Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-33698 (GCVE-0-2024-33698)
Vulnerability from cvelistv5
Published
2024-09-10 09:36
Modified
2025-10-14 09:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.3 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
9.3 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
VLAI Severity ?
EPSS score ?
CWE
- CWE-122 - Heap-based Buffer Overflow
Summary
A vulnerability has been identified in Opcenter Quality (All versions < V2406), Opcenter RDnL (All versions < V2410), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions < V4.1 Update 2), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1), SINEC NMS (All versions), SINEMA Remote Connect Client (All versions < V3.2 SP3), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 5), Totally Integrated Automation Portal (TIA Portal) V19 (All versions < V19 Update 3). Affected products contain a heap-based buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to execute arbitrary code.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Siemens | Opcenter Quality |
Version: 0 < V2406 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:siemens:simatic_pcs_neo:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "simatic_pcs_neo",
"vendor": "siemens",
"versions": [
{
"lessThan": "4.1_update_2",
"status": "affected",
"version": "4.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:siemens:totally_integrated_automation_portal:16:*:*:*:*:*:*:*",
"cpe:2.3:a:siemens:totally_integrated_automation_portal:18:*:*:*:*:*:*:*",
"cpe:2.3:a:siemens:totally_integrated_automation_portal:19:*:*:*:*:*:*:*",
"cpe:2.3:a:siemens:sinec_nms:*:*:*:*:*:*:*:*",
"cpe:2.3:a:siemens:simatic_pcs_neo:5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:siemens:simatic_information_server:2022:*:*:*:*:*:*:*",
"cpe:2.3:a:siemens:simatic_information_server:2024:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "simatic_information_server",
"vendor": "siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:siemens:totally_integrated_automation_portal:17:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "totally_integrated_automation_portal",
"vendor": "siemens",
"versions": [
{
"lessThan": "17_update_8",
"status": "affected",
"version": "17",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-33698",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:32:07.999463Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T18:26:36.889Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Opcenter Quality",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2406",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Opcenter RDnL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2410",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC PCS neo V4.0",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC PCS neo V4.1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1 Update 2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC PCS neo V5.0",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.0 Update 1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINEC NMS",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINEMA Remote Connect Client",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.2 SP3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Totally Integrated Automation Portal (TIA Portal) V16",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Totally Integrated Automation Portal (TIA Portal) V17",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V17 Update 8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Totally Integrated Automation Portal (TIA Portal) V18",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V18 Update 5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Totally Integrated Automation Portal (TIA Portal) V19",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V19 Update 3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Opcenter Quality (All versions \u003c V2406), Opcenter RDnL (All versions \u003c V2410), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions \u003c V4.1 Update 2), SIMATIC PCS neo V5.0 (All versions \u003c V5.0 Update 1), SINEC NMS (All versions), SINEMA Remote Connect Client (All versions \u003c V3.2 SP3), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions \u003c V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions \u003c V18 Update 5), Totally Integrated Automation Portal (TIA Portal) V19 (All versions \u003c V19 Update 3). Affected products contain a heap-based buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-14T09:15:00.448Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-039007.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2024-33698",
"datePublished": "2024-09-10T09:36:31.009Z",
"dateReserved": "2024-04-26T12:32:09.263Z",
"dateUpdated": "2025-10-14T09:15:00.448Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2024-33698\",\"sourceIdentifier\":\"productcert@siemens.com\",\"published\":\"2024-09-10T10:15:09.707\",\"lastModified\":\"2025-10-14T10:15:34.373\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability has been identified in Opcenter Quality (All versions \u003c V2406), Opcenter RDnL (All versions \u003c V2410), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions \u003c V4.1 Update 2), SIMATIC PCS neo V5.0 (All versions \u003c V5.0 Update 1), SINEC NMS (All versions), SINEMA Remote Connect Client (All versions \u003c V3.2 SP3), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions \u003c V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions \u003c V18 Update 5), Totally Integrated Automation Portal (TIA Portal) V19 (All versions \u003c V19 Update 3). Affected products contain a heap-based buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to execute arbitrary code.\"},{\"lang\":\"es\",\"value\":\"Se ha identificado una vulnerabilidad en SIMATIC Information Server 2022 (todas las versiones), SIMATIC Information Server 2024 (todas las versiones), SIMATIC PCS neo V4.0 (todas las versiones), SIMATIC PCS neo V4.1 (todas las versiones \u0026lt; V4.1 Update 2), SIMATIC PCS neo V5.0 (todas las versiones), SINEC NMS (todas las versiones), Totally Integrated Automation Portal (TIA Portal) V16 (todas las versiones), Totally Integrated Automation Portal (TIA Portal) V17 (todas las versiones \u0026lt; V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (todas las versiones), Totally Integrated Automation Portal (TIA Portal) V19 (todas las versiones). Los productos afectados contienen una vulnerabilidad de desbordamiento de b\u00fafer basada en mont\u00f3n en el componente UMC integrado. Esto podr\u00eda permitir que un atacante remoto no autenticado ejecute c\u00f3digo arbitrario.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"productcert@siemens.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":9.3,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"productcert@siemens.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"productcert@siemens.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-122\"}]}],\"references\":[{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-039007.html\",\"source\":\"productcert@siemens.com\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-33698\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-10T17:32:07.999463Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:siemens:simatic_pcs_neo:*:*:*:*:*:*:*:*\"], \"vendor\": \"siemens\", \"product\": \"simatic_pcs_neo\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.0\", \"lessThan\": \"4.1_update_2\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:siemens:totally_integrated_automation_portal:16:*:*:*:*:*:*:*\", \"cpe:2.3:a:siemens:totally_integrated_automation_portal:18:*:*:*:*:*:*:*\", \"cpe:2.3:a:siemens:totally_integrated_automation_portal:19:*:*:*:*:*:*:*\", \"cpe:2.3:a:siemens:sinec_nms:*:*:*:*:*:*:*:*\", \"cpe:2.3:a:siemens:simatic_pcs_neo:5.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:siemens:simatic_information_server:2022:*:*:*:*:*:*:*\", \"cpe:2.3:a:siemens:simatic_information_server:2024:*:*:*:*:*:*:*\"], \"vendor\": \"siemens\", \"product\": \"simatic_information_server\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:siemens:totally_integrated_automation_portal:17:*:*:*:*:*:*:*\"], \"vendor\": \"siemens\", \"product\": \"totally_integrated_automation_portal\", \"versions\": [{\"status\": \"affected\", \"version\": \"17\", \"lessThan\": \"17_update_8\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-10T18:24:31.346Z\"}}], \"cna\": {\"metrics\": [{\"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\"}}, {\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 9.3, \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N\"}}], \"affected\": [{\"vendor\": \"Siemens\", \"product\": \"Opcenter Quality\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2406\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"Opcenter RDnL\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2410\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC PCS neo V4.0\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC PCS neo V4.1\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.1 Update 2\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC PCS neo V5.0\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V5.0 Update 1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SINEC NMS\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SINEMA Remote Connect Client\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.2 SP3\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"Totally Integrated Automation Portal (TIA Portal) V16\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"Totally Integrated Automation Portal (TIA Portal) V17\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V17 Update 8\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"Totally Integrated Automation Portal (TIA Portal) V18\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V18 Update 5\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"Totally Integrated Automation Portal (TIA Portal) V19\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V19 Update 3\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"references\": [{\"url\": \"https://cert-portal.siemens.com/productcert/html/ssa-039007.html\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability has been identified in Opcenter Quality (All versions \u003c V2406), Opcenter RDnL (All versions \u003c V2410), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions \u003c V4.1 Update 2), SIMATIC PCS neo V5.0 (All versions \u003c V5.0 Update 1), SINEC NMS (All versions), SINEMA Remote Connect Client (All versions \u003c V3.2 SP3), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions \u003c V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions \u003c V18 Update 5), Totally Integrated Automation Portal (TIA Portal) V19 (All versions \u003c V19 Update 3). Affected products contain a heap-based buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to execute arbitrary code.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-122\", \"description\": \"CWE-122: Heap-based Buffer Overflow\"}]}], \"providerMetadata\": {\"orgId\": \"cec7a2ec-15b4-4faf-bd53-b40f371f3a77\", \"shortName\": \"siemens\", \"dateUpdated\": \"2025-10-14T09:15:00.448Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-33698\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-14T09:15:00.448Z\", \"dateReserved\": \"2024-04-26T12:32:09.263Z\", \"assignerOrgId\": \"cec7a2ec-15b4-4faf-bd53-b40f371f3a77\", \"datePublished\": \"2024-09-10T09:36:31.009Z\", \"assignerShortName\": \"siemens\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
ghsa-5j8g-cmhw-g45p
Vulnerability from github
Published
2024-09-10 12:30
Modified
2024-09-10 12:30
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.3 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
9.3 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
VLAI Severity ?
