GK1411-5AC00) versions antérieures à 2.2 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AM03-0AB0) versions antérieures à 3.0.3 | ||
| Siemens | N/A | SIPLUS ET 200SP CPU 1512SP F-1 PN RAIL (6AG2512-1SK01-4AB0) versions antérieures à 2.9.7 | ||
| Siemens | N/A | SIPLUS S7-1500 CPU 1511-1 PN TX RAIL (6AG2511-1AK02-4AB0) versions antérieures à 2.9.7 | ||
| Siemens | N/A | SIMATIC WinCC OA versions 3.19.x antérieures à 3.19 P006 | ||
| Siemens | N/A | SIPLUS S7-1500 CPU 1511F-1 PN (6AG1511-1FK01-2AB0) versions antérieures à 2.9.7 | ||
| Siemens | N/A | PSS(R)CAPE versions 15.x antérieures à 15.0.22 | ||
| Siemens | N/A | SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) versions antérieures à 21.9.7 | ||
| Siemens | N/A | RUGGEDCOM APE1808W10 (6GK6015-0AL20-0GJ0) versions antérieures à 1.0.212N | ||
| Siemens | N/A | SIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PN (6ES7513-2PL00-0AB0) versions antérieures à 2.9.7 | ||
| Siemens | N/A | SIPLUS S7-1500 CPU 1511-1 PN TX RAIL (6AG2511-1AK01-4AB0) versions antérieures à 2.9.7 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM01-0AB0) versions antérieures à 2.9.7 | ||
| Siemens | N/A | Parasolid versions 35.1.x antérieures à 35.1.184 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TN03-0AB0) versions antérieures à 3.0.3 | ||
| Siemens | N/A | SIPLUS S7-1500 CPU 1518HF-4 PN (6AG1518-4JP00-4AB0) versions antérieures à 3.0.3 | ||
| Siemens | N/A | SIPLUS S7-1500 CPU 1513F-1 PN (6AG1513-1FL02-2AB0) versions antérieures à 2.9.7 | ||
| Siemens | N/A | SIPLUS ET 200SP CPU 1510SP-1 PN (6AG1510-1DJ01-2AB0) versions antérieures à 2.9.7 | ||
| Siemens | N/A | PSS(R)E V35 toutes versions | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1510SP F-1 PN (6ES7510-1SJ01-0AB0) versions antérieures à 2.9.7 | ||
| Siemens | N/A | SIPLUS ET 200SP CPU 1512SP-1 PN RAIL (6AG2512-1DK01-1AB0) versions antérieures à 2.9.7 | ||
| Siemens | N/A | RUGGEDCOM APE1808LNX CC (6GK6015-0AL20-0GH1) versions antérieures à 1.0.212N | ||
| Siemens | N/A | SIPLUS S7-1500 CPU 1511F-1 PN (6AG1511-1FK02-2AB0) versions antérieures à 2.9.7 | ||
| Siemens | N/A | SIPLUS S7-1500 CPU 1516F-3 PN/DP RAIL (6AG2516-3FN02-4AB0) versions antérieures à 2.9.7 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CK01-0AB0) versions antérieures à 2.9.7 | ||
| Siemens | N/A | SIPLUS S7-1500 CPU 1515R-2 PN (6AG1515-2RM00-7AB0) versions antérieures à 2.9.7 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CK00-0AB0) versions antérieures à 2.9.7 | ||
| Siemens | N/A | SIPLUS S7-1500 CPU 1516-3 PN/DP (6AG1516-3AN01-2AB0) versions antérieures à 2.9.7 | ||
| Siemens | N/A | SIPLUS ET 200SP CPU 1512SP F-1 PN RAIL (6AG2512-1SK01-1AB0) versions antérieures à 2.9.7 | ||
| Siemens | N/A | RUGGEDCOM APE1808CLA-S1 CC (6GK6015-0AL20-1AB1) versions antérieures à 1.0.212N | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UK01-0AB0) versions antérieures à 2.9.7 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0) versions antérieures à 3.0.3 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0) versions antérieures à 3.0.3 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1514SPT-2 PN (6ES7514-2VN03-0AB0) versions antérieures à 3.0.3 | ||
| Siemens | N/A | SIPLUS S7-1500 CPU 1516-3 PN/DP (6AG1516-3AN02-2AB0) versions antérieures à 2.9.7 | ||
| Siemens | N/A | JT2Go versions antérieures à 14.3.0.1 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1515R-2 PN (6ES7515-2RN03-0AB0) versions antérieures à 3.0.3 | ||
| Siemens | N/A | QMS Automotive versions antérieures à 12.39 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1514SP-2 PN (6ES7514-2DN03-0AB0) versions antérieures à 3.0.3 | ||
| Siemens | N/A | SIPLUS S7-1500 CPU 1516F-3 PN/DP (6AG1516-3FN01-2AB0) versions antérieures à 2.9.7 | ||
| Siemens | N/A | RUGGEDCOM APE1808 ELAN (6GK6015-0AL20-0GP0) versions antérieures à 1.0.212N | ||
| Siemens | N/A | SIPLUS S7-1500 CPU 1515F-2 PN RAIL (6AG2515-2FM02-4AB0) versions antérieures à 2.9.7 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL01-0AB0) versions antérieures à 2.9.7 | ||
| Siemens | N/A | SIPLUS S7-1500 CPU 1511-1 PN (6AG1511-1AK01-7AB0) versions antérieures à 2.9.7 | ||
| Siemens | N/A | SIPLUS S7-1500 CPU 1513-1 PN (6AG1513-1AL02-7AB0) versions antérieures à 2.9.7 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UM01-0AB0) versions antérieures à 2.9.7 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1512SP-1 PN (6ES7512-1DK01-0AB0) versions antérieures à 2.9.7 | ||
| Siemens | N/A | RUGGEDCOM APE1808LNX (6GK6015-0AL20-0GH0) versions antérieures à 1.0.212N | ||
| Siemens | N/A | RUGGEDCOM APE1808CLA-P (6GK6015-0AL20-1AA0) versions antérieures à 1.0.212N | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1514SP F-2 PN (6ES7514-2SN03-0AB0) versions antérieures à 3.0.3 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "RUGGEDCOM APE1808 ELAN CC (6GK6015-0AL20-0GP1) versions ant\u00e9rieures \u00e0 1.0.212N",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMIT Simulation Platform toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1517H-3 PN (6ES7517-3HP00-0AB0) versions ant\u00e9rieures \u00e0 3.0.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN02-0AB0) versions ant\u00e9rieures \u00e0 2.9.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS ET 200SP CPU 1512SP-1 PN (6AG1512-1DK01-7AB0) versions ant\u00e9rieures \u00e0 2.9.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1510SP-1 PN (6ES7510-1DJ01-0AB0) versions ant\u00e9rieures \u00e0 2.9.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL02-0AB0) versions ant\u00e9rieures \u00e0 2.9.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1517-3 PN/DP (6ES7517-3AP00-0AB0) versions ant\u00e9rieures \u00e0 3.0.