Details
A vulnerability has been identified in SIMATIC Information Server 2022 (All versions), SIMATIC Information Server 2024 (All versions), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions < V4.1 Update 2), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions). Affected products contain a heap-based buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to execute arbitrary code.
{
"affected": [],
"aliases": [
"CVE-2024-33698"
],
"database_specific": {
"cwe_ids": [
"CWE-122"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-10T10:15:09Z",
"severity": "CRITICAL"
},
"details": "A vulnerability has been identified in SIMATIC Information Server 2022 (All versions), SIMATIC Information Server 2024 (All versions), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions \u003c V4.1 Update 2), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions \u003c V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions). Affected products contain a heap-based buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to execute arbitrary code.",
"id": "GHSA-5j8g-cmhw-g45p",
"modified": "2024-09-10T12:30:37Z",
"published": "2024-09-10T12:30:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-33698"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-039007.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
icsa-24-256-03
Vulnerability from csaf_cisa
Published
2024-09-10 00:00
Modified
2025-10-14 00:00
Summary
Siemens User Management Component (UMC)
Notes
Summary
Siemens User Management Component (UMC) is affected by a heap-based buffer overflow vulnerability which could allow an unauthenticated remote attacker arbitrary code execution.
Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.
General Recommendations
As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use
The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.
Legal Notice and Terms of Use
This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).
Advisory Conversion Disclaimer
This ICSA is a verbatim republication of Siemens ProductCERT SSA-039007 from a direct conversion of the vendor's Common Security Advisory Framework (CSAF) advisory. This is republished to CISA's website as a means of increasing visibility and is provided "as-is" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Siemens ProductCERT directly for any questions regarding this advisory.
Critical infrastructure sectors
Critical Manufacturing
Countries/areas deployed
Worldwide
Company headquarters location
Germany
Recommended Practices
CISA recommends users take defensive measures to minimize the exploitation risk of these vulnerabilities.
Recommended Practices
Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.
Recommended Practices
Locate control system networks and remote devices behind firewalls and isolate them from business networks.
Recommended Practices
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.
Recommended Practices
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
{
"document": {
"acknowledgments": [
{
"organization": "Tenable",
"summary": "reporting this vulnerability to Siemens."
},
{
"organization": "Siemens ProductCERT",
"summary": "reporting this vulnerability to CISA."
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://www.cisa.gov/news-events/news/traffic-light-protocol-tlp-definitions-and-usage"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Siemens User Management Component (UMC) is affected by a heap-based buffer overflow vulnerability which could allow an unauthenticated remote attacker arbitrary code execution.\n\nSiemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.",
"title": "Terms of Use"
},
{
"category": "legal_disclaimer",
"text": "This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy \u0026 Use policy (https://www.cisa.gov/privacy-policy).",
"title": "Legal Notice and Terms of Use"
},
{
"category": "other",
"text": "This ICSA is a verbatim republication of Siemens ProductCERT SSA-039007 from a direct conversion of the vendor\u0027s Common Security Advisory Framework (CSAF) advisory. This is republished to CISA\u0027s website as a means of increasing visibility and is provided \"as-is\" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Siemens ProductCERT directly for any questions regarding this advisory.",
"title": "Advisory Conversion Disclaimer"
},
{
"category": "other",
"text": "Critical Manufacturing",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Germany",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the exploitation risk of these vulnerabilities.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolate them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "other",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "SSA-039007: Heap-based Buffer Overflow Vulnerability in User Management Component (UMC) - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-039007.json"
},
{
"category": "self",
"summary": "SSA-039007: Heap-based Buffer Overflow Vulnerability in User Management Component (UMC) - HTML Version",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-039007.html"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-24-256-03 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2024/icsa-24-256-03.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-24-256-03 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-256-03"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/news-events/ics-alerts/ics-alert-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/news-events/news/targeted-cyber-intrusion-detection-and-mitigation-strategies-update-b"
}
],
"title": "Siemens User Management Component (UMC)",
"tracking": {
"current_release_date": "2025-10-14T00:00:00.000000Z",
"generator": {
"date": "2025-10-16T21:33:12.918825Z",
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-24-256-03",
"initial_release_date": "2024-09-10T00:00:00.000000Z",
"revision_history": [
{
"date": "2024-09-10T00:00:00.000000Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
},
{
"date": "2024-10-08T00:00:00.000000Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Added fix for Totally Integrated Automation Portal (TIA Portal) V19 and clarified formulation for mitigation"
},
{
"date": "2024-11-12T00:00:00.000000Z",
"legacy_version": "1.2",
"number": "3",
"summary": "Added affected products Opcenter Execution Foundation, Opcenter Quality and Opcenter RDL. Added fix for Totally Integrated Automation Portal (TIA Portal) V18. Clarified no fix planned for product Totally Integrated Automation Portal (TIA Portal) V16"
},
{
"date": "2025-01-14T00:00:00.000000Z",
"legacy_version": "1.3",
"number": "4",
"summary": "Added fix for SIMATIC PCS neo V5.0. Removed SIMATIC Information Server 2022 and SIMATIC Information Server 2024 as not affected"
},
{
"date": "2025-03-11T00:00:00.000000Z",
"legacy_version": "1.4",
"number": "5",
"summary": "Added SINEMA Remote Connect Client as affected product including fix"
},
{
"date": "2025-05-13T00:00:00.000000Z",
"legacy_version": "1.5",
"number": "6",
"summary": "Updated remediation for SINEC NMS to point directly to the update of UMC"
},
{
"date": "2025-10-14T00:00:00.000000Z",
"legacy_version": "1.6",
"number": "7",
"summary": "Added remediation for Opcenter RDnL and Opcenter Quality"
}
],
"status": "final",
"version": "7"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c2406",
"product": {
"name": "Opcenter Quality",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "Opcenter Quality"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c2410",
"product": {
"name": "Opcenter RDnL",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "Opcenter RDnL"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIMATIC PCS neo V4.0",
"product_id": "CSAFPID-0003"
}
}
],
"category": "product_name",
"name": "SIMATIC PCS neo V4.0"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV4.1_Update_2",
"product": {
"name": "SIMATIC PCS neo V4.1",
"product_id": "CSAFPID-0004"
}
}
],
"category": "product_name",
"name": "SIMATIC PCS neo V4.1"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.0_Update_1",
"product": {
"name": "SIMATIC PCS neo V5.0",
"product_id": "CSAFPID-0005"
}
}
],
"category": "product_name",
"name": "SIMATIC PCS neo V5.0"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SINEC NMS",
"product_id": "CSAFPID-0006"
}
}
],
"category": "product_name",
"name": "SINEC NMS"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV3.2_SP3",
"product": {
"name": "SINEMA Remote Connect Client",
"product_id": "CSAFPID-0007"
}
}
],
"category": "product_name",
"name": "SINEMA Remote Connect Client"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Totally Integrated Automation Portal (TIA Portal) V16",
"product_id": "CSAFPID-0008"
}
}
],
"category": "product_name",
"name": "Totally Integrated Automation Portal (TIA Portal) V16"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV17_Update_8",
"product": {
"name": "Totally Integrated Automation Portal (TIA Portal) V17",
"product_id": "CSAFPID-0009"
}
}
],
"category": "product_name",
"name": "Totally Integrated Automation Portal (TIA Portal) V17"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV18_Update_5",
"product": {
"name": "Totally Integrated Automation Portal (TIA Portal) V18",
"product_id": "CSAFPID-0010"
}
}
],
"category": "product_name",
"name": "Totally Integrated Automation Portal (TIA Portal) V18"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV19_Update_3",
"product": {
"name": "Totally Integrated Automation Portal (TIA Portal) V19",
"product_id": "CSAFPID-0011"
}
}
],
"category": "product_name",
"name": "Totally Integrated Automation Portal (TIA Portal) V19"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-33698",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "summary",
"text": "Affected products contain a heap-based buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to execute arbitrary code.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Filter the ports 4002 and 4004 to only accept connections to/from the IP addresses of machines that run UMC and are part of the UMC network e.g. with an external firewall",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011"
]
},
{
"category": "mitigation",
"details": "In addition if no RT server machines are used, port 4004 can be blocked completely",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011"
]
},
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"CSAFPID-0003",
"CSAFPID-0008"
]
},
{
"category": "vendor_fix",
"details": "Update to V17 Update 8 or later version",
"product_ids": [
"CSAFPID-0009"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109784441/"
},
{
"category": "vendor_fix",
"details": "Update to V18 Update 5 or later version",
"product_ids": [
"CSAFPID-0010"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109817218/"
},
{
"category": "vendor_fix",
"details": "Update to V19 Update 3 or later version",
"product_ids": [
"CSAFPID-0011"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109925643/"
},
{
"category": "vendor_fix",
"details": "Update to V2406 or later version",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to V2410 or later version",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://support.sw.siemens.com/product/297341591/"
},
{
"category": "vendor_fix",
"details": "Update to V3.2 SP3 or later version",
"product_ids": [
"CSAFPID-0007"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109976964/"
},
{
"category": "vendor_fix",
"details": "Update to V4.1 Update 2 or later version",
"product_ids": [
"CSAFPID-0004"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109972354/"
},
{
"category": "vendor_fix",
"details": "Update to V5.0 Update 1 or later version",
"product_ids": [
"CSAFPID-0005"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977244/"
},
{
"category": "vendor_fix",
"details": "Update UMC to V2.15.1.1 or later compatible version https://support.industry.siemens.com/cs/ww/en/view/109987708/",
"product_ids": [
"CSAFPID-0006"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011"
]
}
],
"title": "CVE-2024-33698"
}
]
}
ICSA-24-256-03
Vulnerability from csaf_cisa
Published
2024-09-10 00:00
Modified
2025-10-14 00:00
Summary
Siemens User Management Component (UMC)
Notes
Summary
Siemens User Management Component (UMC) is affected by a heap-based buffer overflow vulnerability which could allow an unauthenticated remote attacker arbitrary code execution.
Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.
General Recommendations
As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use
The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.
Legal Notice and Terms of Use
This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).
Advisory Conversion Disclaimer
This ICSA is a verbatim republication of Siemens ProductCERT SSA-039007 from a direct conversion of the vendor's Common Security Advisory Framework (CSAF) advisory. This is republished to CISA's website as a means of increasing visibility and is provided "as-is" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Siemens ProductCERT directly for any questions regarding this advisory.
Critical infrastructure sectors
Critical Manufacturing
Countries/areas deployed
Worldwide
Company headquarters location
Germany
Recommended Practices
CISA recommends users take defensive measures to minimize the exploitation risk of these vulnerabilities.
Recommended Practices
Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.
Recommended Practices
Locate control system networks and remote devices behind firewalls and isolate them from business networks.
Recommended Practices
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.
Recommended Practices
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
{
"document": {
"acknowledgments": [
{
"organization": "Tenable",
"summary": "reporting this vulnerability to Siemens."
},
{
"organization": "Siemens ProductCERT",
"summary": "reporting this vulnerability to CISA."
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://www.cisa.gov/news-events/news/traffic-light-protocol-tlp-definitions-and-usage"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Siemens User Management Component (UMC) is affected by a heap-based buffer overflow vulnerability which could allow an unauthenticated remote attacker arbitrary code execution.\n\nSiemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.",
"title": "Terms of Use"
},
{
"category": "legal_disclaimer",
"text": "This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy \u0026 Use policy (https://www.cisa.gov/privacy-policy).",
"title": "Legal Notice and Terms of Use"
},
{
"category": "other",
"text": "This ICSA is a verbatim republication of Siemens ProductCERT SSA-039007 from a direct conversion of the vendor\u0027s Common Security Advisory Framework (CSAF) advisory. This is republished to CISA\u0027s website as a means of increasing visibility and is provided \"as-is\" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Siemens ProductCERT directly for any questions regarding this advisory.",
"title": "Advisory Conversion Disclaimer"
},
{
"category": "other",
"text": "Critical Manufacturing",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Germany",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the exploitation risk of these vulnerabilities.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolate them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "other",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "SSA-039007: Heap-based Buffer Overflow Vulnerability in User Management Component (UMC) - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-039007.json"
},
{
"category": "self",
"summary": "SSA-039007: Heap-based Buffer Overflow Vulnerability in User Management Component (UMC) - HTML Version",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-039007.html"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-24-256-03 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2024/icsa-24-256-03.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-24-256-03 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-256-03"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/news-events/ics-alerts/ics-alert-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/news-events/news/targeted-cyber-intrusion-detection-and-mitigation-strategies-update-b"
}
],
"title": "Siemens User Management Component (UMC)",
"tracking": {
"current_release_date": "2025-10-14T00:00:00.000000Z",
"generator": {
"date": "2025-10-16T21:33:12.918825Z",
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-24-256-03",
"initial_release_date": "2024-09-10T00:00:00.000000Z",
"revision_history": [
{
"date": "2024-09-10T00:00:00.000000Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
},
{
"date": "2024-10-08T00:00:00.000000Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Added fix for Totally Integrated Automation Portal (TIA Portal) V19 and clarified formulation for mitigation"
},
{
"date": "2024-11-12T00:00:00.000000Z",
"legacy_version": "1.2",
"number": "3",
"summary": "Added affected products Opcenter Execution Foundation, Opcenter Quality and Opcenter RDL. Added fix for Totally Integrated Automation Portal (TIA Portal) V18. Clarified no fix planned for product Totally Integrated Automation Portal (TIA Portal) V16"
},
{
"date": "2025-01-14T00:00:00.000000Z",
"legacy_version": "1.3",
"number": "4",
"summary": "Added fix for SIMATIC PCS neo V5.0. Removed SIMATIC Information Server 2022 and SIMATIC Information Server 2024 as not affected"
},
{
"date": "2025-03-11T00:00:00.000000Z",
"legacy_version": "1.4",
"number": "5",
"summary": "Added SINEMA Remote Connect Client as affected product including fix"
},
{
"date": "2025-05-13T00:00:00.000000Z",
"legacy_version": "1.5",
"number": "6",
"summary": "Updated remediation for SINEC NMS to point directly to the update of UMC"
},
{
"date": "2025-10-14T00:00:00.000000Z",
"legacy_version": "1.6",
"number": "7",
"summary": "Added remediation for Opcenter RDnL and Opcenter Quality"
}
],
"status": "final",
"version": "7"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c2406",
"product": {
"name": "Opcenter Quality",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "Opcenter Quality"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c2410",
"product": {
"name": "Opcenter RDnL",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "Opcenter RDnL"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIMATIC PCS neo V4.0",
"product_id": "CSAFPID-0003"
}
}
],
"category": "product_name",
"name": "SIMATIC PCS neo V4.0"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV4.1_Update_2",
"product": {
"name": "SIMATIC PCS neo V4.1",
"product_id": "CSAFPID-0004"
}
}
],
"category": "product_name",
"name": "SIMATIC PCS neo V4.1"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.0_Update_1",
"product": {
"name": "SIMATIC PCS neo V5.0",
"product_id": "CSAFPID-0005"
}
}
],
"category": "product_name",
"name": "SIMATIC PCS neo V5.0"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SINEC NMS",
"product_id": "CSAFPID-0006"
}
}
],
"category": "product_name",
"name": "SINEC NMS"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV3.2_SP3",
"product": {
"name": "SINEMA Remote Connect Client",
"product_id": "CSAFPID-0007"
}
}
],
"category": "product_name",
"name": "SINEMA Remote Connect Client"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Totally Integrated Automation Portal (TIA Portal) V16",
"product_id": "CSAFPID-0008"
}
}
],
"category": "product_name",
"name": "Totally Integrated Automation Portal (TIA Portal) V16"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV17_Update_8",
"product": {
"name": "Totally Integrated Automation Portal (TIA Portal) V17",
"product_id": "CSAFPID-0009"
}
}
],
"category": "product_name",
"name": "Totally Integrated Automation Portal (TIA Portal) V17"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV18_Update_5",
"product": {
"name": "Totally Integrated Automation Portal (TIA Portal) V18",
"product_id": "CSAFPID-0010"
}
}
],
"category": "product_name",
"name": "Totally Integrated Automation Portal (TIA Portal) V18"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV19_Update_3",
"product": {
"name": "Totally Integrated Automation Portal (TIA Portal) V19",
"product_id": "CSAFPID-0011"
}
}
],
"category": "product_name",
"name": "Totally Integrated Automation Portal (TIA Portal) V19"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-33698",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "summary",
"text": "Affected products contain a heap-based buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to execute arbitrary code.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Filter the ports 4002 and 4004 to only accept connections to/from the IP addresses of machines that run UMC and are part of the UMC network e.g. with an external firewall",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011"
]
},
{
"category": "mitigation",
"details": "In addition if no RT server machines are used, port 4004 can be blocked completely",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011"
]
},
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"CSAFPID-0003",
"CSAFPID-0008"
]
},
{
"category": "vendor_fix",
"details": "Update to V17 Update 8 or later version",
"product_ids": [
"CSAFPID-0009"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109784441/"
},
{
"category": "vendor_fix",
"details": "Update to V18 Update 5 or later version",
"product_ids": [
"CSAFPID-0010"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109817218/"
},
{
"category": "vendor_fix",
"details": "Update to V19 Update 3 or later version",
"product_ids": [
"CSAFPID-0011"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109925643/"
},
{
"category": "vendor_fix",
"details": "Update to V2406 or later version",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to V2410 or later version",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://support.sw.siemens.com/product/297341591/"
},
{
"category": "vendor_fix",
"details": "Update to V3.2 SP3 or later version",
"product_ids": [
"CSAFPID-0007"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109976964/"
},
{
"category": "vendor_fix",
"details": "Update to V4.1 Update 2 or later version",
"product_ids": [
"CSAFPID-0004"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109972354/"
},
{
"category": "vendor_fix",
"details": "Update to V5.0 Update 1 or later version",
"product_ids": [
"CSAFPID-0005"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977244/"
},
{
"category": "vendor_fix",
"details": "Update UMC to V2.15.1.1 or later compatible version https://support.industry.siemens.com/cs/ww/en/view/109987708/",
"product_ids": [
"CSAFPID-0006"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011"
]
}
],
"title": "CVE-2024-33698"
}
]
}
WID-SEC-W-2024-2093
Vulnerability from csaf_certbund
Published
2024-09-09 22:00
Modified
2024-09-09 22:00
Summary
Siemens TIA Portal: Schwachstelle ermöglicht Codeausführung
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
TIA-Portal ist ein Automatisierungsframework für Steuerungen und andere Automatisierungsgeräte der SIMATIC-Serie.