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CK00-0AB0) versions ant\u00e9rieures \u00e0 2.9.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS ET 200SP CPU 1512SP F-1 PN (6AG1512-1SK01-7AB0) versions ant\u00e9rieures \u00e0 2.9.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS ET 200SP CPU 1510SP-1 PN RAIL (6AG2510-1DJ01-1AB0) versions ant\u00e9rieures \u00e0 2.9.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Teamcenter Visualization versions 14.1.x ant\u00e9rieures \u00e0 14.1.0.11",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "PSS(R)ODMS V13.0 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS S7-1500 CPU 1511-1 PN (6AG1511-1AK02-2AB0) versions ant\u00e9rieures \u00e0 2.9.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM APE1808 ADM CC (6GK6015-0AL20-0GL1) versions ant\u00e9rieures \u00e0 1.0.212N",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS S7-1500 CPU 1515F-2 PN (6AG1515-2FM01-2AB0) versions ant\u00e9rieures \u00e0 2.9.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL02-0AB0) versions ant\u00e9rieures \u00e0 2.9.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1518F-4 PN/DP (6ES7518-4FP00-0AB0) versions ant\u00e9rieures \u00e0 3.0.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 Software Controller V2 versions ant\u00e9rieures \u00e0 21.9.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK02-0AB0) versions ant\u00e9rieures \u00e0 2.9.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS S7-1500 CPU 1516F-3 PN/DP RAIL (6AG2516-3FN02-2AB0) versions ant\u00e9rieures \u00e0 2.9.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS ET 200SP CPU 1512SP-1 PN RAIL (6AG2512-1DK01-4AB0) versions ant\u00e9rieures \u00e0 2.9.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TL03-0AB0) versions ant\u00e9rieures \u00e0 3.0.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TK01-0AB0) versions ant\u00e9rieures \u00e0 2.9.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODK (6ES7518-4AP00-3AB0) versions ant\u00e9rieures \u00e0 2.9.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Parasolid versions 36.0.x ant\u00e9rieures \u00e0 36.0.142",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FP03-0AB0) versions ant\u00e9rieures \u00e0 3.0.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM APE1808CLA-S1 (6GK6015-0AL20-1AB0) versions ant\u00e9rieures \u00e0 1.0.212N",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UL03-0AB0) versions ant\u00e9rieures \u00e0 3.0.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1517TF-3 PN/DP (6ES7517-3UP00-0AB0) versions ant\u00e9rieures \u00e0 3.0.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM APE1808CLA-S3 CC (6GK6015-0AL20-1AD1) versions ant\u00e9rieures \u00e0 1.0.212N",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1518TF-4 PN/DP (6ES7518-4UP00-0AB0) versions ant\u00e9rieures \u00e0 3.0.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN02-0AB0) versions ant\u00e9rieures \u00e0 2.9.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM APE1808CLA-S5 CC (6GK6015-0AL20-1AF1) versions ant\u00e9rieures \u00e0 1.0.212N",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS S7-1500 CPU 1511-1 PN (6AG1511-1AK02-7AB0) versions ant\u00e9rieures \u00e0 2.9.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS S7-1500 CPU 1516-3 PN/DP (6AG1516-3AN02-7AB0) versions ant\u00e9rieures \u00e0 2.9.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Teamcenter Visualization versions 14.2.x ant\u00e9rieures \u00e0 14.2.0.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1513R-1 PN (6ES7513-1RM03-0AB0) versions ant\u00e9rieures \u00e0 3.0.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0) versions ant\u00e9rieures \u00e0 3.0.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM APE1808 CLOUDCONNECT (6GK6015-0AL20-0GM0) versions ant\u00e9rieures \u00e0 1.0.212N",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS S7-1500 CPU 1516-3 PN/DP (6AG1516-3AN01-7AB0) versions ant\u00e9rieures \u00e0 2.9.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS ET 200SP CPU 1510SP-1 PN RAIL (6AG2510-1DJ01-4AB0) versions ant\u00e9rieures \u00e0 2.9.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS S7-1500 CPU 1511-1 PN (6AG1511-1AK01-2AB0) versions ant\u00e9rieures \u00e0 2.9.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Parasolid versions 35.0.x ant\u00e9rieures \u00e0 35.0.253",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1512SP F-1 PN (6ES7512-1SK01-0AB0) versions ant\u00e9rieures \u00e0 2.9.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Parasolid versions 34.1.x ant\u00e9rieures \u00e0 34.1.258",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AL03-0AB0) versions ant\u00e9rieures \u00e0 3.0.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS S7-1500 CPU 1516-3 PN/DP RAIL (6AG2516-3AN02-4AB0) versions ant\u00e9rieures \u00e0 2.9.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM APE1808CLA-S3 (6GK6015-0AL20-1AD0) versions ant\u00e9rieures \u00e0 1.0.212N",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS S7-1500 CPU 1513-1 PN (6AG1513-1AL02-2AB0) versions ant\u00e9rieures \u00e0 2.9.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1517T-3 PN/DP (6ES7517-3TP00-0AB0) versions ant\u00e9rieures \u00e0 3.0.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODK (6ES7518-4FP00-3AB0) versions ant\u00e9rieures \u00e0 2.9.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PN (6ES7516-2GN00-0AB0) versions ant\u00e9rieures \u00e0 2.9.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1514SPT F-2 PN (6ES7514-2WN03-0AB0) versions ant\u00e9rieures \u00e0 3.0.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS S7-1500 CPU 1511-1 PN T1 RAIL (6AG2511-1AK01-1AB0) versions ant\u00e9rieures \u00e0 2.9.