Angriff
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Siemens TIA Portal ausnutzen, um beliebigen Programmcode auszuführen.
Betroffene Betriebssysteme
- Windows
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "TIA-Portal ist ein Automatisierungsframework f\u00fcr Steuerungen und andere Automatisierungsger\u00e4te der SIMATIC-Serie.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Siemens TIA Portal ausnutzen, um beliebigen Programmcode auszuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-2093 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-2093.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-2093 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-2093"
},
{
"category": "external",
"summary": "SiemensSecurity Advisory by Siemens ProductCERT vom 2024-09-09",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-039007.html"
}
],
"source_lang": "en-US",
"title": "Siemens TIA Portal: Schwachstelle erm\u00f6glicht Codeausf\u00fchrung",
"tracking": {
"current_release_date": "2024-09-09T22:00:00.000+00:00",
"generator": {
"date": "2024-09-10T11:04:56.560+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.6"
}
},
"id": "WID-SEC-W-2024-2093",
"initial_release_date": "2024-09-09T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-09-09T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "V16",
"product": {
"name": "Siemens TIA Portal V16",
"product_id": "T027140",
"product_identification_helper": {
"cpe": "cpe:/a:siemens:tia_portal:v16"
}
}
},
{
"category": "product_version_range",
"name": "\u003cV17 Update 8",
"product": {
"name": "Siemens TIA Portal \u003cV17 Update 8",
"product_id": "T037396"
}
},
{
"category": "product_version",
"name": "V17 Update 8",
"product": {
"name": "Siemens TIA Portal V17 Update 8",
"product_id": "T037396-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:siemens:tia_portal:v17_update_8"
}
}
},
{
"category": "product_version_range",
"name": "UMC \u003cV2.13.1",
"product": {
"name": "Siemens TIA Portal UMC \u003cV2.13.1",
"product_id": "T037406"
}
},
{
"category": "product_version",
"name": "UMC V2.13.1",
"product": {
"name": "Siemens TIA Portal UMC V2.13.1",
"product_id": "T037406-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:siemens:tia_portal:umc__v2.13.1"
}
}
}
],
"category": "product_name",
"name": "TIA Portal"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-33698",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in Siemens TIA Portal. Die Ursache ist ein Heap-basierter Puffer \u00dcberlauf in der User Management Komponente (UMC). Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Code auszuf\u00fchren ."
}
],
"product_status": {
"known_affected": [
"T027140",
"T037406",
"T037396"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2024-33698"
}
]
}
wid-sec-w-2024-2093
Vulnerability from csaf_certbund
Published
2024-09-09 22:00
Modified
2024-09-09 22:00
Summary
Siemens TIA Portal: Schwachstelle ermöglicht Codeausführung
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
TIA-Portal ist ein Automatisierungsframework für Steuerungen und andere Automatisierungsgeräte der SIMATIC-Serie.
Angriff
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Siemens TIA Portal ausnutzen, um beliebigen Programmcode auszuführen.
Betroffene Betriebssysteme
- Windows
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "TIA-Portal ist ein Automatisierungsframework f\u00fcr Steuerungen und andere Automatisierungsger\u00e4te der SIMATIC-Serie.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Siemens TIA Portal ausnutzen, um beliebigen Programmcode auszuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-2093 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-2093.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-2093 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-2093"
},
{
"category": "external",
"summary": "SiemensSecurity Advisory by Siemens ProductCERT vom 2024-09-09",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-039007.html"
}
],
"source_lang": "en-US",
"title": "Siemens TIA Portal: Schwachstelle erm\u00f6glicht Codeausf\u00fchrung",
"tracking": {
"current_release_date": "2024-09-09T22:00:00.000+00:00",
"generator": {
"date": "2024-09-10T11:04:56.560+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.6"
}
},
"id": "WID-SEC-W-2024-2093",
"initial_release_date": "2024-09-09T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-09-09T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "V16",
"product": {
"name": "Siemens TIA Portal V16",
"product_id": "T027140",
"product_identification_helper": {
"cpe": "cpe:/a:siemens:tia_portal:v16"
}
}
},
{
"category": "product_version_range",
"name": "\u003cV17 Update 8",
"product": {
"name": "Siemens TIA Portal \u003cV17 Update 8",
"product_id": "T037396"
}
},
{
"category": "product_version",
"name": "V17 Update 8",
"product": {
"name": "Siemens TIA Portal V17 Update 8",
"product_id": "T037396-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:siemens:tia_portal:v17_update_8"
}
}
},
{
"category": "product_version_range",
"name": "UMC \u003cV2.13.1",
"product": {
"name": "Siemens TIA Portal UMC \u003cV2.13.1",
"product_id": "T037406"
}
},
{
"category": "product_version",
"name": "UMC V2.13.1",
"product": {
"name": "Siemens TIA Portal UMC V2.13.1",
"product_id": "T037406-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:siemens:tia_portal:umc__v2.13.1"
}
}
}
],
"category": "product_name",
"name": "TIA Portal"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-33698",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in Siemens TIA Portal. Die Ursache ist ein Heap-basierter Puffer \u00dcberlauf in der User Management Komponente (UMC). Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Code auszuf\u00fchren ."
}
],
"product_status": {
"known_affected": [
"T027140",
"T037406",
"T037396"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2024-33698"
}
]
}
fkie_cve-2024-33698
Vulnerability from fkie_nvd
Published
2024-09-10 10:15
Modified
2025-10-14 10:15
Severity ?
Summary
A vulnerability has been identified in Opcenter Quality (All versions < V2406), Opcenter RDnL (All versions < V2410), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions < V4.1 Update 2), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1), SINEC NMS (All versions), SINEMA Remote Connect Client (All versions < V3.2 SP3), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 5), Totally Integrated Automation Portal (TIA Portal) V19 (All versions < V19 Update 3). Affected products contain a heap-based buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to execute arbitrary code.
References
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Opcenter Quality (All versions \u003c V2406), Opcenter RDnL (All versions \u003c V2410), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions \u003c V4.1 Update 2), SIMATIC PCS neo V5.0 (All versions \u003c V5.0 Update 1), SINEC NMS (All versions), SINEMA Remote Connect Client (All versions \u003c V3.2 SP3), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions \u003c V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions \u003c V18 Update 5), Totally Integrated Automation Portal (TIA Portal) V19 (All versions \u003c V19 Update 3). Affected products contain a heap-based buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to execute arbitrary code."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en SIMATIC Information Server 2022 (todas las versiones), SIMATIC Information Server 2024 (todas las versiones), SIMATIC PCS neo V4.0 (todas las versiones), SIMATIC PCS neo V4.1 (todas las versiones \u0026lt; V4.1 Update 2), SIMATIC PCS neo V5.0 (todas las versiones), SINEC NMS (todas las versiones), Totally Integrated Automation Portal (TIA Portal) V16 (todas las versiones), Totally Integrated Automation Portal (TIA Portal) V17 (todas las versiones \u0026lt; V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (todas las versiones), Totally Integrated Automation Portal (TIA Portal) V19 (todas las versiones). Los productos afectados contienen una vulnerabilidad de desbordamiento de b\u00fafer basada en mont\u00f3n en el componente UMC integrado. Esto podr\u00eda permitir que un atacante remoto no autenticado ejecute c\u00f3digo arbitrario."
}
],
"id": "CVE-2024-33698",
"lastModified": "2025-10-14T10:15:34.373",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "productcert@siemens.com",
"type": "Secondary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "productcert@siemens.com",
"type": "Secondary"
}
]
},
"published": "2024-09-10T10:15:09.707",
"references": [
{
"source": "productcert@siemens.com",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-039007.html"
}
],
"sourceIdentifier": "productcert@siemens.com",
"vulnStatus": "Awaiting Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "productcert@siemens.com",
"type": "Secondary"
}
]
}
ssa-039007
Vulnerability from csaf_siemens
Published
2024-09-10 00:00
Modified
2025-10-14 00:00
Summary
SSA-039007: Heap-based Buffer Overflow Vulnerability in User Management Component (UMC)
Notes
Summary
Siemens User Management Component (UMC) is affected by a heap-based buffer overflow vulnerability which could allow an unauthenticated remote attacker arbitrary code execution.
Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.
General Recommendations
As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use
The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited. (TLPv2: TLP:CLEAR)",
"tlp": {
"label": "WHITE"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Siemens User Management Component (UMC) is affected by a heap-based buffer overflow vulnerability which could allow an unauthenticated remote attacker arbitrary code execution.\n\nSiemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "productcert@siemens.com",
"name": "Siemens ProductCERT",
"namespace": "https://www.siemens.com"
},
"references": [
{
"category": "self",
"summary": "SSA-039007: Heap-based Buffer Overflow Vulnerability in User Management Component (UMC) - HTML Version",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-039007.html"
},
{
"category": "self",
"summary": "SSA-039007: Heap-based Buffer Overflow Vulnerability in User Management Component (UMC) - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-039007.json"
}
],
"title": "SSA-039007: Heap-based Buffer Overflow Vulnerability in User Management Component (UMC)",
"tracking": {
"current_release_date": "2025-10-14T00:00:00Z",
"generator": {
"engine": {
"name": "Siemens ProductCERT CSAF Generator",
"version": "1"
}
},
"id": "SSA-039007",
"initial_release_date": "2024-09-10T00:00:00Z",
"revision_history": [
{
"date": "2024-09-10T00:00:00Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
},
{
"date": "2024-10-08T00:00:00Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Added fix for Totally Integrated Automation Portal (TIA Portal) V19 and clarified formulation for mitigation"
},
{
"date": "2024-11-12T00:00:00Z",
"legacy_version": "1.2",
"number": "3",
"summary": "Added affected products Opcenter Execution Foundation, Opcenter Quality and Opcenter RDL. Added fix for Totally Integrated Automation Portal (TIA Portal) V18. Clarified no fix planned for product Totally Integrated Automation Portal (TIA Portal) V16"
},
{
"date": "2025-01-14T00:00:00Z",
"legacy_version": "1.3",
"number": "4",
"summary": "Added fix for SIMATIC PCS neo V5.0. Removed SIMATIC Information Server 2022 and SIMATIC Information Server 2024 as not affected"
},
{
"date": "2025-03-11T00:00:00Z",
"legacy_version": "1.4",
"number": "5",
"summary": "Added SINEMA Remote Connect Client as affected product including fix"
},
{
"date": "2025-05-13T00:00:00Z",
"legacy_version": "1.5",
"number": "6",
"summary": "Updated remediation for SINEC NMS to point directly to the update of UMC"
},
{
"date": "2025-10-14T00:00:00Z",
"legacy_version": "1.6",
"number": "7",
"summary": "Added remediation for Opcenter RDnL and Opcenter Quality"
}
],
"status": "interim",
"version": "7"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c2406",
"product": {
"name": "Opcenter Quality",
"product_id": "1"
}
}
],
"category": "product_name",
"name": "Opcenter Quality"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c2410",
"product": {
"name": "Opcenter RDnL",
"product_id": "2"
}
}
],
"category": "product_name",
"name": "Opcenter RDnL"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIMATIC PCS neo V4.0",
"product_id": "3"
}
}
],
"category": "product_name",
"name": "SIMATIC PCS neo V4.0"
},
{
"branches": [
{
"category": "product_version_range",
"name": "All versions \u003c V4.1 Update 2",
"product": {
"name": "SIMATIC PCS neo V4.1",
"product_id": "4"
}
}
],
"category": "product_name",
"name": "SIMATIC PCS neo V4.1"
},
{
"branches": [
{
"category": "product_version_range",
"name": "All versions \u003c V5.0 Update 1",
"product": {
"name": "SIMATIC PCS neo V5.0",
"product_id": "5"
}
}
],
"category": "product_name",
"name": "SIMATIC PCS neo V5.0"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SINEC NMS",
"product_id": "6"
}
}
],
"category": "product_name",
"name": "SINEC NMS"
},
{
"branches": [
{
"category": "product_version_range",
"name": "All versions \u003c V3.2 SP3",
"product": {
"name": "SINEMA Remote Connect Client",
"product_id": "7"
}
}
],
"category": "product_name",
"name": "SINEMA Remote Connect Client"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Totally Integrated Automation Portal (TIA Portal) V16",
"product_id": "8"
}
}
],
"category": "product_name",
"name": "Totally Integrated Automation Portal (TIA Portal) V16"
},
{
"branches": [
{
"category": "product_version_range",
"name": "All versions \u003c V17 Update 8",
"product": {
"name": "Totally Integrated Automation Portal (TIA Portal) V17",
"product_id": "9"
}
}
],
"category": "product_name",
"name": "Totally Integrated Automation Portal (TIA Portal) V17"
},
{
"branches": [
{
"category": "product_version_range",
"name": "All versions \u003c V18 Update 5",
"product": {
"name": "Totally Integrated Automation Portal (TIA Portal) V18",
"product_id": "10"
}
}
],
"category": "product_name",
"name": "Totally Integrated Automation Portal (TIA Portal) V18"
},
{
"branches": [
{
"category": "product_version_range",
"name": "All versions \u003c V19 Update 3",
"product": {
"name": "Totally Integrated Automation Portal (TIA Portal) V19",
"product_id": "11"
}
}
],
"category": "product_name",
"name": "Totally Integrated Automation Portal (TIA Portal) V19"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-33698",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "summary",
"text": "Affected products contain a heap-based buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to execute arbitrary code.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Filter the ports 4002 and 4004 to only accept connections to/from the IP addresses of machines that run UMC and are part of the UMC network e.g. with an external firewall",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
{
"category": "mitigation",
"details": "In addition if no RT server machines are used, port 4004 can be blocked completely",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"3",
"8"
]
},
{
"category": "vendor_fix",
"details": "Update to V17 Update 8 or later version",
"product_ids": [
"9"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109784441/"
},
{
"category": "vendor_fix",
"details": "Update to V18 Update 5 or later version",
"product_ids": [
"10"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109817218/"
},
{
"category": "vendor_fix",
"details": "Update to V19 Update 3 or later version",
"product_ids": [
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109925643/"
},
{
"category": "vendor_fix",
"details": "Update to V2406 or later version",
"product_ids": [
"1"
]
},
{
"category": "vendor_fix",
"details": "Update to V2410 or later version",
"product_ids": [
"2"
],
"url": "https://support.sw.siemens.com/product/297341591/"
},
{
"category": "vendor_fix",
"details": "Update to V3.2 SP3 or later version",
"product_ids": [
"7"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109976964/"
},
{
"category": "vendor_fix",
"details": "Update to V4.1 Update 2 or later version",
"product_ids": [
"4"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109972354/"
},
{
"category": "vendor_fix",
"details": "Update to V5.0 Update 1 or later version",
"product_ids": [
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977244/"
},
{
"category": "vendor_fix",
"details": "Update UMC to V2.15.1.1 or later compatible version https://support.industry.siemens.com/cs/ww/en/view/109987708/",
"product_ids": [
"6"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2024-33698"
}
]
}
SSA-039007
Vulnerability from csaf_siemens
Published
2024-09-10 00:00
Modified
2025-10-14 00:00
Summary
SSA-039007: Heap-based Buffer Overflow Vulnerability in User Management Component (UMC)
Notes
Summary
Siemens User Management Component (UMC) is affected by a heap-based buffer overflow vulnerability which could allow an unauthenticated remote attacker arbitrary code execution.
Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.