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS S7-1500 CPU 1518F-4 PN/DP (6AG1518-4FP00-4AB0) versions ant\u00e9rieures \u00e0 3.0.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1516T-3 PN/DP (6ES7516-3TN00-0AB0) versions ant\u00e9rieures \u00e0 3.0.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AN03-0AB0) versions ant\u00e9rieures \u00e0 3.0.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM APE1808 CKP CC (6GK6015-0AL20-0GK1) versions ant\u00e9rieures \u00e0 1.0.212N",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM APE1808CLA-P CC (6GK6015-0AL20-1AA1) versions ant\u00e9rieures \u00e0 1.0.212N",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1512SP-1 PN (6ES7512-1DM03-0AB0) versions ant\u00e9rieures \u00e0 3.0.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM APE1808CLA-S5 (6GK6015-0AL20-1AF0) versions ant\u00e9rieures \u00e0 1.0.212N",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM APE1808 CKP (6GK6015-0AL20-0GK0) versions ant\u00e9rieures \u00e0 1.0.212N",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS S7-1500 CPU 1515R-2 PN TX RAIL (6AG2515-2RM00-4AB0) versions ant\u00e9rieures \u00e0 2.9.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FN03-0AB0) versions ant\u00e9rieures \u00e0 3.0.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1518HF-4 PN (6ES7518-4JP00-0AB0) versions ant\u00e9rieures \u00e0 3.0.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "PSS(R)CAPE versions 14.x ant\u00e9rieures \u00e0 14.2023-08-23",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM01-0AB0) versions ant\u00e9rieures \u00e0 2.9.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM02-0AB0) versions ant\u00e9rieures \u00e0 2.9.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1515R-2 PN (6ES7515-2RM00-0AB0) versions ant\u00e9rieures \u00e0 2.9.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS S7-1500 CPU 1516F-3 PN/DP (6AG1516-3FN02-2AB0) versions ant\u00e9rieures \u00e0 2.9.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL01-0AB0) versions ant\u00e9rieures \u00e0 2.9.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS S7-1500 CPU 1516-3 PN/DP TX RAIL (6AG2516-3AN01-4AB0) versions ant\u00e9rieures \u00e0 2.9.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM APE1808 ADM (6GK6015-0AL20-0GL0) versions ant\u00e9rieures \u00e0 1.0.212N",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS S7-1500 CPU 1518-4 PN/DP (6AG1518-4AP00-4AB0) versions ant\u00e9rieures \u00e0 3.0.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "PSS(R)ODMS versions 13.1.x ant\u00e9rieures \u00e0 13.1.12.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FM03-0AB0) versions ant\u00e9rieures \u00e0 3.0.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS ET 200SP CPU 1512SP F-1 PN (6AG1512-1SK01-2AB0) versions ant\u00e9rieures \u00e0 2.9.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS S7-1500 CPU 1513-1 PN (6AG1513-1AL01-7AB0) versions ant\u00e9rieures \u00e0 2.9.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1510SP F-1 PN (6ES7510-1SK03-0AB0) versions ant\u00e9rieures \u00e0 3.0.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS S7-1500 CPU 1511-1 PN T1 RAIL (6AG2511-1AK02-1AB0) versions ant\u00e9rieures \u00e0 2.9.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CK01-0AB0) versions ant\u00e9rieures \u00e0 2.9.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FL03-0AB0) versions ant\u00e9rieures \u00e0 3.0.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN01-0AB0) versions ant\u00e9rieures \u00e0 2.9.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Teamcenter Visualization versions 14.3.x ant\u00e9rieures \u00e0 14.3.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK01-0AB0) versions ant\u00e9rieures \u00e0 2.9.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Drive Controller CPU 1504D TF (6ES7615-4DF10-0AB0) versions ant\u00e9rieures \u00e0 2.9.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS S7-1500 CPU 1513F-1 PN (6AG1513-1FL01-2AB0) versions ant\u00e9rieures \u00e0 2.9.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM02-0AB0) versions ant\u00e9rieures \u00e0 2.9.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UN03-0AB0) versions ant\u00e9rieures \u00e0 3.0.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS S7-1500 CPU 1513-1 PN (6AG1513-1AL01-2AB0) versions ant\u00e9rieures \u00e0 2.9.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1510SP-1 PN (6ES7510-1DK03-0AB0) versions ant\u00e9rieures \u00e0 3.0.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS ET 200SP CPU 1510SP F-1 PN (6AG1510-1SJ01-2AB0) versions ant\u00e9rieures \u00e0 2.9.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM APE1808 CLOUDCONNECT CC (6GK6015-0AL20-0GM1) versions ant\u00e9rieures \u00e0 1.0.212N",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS S7-1500 CPU 1515F-2 PN (6AG1515-2FM02-2AB0) versions ant\u00e9rieures \u00e0 2.9.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1518-4 PN/DP (6ES7518-4AP00-0AB0) versions ant\u00e9rieures \u00e0 3.0.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AP03-0AB0) versions ant\u00e9rieures \u00e0 3.0.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TM01-0AB0) versions ant\u00e9rieures \u00e0 2.9.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS ET 200SP CPU 1510SP F-1 PN RAIL (6AG2510-1SJ01-1AB0) versions ant\u00e9rieures \u00e0 2.9.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN01-0AB0) versions ant\u00e9rieures \u00e0 2.9.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PN (6ES7516-2PN00-0AB0) versions ant\u00e9rieures \u00e0 2.9.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PN (6ES7513-2GL00-0AB0) versions ant\u00e9rieures \u00e0 2.9.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1516TF-3 PN/DP (6ES7516-3UN00-0AB0) versions ant\u00e9rieures \u00e0 3.0.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM APE1808 SAM-L (6GK6015-0AL20-0GN0) versions ant\u00e9rieures \u00e0 1.0.212N",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK02-0AB0) versions ant\u00e9rieures \u00e0 2.9.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1513R-1 PN (6ES7513-1RL00-0AB0) versions ant\u00e9rieures \u00e0 2.9.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS ET 200SP CPU 1512SP-1 PN (6AG1512-1DK01-2AB0) versions ant\u00e9rieures \u00e0 2.9.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1512SP F-1 PN (6ES7512-1SM03-0AB0) versions ant\u00e9rieures \u00e0 3.0.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM APE1808 SAM-L CC (6GK6015-0AL20-0GN1) versions ant\u00e9rieures \u00e0 1.0.212N",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1518T-4 PN/DP (6ES7518-4TP00-0AB0) versions ant\u00e9rieures \u00e0 3.0.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Cloud Connect 7 CC712 (6GK1411-1AC00) versions ant\u00e9rieures \u00e0 2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Teamcenter Visualization versions 13.3.x ant\u00e9rieures \u00e0 13.3.0.12",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM APE1808W10 CC (6GK6015-0AL20-0GJ1) versions ant\u00e9rieures \u00e0 1.0.212N",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "PSS(R)E versions 34.x ant\u00e9rieures \u00e0 34.9.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK01-0AB0) versions ant\u00e9rieures \u00e0 2.9.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP00-0AB0) versions ant\u00e9rieures \u00e0 3.0.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS S7-1500 CPU 1515F-2 PN T2 RAIL (6AG2515-2FM01-2AB0) versions ant\u00e9rieures \u00e0 2.9.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Drive Controller CPU 1507D TF (6ES7615-7DF10-0AB0) versions ant\u00e9rieures \u00e0 2.9.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS ET 200SP CPU 1510SP-1 PN (6AG1510-1DJ01-7AB0) versions ant\u00e9rieures \u00e0 2.9.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS S7-1500 CPU 1517H-3 PN (6AG1517-3HP00-4AB0) versions ant\u00e9rieures \u00e0 3.0.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Cloud Connect 7 CC716 (6GK1411-5AC00) versions ant\u00e9rieures \u00e0 2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AM03-0AB0) versions ant\u00e9rieures \u00e0 3.0.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS ET 200SP CPU 1512SP F-1 PN RAIL (6AG2512-1SK01-4AB0) versions ant\u00e9rieures \u00e0 2.9.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS S7-1500 CPU 1511-1 PN TX RAIL (6AG2511-1AK02-4AB0) versions ant\u00e9rieures \u00e0 2.9.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC OA versions 3.19.x ant\u00e9rieures \u00e0 3.19 P006",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS S7-1500 CPU 1511F-1 PN (6AG1511-1FK01-2AB0) versions ant\u00e9rieures \u00e0 2.9.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "PSS(R)CAPE versions 15.x ant\u00e9rieures \u00e0 15.0.22",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) versions ant\u00e9rieures \u00e0 21.9.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM APE1808W10 (6GK6015-0AL20-0GJ0) versions ant\u00e9rieures \u00e0 1.0.212N",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PN (6ES7513-2PL00-0AB0) versions ant\u00e9rieures \u00e0 2.9.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS S7-1500 CPU 1511-1 PN TX RAIL (6AG2511-1AK01-4AB0) versions ant\u00e9rieures \u00e0 2.9.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM01-0AB0) versions ant\u00e9rieures \u00e0 2.9.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Parasolid versions 35.1.x ant\u00e9rieures \u00e0 35.1.184",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TN03-0AB0) versions ant\u00e9rieures \u00e0 3.0.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS S7-1500 CPU 1518HF-4 PN (6AG1518-4JP00-4AB0) versions ant\u00e9rieures \u00e0 3.0.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS S7-1500 CPU 1513F-1 PN (6AG1513-1FL02-2AB0) versions ant\u00e9rieures \u00e0 2.9.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS ET 200SP CPU 1510SP-1 PN (6AG1510-1DJ01-2AB0) versions ant\u00e9rieures \u00e0 2.9.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "PSS(R)E V35 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1510SP F-1 PN (6ES7510-1SJ01-0AB0) versions ant\u00e9rieures \u00e0 2.9.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS ET 200SP CPU 1512SP-1 PN RAIL (6AG2512-1DK01-1AB0) versions ant\u00e9rieures \u00e0 2.9.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM APE1808LNX CC (6GK6015-0AL20-0GH1) versions ant\u00e9rieures \u00e0 1.0.212N",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS S7-1500 CPU 1511F-1 PN (6AG1511-1FK02-2AB0) versions ant\u00e9rieures \u00e0 2.9.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS S7-1500 CPU 1516F-3 PN/DP RAIL (6AG2516-3FN02-4AB0) versions ant\u00e9rieures \u00e0 2.9.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CK01-0AB0) versions ant\u00e9rieures \u00e0 2.9.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS S7-1500 CPU 1515R-2 PN (6AG1515-2RM00-7AB0) versions ant\u00e9rieures \u00e0 2.9.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CK00-0AB0) versions ant\u00e9rieures \u00e0 2.9.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS S7-1500 CPU 1516-3 PN/DP (6AG1516-3AN01-2AB0) versions ant\u00e9rieures \u00e0 2.9.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS ET 200SP CPU 1512SP F-1 PN RAIL (6AG2512-1SK01-1AB0) versions ant\u00e9rieures \u00e0 2.9.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM APE1808CLA-S1 CC (6GK6015-0AL20-1AB1) versions ant\u00e9rieures \u00e0 1.0.212N",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UK01-0AB0) versions ant\u00e9rieures \u00e0 2.9.