General Recommendations
As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use
The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited. (TLPv2: TLP:CLEAR)",
"tlp": {
"label": "WHITE"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Siemens User Management Component (UMC) is affected by a heap-based buffer overflow vulnerability which could allow an unauthenticated remote attacker arbitrary code execution.\n\nSiemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "productcert@siemens.com",
"name": "Siemens ProductCERT",
"namespace": "https://www.siemens.com"
},
"references": [
{
"category": "self",
"summary": "SSA-039007: Heap-based Buffer Overflow Vulnerability in User Management Component (UMC) - HTML Version",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-039007.html"
},
{
"category": "self",
"summary": "SSA-039007: Heap-based Buffer Overflow Vulnerability in User Management Component (UMC) - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-039007.json"
}
],
"title": "SSA-039007: Heap-based Buffer Overflow Vulnerability in User Management Component (UMC)",
"tracking": {
"current_release_date": "2025-10-14T00:00:00Z",
"generator": {
"engine": {
"name": "Siemens ProductCERT CSAF Generator",
"version": "1"
}
},
"id": "SSA-039007",
"initial_release_date": "2024-09-10T00:00:00Z",
"revision_history": [
{
"date": "2024-09-10T00:00:00Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
},
{
"date": "2024-10-08T00:00:00Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Added fix for Totally Integrated Automation Portal (TIA Portal) V19 and clarified formulation for mitigation"
},
{
"date": "2024-11-12T00:00:00Z",
"legacy_version": "1.2",
"number": "3",
"summary": "Added affected products Opcenter Execution Foundation, Opcenter Quality and Opcenter RDL. Added fix for Totally Integrated Automation Portal (TIA Portal) V18. Clarified no fix planned for product Totally Integrated Automation Portal (TIA Portal) V16"
},
{
"date": "2025-01-14T00:00:00Z",
"legacy_version": "1.3",
"number": "4",
"summary": "Added fix for SIMATIC PCS neo V5.0. Removed SIMATIC Information Server 2022 and SIMATIC Information Server 2024 as not affected"
},
{
"date": "2025-03-11T00:00:00Z",
"legacy_version": "1.4",
"number": "5",
"summary": "Added SINEMA Remote Connect Client as affected product including fix"
},
{
"date": "2025-05-13T00:00:00Z",
"legacy_version": "1.5",
"number": "6",
"summary": "Updated remediation for SINEC NMS to point directly to the update of UMC"
},
{
"date": "2025-10-14T00:00:00Z",
"legacy_version": "1.6",
"number": "7",
"summary": "Added remediation for Opcenter RDnL and Opcenter Quality"
}
],
"status": "interim",
"version": "7"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c2406",
"product": {
"name": "Opcenter Quality",
"product_id": "1"
}
}
],
"category": "product_name",
"name": "Opcenter Quality"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c2410",
"product": {
"name": "Opcenter RDnL",
"product_id": "2"
}
}
],
"category": "product_name",
"name": "Opcenter RDnL"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIMATIC PCS neo V4.0",
"product_id": "3"
}
}
],
"category": "product_name",
"name": "SIMATIC PCS neo V4.0"
},
{
"branches": [
{
"category": "product_version_range",
"name": "All versions \u003c V4.1 Update 2",
"product": {
"name": "SIMATIC PCS neo V4.1",
"product_id": "4"
}
}
],
"category": "product_name",
"name": "SIMATIC PCS neo V4.1"
},
{
"branches": [
{
"category": "product_version_range",
"name": "All versions \u003c V5.0 Update 1",
"product": {
"name": "SIMATIC PCS neo V5.0",
"product_id": "5"
}
}
],
"category": "product_name",
"name": "SIMATIC PCS neo V5.0"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SINEC NMS",
"product_id": "6"
}
}
],
"category": "product_name",
"name": "SINEC NMS"
},
{
"branches": [
{
"category": "product_version_range",
"name": "All versions \u003c V3.2 SP3",
"product": {
"name": "SINEMA Remote Connect Client",
"product_id": "7"
}
}
],
"category": "product_name",
"name": "SINEMA Remote Connect Client"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Totally Integrated Automation Portal (TIA Portal) V16",
"product_id": "8"
}
}
],
"category": "product_name",
"name": "Totally Integrated Automation Portal (TIA Portal) V16"
},
{
"branches": [
{
"category": "product_version_range",
"name": "All versions \u003c V17 Update 8",
"product": {
"name": "Totally Integrated Automation Portal (TIA Portal) V17",
"product_id": "9"
}
}
],
"category": "product_name",
"name": "Totally Integrated Automation Portal (TIA Portal) V17"
},
{
"branches": [
{
"category": "product_version_range",
"name": "All versions \u003c V18 Update 5",
"product": {
"name": "Totally Integrated Automation Portal (TIA Portal) V18",
"product_id": "10"
}
}
],
"category": "product_name",
"name": "Totally Integrated Automation Portal (TIA Portal) V18"
},
{
"branches": [
{
"category": "product_version_range",
"name": "All versions \u003c V19 Update 3",
"product": {
"name": "Totally Integrated Automation Portal (TIA Portal) V19",
"product_id": "11"
}
}
],
"category": "product_name",
"name": "Totally Integrated Automation Portal (TIA Portal) V19"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-33698",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "summary",
"text": "Affected products contain a heap-based buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to execute arbitrary code.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Filter the ports 4002 and 4004 to only accept connections to/from the IP addresses of machines that run UMC and are part of the UMC network e.g. with an external firewall",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
{
"category": "mitigation",
"details": "In addition if no RT server machines are used, port 4004 can be blocked completely",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"3",
"8"
]
},
{
"category": "vendor_fix",
"details": "Update to V17 Update 8 or later version",
"product_ids": [
"9"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109784441/"
},
{
"category": "vendor_fix",
"details": "Update to V18 Update 5 or later version",
"product_ids": [
"10"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109817218/"
},
{
"category": "vendor_fix",
"details": "Update to V19 Update 3 or later version",
"product_ids": [
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109925643/"
},
{
"category": "vendor_fix",
"details": "Update to V2406 or later version",
"product_ids": [
"1"
]
},
{
"category": "vendor_fix",
"details": "Update to V2410 or later version",
"product_ids": [
"2"
],
"url": "https://support.sw.siemens.com/product/297341591/"
},
{
"category": "vendor_fix",
"details": "Update to V3.2 SP3 or later version",
"product_ids": [
"7"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109976964/"
},
{
"category": "vendor_fix",
"details": "Update to V4.1 Update 2 or later version",
"product_ids": [
"4"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109972354/"
},
{
"category": "vendor_fix",
"details": "Update to V5.0 Update 1 or later version",
"product_ids": [
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977244/"
},
{
"category": "vendor_fix",
"details": "Update UMC to V2.15.1.1 or later compatible version https://support.industry.siemens.com/cs/ww/en/view/109987708/",
"product_ids": [
"6"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2024-33698"
}
]
}
gsd-2024-33698
Vulnerability from gsd
Modified
2024-04-27 05:02
Details
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Aliases
{
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2024-33698"
],
"id": "GSD-2024-33698",
"modified": "2024-04-27T05:02:18.315544Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2024-33698",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
}
}
cnvd-2024-38025
Vulnerability from cnvd
Title
Siemens User Management Component (UMC) 堆缓冲区溢出漏洞
Description
SIMATIC PCS neo是一个分布式控制系统(DCS)。SINEC NMS是面向数字企业的新一代网络管理系统(NMS)。该系统可用于集中监控、管理和配置网络。Totally Integrated Automation Portal (TIA Portal)是一款PC软件,提供对西门子全方位数字化自动化服务的访问,从数字规划和集成工程到透明操作。 User Management Component (UMC)是一个集成组件,可以在系统范围内对用户进行集中维护。
Siemens User Management Component (UMC) 存在堆缓冲区溢出漏洞,攻击者可利用该漏洞执行任意代码。
Severity
高
VLAI Severity ?