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0) versions ant\u00e9rieures \u00e0 3.0.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0) versions ant\u00e9rieures \u00e0 3.0.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1514SPT-2 PN (6ES7514-2VN03-0AB0) versions ant\u00e9rieures \u00e0 3.0.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS S7-1500 CPU 1516-3 PN/DP (6AG1516-3AN02-2AB0) versions ant\u00e9rieures \u00e0 2.9.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "JT2Go versions ant\u00e9rieures \u00e0 14.3.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1515R-2 PN (6ES7515-2RN03-0AB0) versions ant\u00e9rieures \u00e0 3.0.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "QMS Automotive versions ant\u00e9rieures \u00e0 12.39",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1514SP-2 PN (6ES7514-2DN03-0AB0) versions ant\u00e9rieures \u00e0 3.0.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS S7-1500 CPU 1516F-3 PN/DP (6AG1516-3FN01-2AB0) versions ant\u00e9rieures \u00e0 2.9.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM APE1808 ELAN (6GK6015-0AL20-0GP0) versions ant\u00e9rieures \u00e0 1.0.212N",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS S7-1500 CPU 1515F-2 PN RAIL (6AG2515-2FM02-4AB0) versions ant\u00e9rieures \u00e0 2.9.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL01-0AB0) versions ant\u00e9rieures \u00e0 2.9.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS S7-1500 CPU 1511-1 PN (6AG1511-1AK01-7AB0) versions ant\u00e9rieures \u00e0 2.9.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS S7-1500 CPU 1513-1 PN (6AG1513-1AL02-7AB0) versions ant\u00e9rieures \u00e0 2.9.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UM01-0AB0) versions ant\u00e9rieures \u00e0 2.9.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1512SP-1 PN (6ES7512-1DK01-0AB0) versions ant\u00e9rieures \u00e0 2.9.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM APE1808LNX (6GK6015-0AL20-0GH0) versions ant\u00e9rieures \u00e0 1.0.212N",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM APE1808CLA-P (6GK6015-0AL20-1AA0) versions ant\u00e9rieures \u00e0 1.0.212N",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1514SP F-2 PN (6ES7514-2SN03-0AB0) versions ant\u00e9rieures \u00e0 3.0.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-40728",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40728"
},
{
"name": "CVE-2022-35894",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35894"
},
{
"name": "CVE-2022-32953",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32953"
},
{
"name": "CVE-2023-40724",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40724"
},
{
"name": "CVE-2023-27373",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27373"
},
{
"name": "CVE-2023-3935",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3935"
},
{
"name": "CVE-2023-38072",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38072"
},
{
"name": "CVE-2023-38075",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38075"
},
{
"name": "CVE-2022-30283",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30283"
},
{
"name": "CVE-2023-38073",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38073"
},
{
"name": "CVE-2023-40730",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40730"
},
{
"name": "CVE-2023-24932",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24932"
},
{
"name": "CVE-2023-40732",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40732"
},
{
"name": "CVE-2022-32475",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32475"
},
{
"name": "CVE-2022-29275",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29275"
},
{
"name": "CVE-2022-35893",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35893"
},
{
"name": "CVE-2022-32954",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32954"
},
{
"name": "CVE-2023-40725",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40725"
},
{
"name": "CVE-2021-38578",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38578"
},
{
"name": "CVE-2022-32469",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32469"
},
{
"name": "CVE-2022-43958",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43958"
},
{
"name": "CVE-2023-41033",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41033"
},
{
"name": "CVE-2022-27405",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27405"
},
{
"name": "CVE-2022-40982",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40982"
},
{
"name": "CVE-2023-38071",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38071"
},
{
"name": "CVE-2022-35895",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35895"
},
{
"name": "CVE-2023-40726",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40726"
},
{
"name": "CVE-2022-24350",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24350"
},
{
"name": "CVE-2023-38070",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38070"
},
{
"name": "CVE-2022-32470",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32470"
},
{
"name": "CVE-2023-38074",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38074"
},
{
"name": "CVE-2022-35896",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35896"
},
{
"name": "CVE-2022-36338",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36338"
},
{
"name": "CVE-2017-5715",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5715"
},
{
"name": "CVE-2023-28831",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28831"
},
{
"name": "CVE-2022-32477",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32477"
},
{
"name": "CVE-2023-40727",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40727"
},
{
"name": "CVE-2022-32471",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32471"
},
{
"name": "CVE-2023-40731",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40731"
},
{
"name": "CVE-2023-31041",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31041"
},
{
"name": "CVE-2023-40729",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40729"
},
{
"name": "CVE-2022-30772",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30772"
},
{
"name": "CVE-2023-38076",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38076"
},
{
"name": "CVE-2023-41032",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41032"
},
{
"name": "CVE-2022-24351",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24351"
}
],
"initial_release_date": "2023-09-12T00:00:00",
"last_revision_date": "2023-09-12T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0733",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-09-12T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Siemens\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et une \u00e9l\u00e9vation de\nprivil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-278349 du 12 septembre 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-981975.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-147266 du 12 septembre 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-147266.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-240541 du 12 septembre 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-957369.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-957369 du 12 septembre 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-240541.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-190839 du 12 septembre 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-190839.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-981975 du 12 septembre 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-711309.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-711309 du 12 septembre 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-278349.html"
}
]
}
var-202309-0672
Vulnerability from variot
A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system. Wibu-Systems AG of CodeMeter Runtime Products from multiple vendors, such as the following, contain out-of-bounds write vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. PSS(R)CAPE is a transmission and distribution network protection simulation software. PSS(R)E is a power system simulation and analysis tool for transmission operation and planning. PSS(R)ODMS is a CIM-based network model management tool with network analysis capabilities for planning and operational planning of transmission utilities. SIMATIC PCS neo is a distributed control system (DCS). SIMATIC WinCC Open Architecture (OA) is part of the SIMATIC HMI family. It is designed for applications requiring a high degree of customer-specific adaptability, large or complex applications, and projects that impose specific system requirements or functionality. SIMIT Simulation Platform allows simulating factory settings to predict failures at an early planning stage. SINEC INS (Infrastructure Network Services) is a web-based application that combines various network services in one tool. SINEMA Remote Connect is a management platform for remote networks that allows simple management of tunnel connections (VPN) between headquarters, service technicians and installed machines or plants.
Siemens Industrial product WIBU system CodeMeter has a heap buffer overflow vulnerability, which is caused by failure to perform correct boundary checks. An attacker could exploit this vulnerability to cause a buffer overflow and execute arbitrary code on the system
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202309-0672",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "oseon",
"scope": "lte",
"trust": 1.0,
"vendor": "trumpf",
"version": "3.0.22"
},
{
"model": "tubedesign",
"scope": "lte",
"trust": 1.0,
"vendor": "trumpf",
"version": "14.06.150"
},
{
"model": "programmingtube",
"scope": "lte",
"trust": 1.0,
"vendor": "trumpf",
"version": "4.6.3"
},
{
"model": "trutopsfab",
"scope": "gte",
"trust": 1.0,
"vendor": "trumpf",
"version": "15.00.23.00"
},
{
"model": "teczonebend",
"scope": "lte",
"trust": 1.0,
"vendor": "trumpf",
"version": "23.06.01"
},
{
"model": "trutopsweld",
"scope": "lte",
"trust": 1.0,
"vendor": "trumpf",
"version": "9.0.28148.1"
},
{
"model": "trutops cell sw48",
"scope": "lte",
"trust": 1.0,
"vendor": "trumpf",
"version": "02.26.0"
},
{
"model": "trutopsprint",
"scope": "lte",
"trust": 1.0,
"vendor": "trumpf",
"version": "01.00"
},
{
"model": "trutops",
"scope": "gte",
"trust": 1.0,
"vendor": "trumpf",
"version": "08.00"
},
{
"model": "e-mobility charging suite",
"scope": "lte",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.7.0"
},
{
"model": "module type package designer",
"scope": "lt",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.2.0"
},
{
"model": "trutopsfab",
"scope": "lte",
"trust": 1.0,
"vendor": "trumpf",
"version": "22.8.25"
},
{
"model": "trutopsfab storage smallstore",
"scope": "gte",
"trust": 1.0,
"vendor": "trumpf",
"version": "14.06.20"
},
{
"model": "activation wizard",
"scope": "lte",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.6"
},
{
"model": "trutops",
"scope": "lte",
"trust": 1.0,
"vendor": "trumpf",
"version": "12.01.00.00"
},
{
"model": "tubedesign",
"scope": "gte",
"trust": 1.0,
"vendor": "trumpf",
"version": "08.00"
},
{
"model": "iol-conf",
"scope": "lte",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.7.0"
},
{
"model": "trutopsboost",
"scope": "gte",
"trust": 1.0,
"vendor": "trumpf",
"version": "06.00.23.00"
},
{
"model": "topscalculation",
"scope": "lte",
"trust": 1.0,
"vendor": "trumpf",
"version": "22.00.00"
},
{
"model": "trutopsprint",
"scope": "gte",
"trust": 1.0,
"vendor": "trumpf",