Patch Name
Siemens User Management Component (UMC) 堆缓冲区溢出漏洞的补丁
Patch Description
SIMATIC PCS neo是一个分布式控制系统(DCS)。SINEC NMS是面向数字企业的新一代网络管理系统(NMS)。该系统可用于集中监控、管理和配置网络。Totally Integrated Automation Portal (TIA Portal)是一款PC软件,提供对西门子全方位数字化自动化服务的访问,从数字规划和集成工程到透明操作。 User Management Component (UMC)是一个集成组件,可以在系统范围内对用户进行集中维护。
Siemens User Management Component (UMC) 存在堆缓冲区溢出漏洞,攻击者可利用该漏洞执行任意代码。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
用户可参考如下供应商提供的安全公告获得补丁信息: https://cert-portal.siemens.com/productcert/html/ssa-039007.html
Reference
https://cert-portal.siemens.com/productcert/html/ssa-039007.html
Impacted products
| Name | ['Siemens SINEC NMS', 'Siemens Totally Integrated Automation Portal (TIA Portal) V16', 'Siemens Totally Integrated Automation Portal (TIA Portal) V17', 'Siemens Totally Integrated Automation Portal (TIA Portal) V18', 'Siemens SIMATIC PCS neo V4.0', 'Siemens SIMATIC Information Server 2022', 'Siemens SIMATIC PCS neo V4.1', 'Siemens SIMATIC PCS neo V5.0', 'Siemens Totally Integrated Automation Portal (TIA Portal) V19'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2024-33698"
}
},
"description": "SIMATIC PCS neo\u662f\u4e00\u4e2a\u5206\u5e03\u5f0f\u63a7\u5236\u7cfb\u7edf\uff08DCS\uff09\u3002SINEC NMS\u662f\u9762\u5411\u6570\u5b57\u4f01\u4e1a\u7684\u65b0\u4e00\u4ee3\u7f51\u7edc\u7ba1\u7406\u7cfb\u7edf\uff08NMS\uff09\u3002\u8be5\u7cfb\u7edf\u53ef\u7528\u4e8e\u96c6\u4e2d\u76d1\u63a7\u3001\u7ba1\u7406\u548c\u914d\u7f6e\u7f51\u7edc\u3002Totally Integrated Automation Portal (TIA Portal)\u662f\u4e00\u6b3ePC\u8f6f\u4ef6\uff0c\u63d0\u4f9b\u5bf9\u897f\u95e8\u5b50\u5168\u65b9\u4f4d\u6570\u5b57\u5316\u81ea\u52a8\u5316\u670d\u52a1\u7684\u8bbf\u95ee\uff0c\u4ece\u6570\u5b57\u89c4\u5212\u548c\u96c6\u6210\u5de5\u7a0b\u5230\u900f\u660e\u64cd\u4f5c\u3002 User Management Component (UMC)\u662f\u4e00\u4e2a\u96c6\u6210\u7ec4\u4ef6\uff0c\u53ef\u4ee5\u5728\u7cfb\u7edf\u8303\u56f4\u5185\u5bf9\u7528\u6237\u8fdb\u884c\u96c6\u4e2d\u7ef4\u62a4\u3002\n\nSiemens User Management Component (UMC) \u5b58\u5728\u5806\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
"formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://cert-portal.siemens.com/productcert/html/ssa-039007.html",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2024-38025",
"openTime": "2024-09-12",
"patchDescription": "SIMATIC PCS neo\u662f\u4e00\u4e2a\u5206\u5e03\u5f0f\u63a7\u5236\u7cfb\u7edf\uff08DCS\uff09\u3002SINEC NMS\u662f\u9762\u5411\u6570\u5b57\u4f01\u4e1a\u7684\u65b0\u4e00\u4ee3\u7f51\u7edc\u7ba1\u7406\u7cfb\u7edf\uff08NMS\uff09\u3002\u8be5\u7cfb\u7edf\u53ef\u7528\u4e8e\u96c6\u4e2d\u76d1\u63a7\u3001\u7ba1\u7406\u548c\u914d\u7f6e\u7f51\u7edc\u3002Totally Integrated Automation Portal (TIA Portal)\u662f\u4e00\u6b3ePC\u8f6f\u4ef6\uff0c\u63d0\u4f9b\u5bf9\u897f\u95e8\u5b50\u5168\u65b9\u4f4d\u6570\u5b57\u5316\u81ea\u52a8\u5316\u670d\u52a1\u7684\u8bbf\u95ee\uff0c\u4ece\u6570\u5b57\u89c4\u5212\u548c\u96c6\u6210\u5de5\u7a0b\u5230\u900f\u660e\u64cd\u4f5c\u3002 User Management Component (UMC)\u662f\u4e00\u4e2a\u96c6\u6210\u7ec4\u4ef6\uff0c\u53ef\u4ee5\u5728\u7cfb\u7edf\u8303\u56f4\u5185\u5bf9\u7528\u6237\u8fdb\u884c\u96c6\u4e2d\u7ef4\u62a4\u3002\r\n\r\nSiemens User Management Component (UMC) \u5b58\u5728\u5806\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Siemens User Management Component (UMC) \u5806\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"Siemens SINEC NMS",
"Siemens Totally Integrated Automation Portal (TIA Portal) V16",
"Siemens Totally Integrated Automation Portal (TIA Portal) V17",
"Siemens Totally Integrated Automation Portal (TIA Portal) V18",
"Siemens SIMATIC PCS neo V4.0",
"Siemens SIMATIC Information Server 2022",
"Siemens SIMATIC PCS neo V4.1",
"Siemens SIMATIC PCS neo V5.0",
"Siemens Totally Integrated Automation Portal (TIA Portal) V19"
]
},
"referenceLink": "https://cert-portal.siemens.com/productcert/html/ssa-039007.html",
"serverity": "\u9ad8",
"submitTime": "2024-09-12",
"title": "Siemens User Management Component (UMC) \u5806\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e"
}
ncsc-2024-0362
Vulnerability from csaf_ncscnl
Published
2024-09-10 18:20
Modified
2024-09-10 18:20
Summary
Kwetsbaarheden verholpen in Siemens producten
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Siemens heeft kwetsbaarheden verholpen in diverse producten als Mendix, SICAM, SIMATIC, SINEMA, SINUMERIK en Tecnomatix.
Interpretaties
De kwetsbaarheden stellen een kwaadwillende mogelijk in staat aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:
- Denial-of-Service (DoS)
- Manipulatie van gegevens
- Omzeilen van een beveiligingsmaatregel
- Omzeilen van authenticatie
- (Remote) code execution (Administrator/Root rechten)
- (Remote) code execution (Gebruikersrechten)
- Toegang tot systeemgegevens
- Verhoogde gebruikersrechten
De kwaadwillende heeft hiervoor toegang nodig tot de productieomgeving. Het is goed gebruik een dergelijke omgeving niet publiek toegankelijk te hebben.
Oplossingen
Siemens heeft beveiligingsupdates uitgebracht om de kwetsbaarheden te verhelpen. Voor de kwetsbaarheden waar nog geen updates voor zijn, heeft Siemens mitigerende maatregelen gepubliceerd om de risico's zoveel als mogelijk te beperken. Zie de bijgevoegde referenties voor meer informatie.
Kans
medium
Schade
high
CWE-115
Misinterpretation of Input
CWE-912
Hidden Functionality
CWE-364
Signal Handler Race Condition
CWE-772
Missing Release of Resource after Effective Lifetime
CWE-732
Incorrect Permission Assignment for Critical Resource
CWE-297
Improper Validation of Certificate with Host Mismatch
CWE-754
Improper Check for Unusual or Exceptional Conditions
CWE-703
Improper Check or Handling of Exceptional Conditions
CWE-319
Cleartext Transmission of Sensitive Information
CWE-613
Insufficient Session Expiration
CWE-190
Integer Overflow or Wraparound
CWE-532
Insertion of Sensitive Information into Log File
CWE-204
Observable Response Discrepancy
CWE-639
Authorization Bypass Through User-Controlled Key
CWE-250
Execution with Unnecessary Privileges
CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE-404
Improper Resource Shutdown or Release
CWE-284
Improper Access Control
CWE-416
Use After Free
CWE-401
Missing Release of Memory after Effective Lifetime
CWE-476
NULL Pointer Dereference
CWE-295
Improper Certificate Validation
CWE-384
Session Fixation
CWE-122
Heap-based Buffer Overflow
CWE-121
Stack-based Buffer Overflow
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-20
Improper Input Validation
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Siemens heeft kwetsbaarheden verholpen in diverse producten als Mendix, SICAM, SIMATIC, SINEMA, SINUMERIK en Tecnomatix.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden stellen een kwaadwillende mogelijk in staat aanvallen uit te voeren die kunnen leiden tot de volgende categorie\u00ebn schade:\n\n- Denial-of-Service (DoS)\n- Manipulatie van gegevens\n- Omzeilen van een beveiligingsmaatregel\n- Omzeilen van authenticatie\n- (Remote) code execution (Administrator/Root rechten)\n- (Remote) code execution (Gebruikersrechten)\n- Toegang tot systeemgegevens\n- Verhoogde gebruikersrechten\n\nDe kwaadwillende heeft hiervoor toegang nodig tot de productieomgeving. Het is goed gebruik een dergelijke omgeving niet publiek toegankelijk te hebben.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Siemens heeft beveiligingsupdates uitgebracht om de kwetsbaarheden te verhelpen. Voor de kwetsbaarheden waar nog geen updates voor zijn, heeft Siemens mitigerende maatregelen gepubliceerd om de risico\u0027s zoveel als mogelijk te beperken. Zie de bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Misinterpretation of Input",
"title": "CWE-115"
},
{
"category": "general",
"text": "Hidden Functionality",
"title": "CWE-912"
},
{
"category": "general",
"text": "Signal Handler Race Condition",
"title": "CWE-364"
},
{
"category": "general",
"text": "Missing Release of Resource after Effective Lifetime",
"title": "CWE-772"
},
{
"category": "general",
"text": "Incorrect Permission Assignment for Critical Resource",
"title": "CWE-732"
},
{
"category": "general",
"text": "Improper Validation of Certificate with Host Mismatch",
"title": "CWE-297"
},
{
"category": "general",
"text": "Improper Check for Unusual or Exceptional Conditions",
"title": "CWE-754"
},
{
"category": "general",
"text": "Improper Check or Handling of Exceptional Conditions",
"title": "CWE-703"
},
{
"category": "general",
"text": "Cleartext Transmission of Sensitive Information",
"title": "CWE-319"
},
{
"category": "general",
"text": "Insufficient Session Expiration",
"title": "CWE-613"
},
{
"category": "general",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
},
{
"category": "general",
"text": "Insertion of Sensitive Information into Log File",
"title": "CWE-532"
},
{
"category": "general",
"text": "Observable Response Discrepancy",
"title": "CWE-204"
},
{
"category": "general",
"text": "Authorization Bypass Through User-Controlled Key",
"title": "CWE-639"
},
{
"category": "general",
"text": "Execution with Unnecessary Privileges",
"title": "CWE-250"
},
{
"category": "general",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "general",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "general",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "general",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "general",
"text": "Missing Release of Memory after Effective Lifetime",
"title": "CWE-401"
},
{
"category": "general",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
},
{
"category": "general",
"text": "Improper Certificate Validation",
"title": "CWE-295"
},
{
"category": "general",
"text": "Session Fixation",
"title": "CWE-384"
},
{
"category": "general",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "general",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
},
{