"version": "00.06.00"
},
{
"model": "trutops cell classic",
"scope": "lte",
"trust": 1.0,
"vendor": "trumpf",
"version": "09.09.02"
},
{
"model": "programmingtube",
"scope": "gte",
"trust": 1.0,
"vendor": "trumpf",
"version": "1.0.1"
},
{
"model": "trutopsboost",
"scope": "lte",
"trust": 1.0,
"vendor": "trumpf",
"version": "16.0.22"
},
{
"model": "fl network manager",
"scope": "lte",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "7.0"
},
{
"model": "teczonebend",
"scope": "gte",
"trust": 1.0,
"vendor": "trumpf",
"version": "18.02.r8"
},
{
"model": "trutops mark 3d",
"scope": "lte",
"trust": 1.0,
"vendor": "trumpf",
"version": "06.01"
},
{
"model": "codemeter runtime",
"scope": "lt",
"trust": 1.0,
"vendor": "wibu",
"version": "7.60c"
},
{
"model": "trutopsprintmultilaserassistant",
"scope": "gte",
"trust": 1.0,
"vendor": "trumpf",
"version": "01.02"
},
{
"model": "trumpflicenseexpert",
"scope": "gte",
"trust": 1.0,
"vendor": "trumpf",
"version": "1.5.2"
},
{
"model": "trutops mark 3d",
"scope": "gte",
"trust": 1.0,
"vendor": "trumpf",
"version": "01.00"
},
{
"model": "module type package designer",
"scope": "eq",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.2.0"
},
{
"model": "plcnext engineer",
"scope": "lte",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "2023.6"
},
{
"model": "trumpflicenseexpert",
"scope": "lte",
"trust": 1.0,
"vendor": "trumpf",
"version": "1.11.1"
},
{
"model": "trutopsweld",
"scope": "gte",
"trust": 1.0,
"vendor": "trumpf",
"version": "7.0.198.241"
},
{
"model": "trutops cell sw48",
"scope": "gte",
"trust": 1.0,
"vendor": "trumpf",
"version": "01.00"
},
{
"model": "tops unfold",
"scope": "eq",
"trust": 1.0,
"vendor": "trumpf",
"version": "05.03.00.00"
},
{
"model": "oseon",
"scope": "gte",
"trust": 1.0,
"vendor": "trumpf",
"version": "1.0.0"
},
{
"model": "topscalculation",
"scope": "gte",
"trust": 1.0,
"vendor": "trumpf",
"version": "14.00"
},
{
"model": "trutopsfab storage smallstore",
"scope": "lte",
"trust": 1.0,
"vendor": "trumpf",
"version": "20.04.20.00"
},
{
"model": "trutopsweld",
"scope": null,
"trust": 0.8,
"vendor": "trumpf",
"version": null
},
{
"model": "programmingtube",
"scope": null,
"trust": 0.8,
"vendor": "trumpf",
"version": null
},
{
"model": "codemeter runtime",
"scope": null,
"trust": 0.8,
"vendor": "wibu",
"version": null
},
{
"model": "trutopsboost",
"scope": null,
"trust": 0.8,
"vendor": "trumpf",
"version": null
},
{
"model": "trutopsprintmultilaserassistant",
"scope": null,
"trust": 0.8,
"vendor": "trumpf",
"version": null
},
{
"model": "trutopsprint",
"scope": null,
"trust": 0.8,
"vendor": "trumpf",
"version": null
},
{
"model": "oseon",
"scope": null,
"trust": 0.8,
"vendor": "trumpf",
"version": null
},
{
"model": "trutops cell sw48",
"scope": null,
"trust": 0.8,
"vendor": "trumpf",
"version": null
},
{
"model": "trutopsfab",
"scope": null,
"trust": 0.8,
"vendor": "trumpf",
"version": null
},
{
"model": "tops unfold",
"scope": null,
"trust": 0.8,
"vendor": "trumpf",
"version": null
},
{
"model": "trutops mark 3d",
"scope": null,
"trust": 0.8,
"vendor": "trumpf",
"version": null
},
{
"model": "trutopsfab storage smallstore",
"scope": null,
"trust": 0.8,
"vendor": "trumpf",
"version": null
},
{
"model": "tubedesign",
"scope": null,
"trust": 0.8,
"vendor": "trumpf",
"version": null
},
{
"model": "trutops",
"scope": null,
"trust": 0.8,
"vendor": "trumpf",
"version": null
},
{
"model": "trumpflicenseexpert",
"scope": null,
"trust": 0.8,
"vendor": "trumpf",
"version": null
},
{
"model": "topscalculation",
"scope": null,
"trust": 0.8,
"vendor": "trumpf",
"version": null
},
{
"model": "teczonebend",
"scope": null,
"trust": 0.8,
"vendor": "trumpf",
"version": null
},
{
"model": "trutops cell classic",
"scope": null,
"trust": 0.8,
"vendor": "trumpf",
"version": null
},
{
"model": "sinec ins",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simit simulation platform",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "sinema remote connect",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc oa",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v3.17"
},
{
"model": "simatic wincc oa",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v3.18"
},
{
"model": "pss cape",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v14\u003cv14.2023-08-23"
},
{
"model": "pss cape",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v15\u003cv15.0.22"
},
{
"model": "pss e",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v34\u003cv34.9.6"
},
{
"model": "pss odms",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v13.0"
},
{
"model": "pss odms",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v13.1\u003cv13.1.12.1"
},
{
"model": "simatic pcs neo",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v3"
},
{
"model": "simatic pcs neo",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v4"
},
{
"model": "simatic wincc oa p006",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v3.19\u003cv3.19"
},
{
"model": "pss e",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v35"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-69811"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-012536"
},
{
"db": "NVD",
"id": "CVE-2023-3935"
}
]
},
"cve": "CVE-2023-3935",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "CNVD-2023-69811",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "info@cert.vde.com",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2023-3935",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2023-012536",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "info@cert.vde.com",
"id": "CVE-2023-3935",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2023-3935",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "OTHER",
"id": "JVNDB-2023-012536",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2023-69811",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-69811"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-012536"
},
{
"db": "NVD",
"id": "CVE-2023-3935"
},
{
"db": "NVD",
"id": "CVE-2023-3935"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system. Wibu-Systems AG of CodeMeter Runtime Products from multiple vendors, such as the following, contain out-of-bounds write vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. PSS(R)CAPE is a transmission and distribution network protection simulation software. PSS(R)E is a power system simulation and analysis tool for transmission operation and planning. PSS(R)ODMS is a CIM-based network model management tool with network analysis capabilities for planning and operational planning of transmission utilities. SIMATIC PCS neo is a distributed control system (DCS). SIMATIC WinCC Open Architecture (OA) is part of the SIMATIC HMI family. It is designed for applications requiring a high degree of customer-specific adaptability, large or complex applications, and projects that impose specific system requirements or functionality. SIMIT Simulation Platform allows simulating factory settings to predict failures at an early planning stage. SINEC INS (Infrastructure Network Services) is a web-based application that combines various network services in one tool. SINEMA Remote Connect is a management platform for remote networks that allows simple management of tunnel connections (VPN) between headquarters, service technicians and installed machines or plants. \n\r\n\r\nSiemens Industrial product WIBU system CodeMeter has a heap buffer overflow vulnerability, which is caused by failure to perform correct boundary checks. An attacker could exploit this vulnerability to cause a buffer overflow and execute arbitrary code on the system",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-3935"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-012536"
},
{
"db": "CNVD",
"id": "CNVD-2023-69811"
},
{
"db": "VULMON",
"id": "CVE-2023-3935"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-3935",
"trust": 3.3
},
{
"db": "CERT@VDE",
"id": "VDE-2023-031",
"trust": 1.9
},
{
"db": "CERT@VDE",
"id": "VDE-2023-030",
"trust": 1.8
},
{
"db": "JVN",
"id": "JVNVU92598492",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU92008538",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU98137233",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-24-004-01",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-23-320-03",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-23-257-06",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2023-012536",
"trust": 0.8
},
{
"db": "SIEMENS",
"id": "SSA-240541",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2023-69811",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-3935",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-69811"
},
{
"db": "VULMON",
"id": "CVE-2023-3935"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-012536"
},
{
"db": "NVD",
"id": "CVE-2023-3935"
}
]
},
"id": "VAR-202309-0672",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-69811"
}
],
"trust": 1.1685151266666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-69811"
}
]
},
"last_update_date": "2024-08-14T12:13:07.282000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Siemens Industrial product WIBU system CodeMeter heap buffer overflow vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/460931"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-69811"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-012536"
},
{
"db": "NVD",
"id": "CVE-2023-3935"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/advisorywibu-230704-01-v3.0.pdf"
},
{
"trust": 1.9,
"url": "https://cert.vde.com/en/advisories/vde-2023-031/"
},
{
"trust": 1.8,
"url": "https://cert.vde.com/en/advisories/vde-2023-030/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu98137233/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu92598492/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu92008538/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-3935"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-257-06"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-320-03"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-004-01"
},
{
"trust": 0.6,
"url": "https://cert-portal.siemens.com/productcert/html/ssa-240541.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-69811"
},
{
"db": "VULMON",
"id": "CVE-2023-3935"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-012536"
},
{
"db": "NVD",
"id": "CVE-2023-3935"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2023-69811"
},
{
"db": "VULMON",
"id": "CVE-2023-3935"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-012536"
},
{
"db": "NVD",
"id": "CVE-2023-3935"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-09-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-69811"
},
{
"date": "2023-09-13T00:00:00",
"db": "VULMON",
"id": "CVE-2023-3935"
},
{
"date": "2023-12-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-012536"
},
{
"date": "2023-09-13T14:15:09.147000",
"db": "NVD",
"id": "CVE-2023-3935"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-69811"
},
{
"date": "2023-09-13T00:00:00",
"db": "VULMON",
"id": "CVE-2023-3935"
},
{
"date": "2024-01-09T02:47:00",
"db": "JVNDB",
"id": "JVNDB-2023-012536"
},
{
"date": "2024-01-25T20:24:58.783000",
"db": "NVD",
"id": "CVE-2023-3935"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Wibu-Systems\u00a0AG\u00a0 of \u00a0CodeMeter\u00a0Runtime\u00a0 Out-of-bounds write vulnerability in products from multiple vendors such as",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-012536"
}
],
"trust": 0.8
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…