"category": "general",
"text": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"title": "CWE-120"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-039007.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-097435.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-097786.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-103653.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-342438.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-359713.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-417159.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-423808.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-427715.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-446545.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-629254.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-673996.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-765405.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-773256.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-869574.pdf"
}
],
"title": "Kwetsbaarheden verholpen in Siemens producten",
"tracking": {
"current_release_date": "2024-09-10T18:20:41.668720Z",
"id": "NCSC-2024-0362",
"initial_release_date": "2024-09-10T18:20:41.668720Z",
"revision_history": [
{
"date": "2024-09-10T18:20:41.668720Z",
"number": "0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "ai_model_deployer",
"product": {
"name": "ai_model_deployer",
"product_id": "CSAFPID-1637884",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:ai_model_deployer:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "automation_license_manager_v5",
"product": {
"name": "automation_license_manager_v5",
"product_id": "CSAFPID-1637629",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:automation_license_manager_v5:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "automation_license_manager_v5",
"product": {
"name": "automation_license_manager_v5",
"product_id": "CSAFPID-1553852",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:automation_license_manager_v5:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "automation_license_manager_v6.0",
"product": {
"name": "automation_license_manager_v6.0",
"product_id": "CSAFPID-1637630",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:automation_license_manager_v6.0:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "automation_license_manager_v6.0",
"product": {
"name": "automation_license_manager_v6.0",
"product_id": "CSAFPID-1637609",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:automation_license_manager_v6.0:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "automation_license_manager_v6.2",
"product": {
"name": "automation_license_manager_v6.2",
"product_id": "CSAFPID-1637631",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:automation_license_manager_v6.2:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "automation_license_manager_v6.2",
"product": {
"name": "automation_license_manager_v6.2",
"product_id": "CSAFPID-1637610",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:automation_license_manager_v6.2:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "data_flow_monitoring_industrial_edge_device_user_interface__dfm_ied_ui_",
"product": {
"name": "data_flow_monitoring_industrial_edge_device_user_interface__dfm_ied_ui_",
"product_id": "CSAFPID-1637885",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:data_flow_monitoring_industrial_edge_device_user_interface__dfm_ied_ui_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "eti5_ethernet_int._1x100tx_iec61850",
"product": {
"name": "eti5_ethernet_int._1x100tx_iec61850",
"product_id": "CSAFPID-1637840",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:eti5_ethernet_int._1x100tx_iec61850:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "industrial_edge_management_os__iem-os_",
"product": {
"name": "industrial_edge_management_os__iem-os_",
"product_id": "CSAFPID-1637818",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:industrial_edge_management_os__iem-os_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "industrial_edge_management_pro",
"product": {
"name": "industrial_edge_management_pro",
"product_id": "CSAFPID-1637809",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:industrial_edge_management_pro:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "industrial_edge_management_pro",
"product": {
"name": "industrial_edge_management_pro",
"product_id": "CSAFPID-1637611",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:industrial_edge_management_pro:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "industrial_edge_management_virtual",
"product": {
"name": "industrial_edge_management_virtual",
"product_id": "CSAFPID-1637810",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:industrial_edge_management_virtual:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "industrial_edge_management_virtual",
"product": {
"name": "industrial_edge_management_virtual",
"product_id": "CSAFPID-1637612",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:industrial_edge_management_virtual:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "livetwin_industrial_edge_app__6av2170-0bl00-0aa0_",
"product": {
"name": "livetwin_industrial_edge_app__6av2170-0bl00-0aa0_",
"product_id": "CSAFPID-1637886",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:livetwin_industrial_edge_app__6av2170-0bl00-0aa0_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "mendix_runtime_v10.12",
"product": {
"name": "mendix_runtime_v10.12",
"product_id": "CSAFPID-1637623",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:mendix_runtime_v10.12:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "mendix_runtime_v10.12",
"product": {
"name": "mendix_runtime_v10.12",
"product_id": "CSAFPID-1637566",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:mendix_runtime_v10.12:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "mendix_runtime_v10.6",
"product": {
"name": "mendix_runtime_v10.6",
"product_id": "CSAFPID-1637624",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:mendix_runtime_v10.6:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "mendix_runtime_v10.6",
"product": {
"name": "mendix_runtime_v10.6",
"product_id": "CSAFPID-1637567",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:mendix_runtime_v10.6:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "mendix_runtime_v10",
"product": {
"name": "mendix_runtime_v10",
"product_id": "CSAFPID-1637622",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:mendix_runtime_v10:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "mendix_runtime_v10",
"product": {
"name": "mendix_runtime_v10",
"product_id": "CSAFPID-1637565",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:mendix_runtime_v10:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "mendix_runtime_v8",
"product": {
"name": "mendix_runtime_v8",
"product_id": "CSAFPID-1637625",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:mendix_runtime_v8:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "mendix_runtime_v8",
"product": {
"name": "mendix_runtime_v8",
"product_id": "CSAFPID-1637568",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:mendix_runtime_v8:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "mendix_runtime_v9",
"product": {
"name": "mendix_runtime_v9",
"product_id": "CSAFPID-1637626",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:mendix_runtime_v9:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "mendix_runtime_v9",
"product": {
"name": "mendix_runtime_v9",
"product_id": "CSAFPID-1637569",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:mendix_runtime_v9:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sicam_scc",
"product": {
"name": "sicam_scc",
"product_id": "CSAFPID-1637841",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:sicam_scc:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sicam_scc__10.0",
"product": {
"name": "sicam_scc__10.0",
"product_id": "CSAFPID-1637471",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:sicam_scc__10.0:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_batch_v9.1",
"product": {
"name": "simatic_batch_v9.1",
"product_id": "CSAFPID-1625340",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_batch_v9.1:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_batch_v9.1",
"product": {
"name": "simatic_batch_v9.1",
"product_id": "CSAFPID-1470063",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_batch_v9.1:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_cp_1242-7_v2__incl._siplus_variants_",
"product": {
"name": "simatic_cp_1242-7_v2__incl._siplus_variants_",
"product_id": "CSAFPID-1637811",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_cp_1242-7_v2__incl._siplus_variants_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_cp_1242-7_v2__incl._siplus_variants_",
"product": {
"name": "simatic_cp_1242-7_v2__incl._siplus_variants_",
"product_id": "CSAFPID-1476332",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_cp_1242-7_v2__incl._siplus_variants_:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_cp_1243-1__incl._siplus_variants_",
"product": {
"name": "simatic_cp_1243-1__incl._siplus_variants_",
"product_id": "CSAFPID-1637649",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_cp_1243-1__incl._siplus_variants_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_cp_1243-1__incl._siplus_variants_",
"product": {
"name": "simatic_cp_1243-1__incl._siplus_variants_",
"product_id": "CSAFPID-1476333",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_cp_1243-1__incl._siplus_variants_:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_cp_1243-1_dnp3__incl._siplus_variants_",
"product": {
"name": "simatic_cp_1243-1_dnp3__incl._siplus_variants_",
"product_id": "CSAFPID-1637650",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_cp_1243-1_dnp3__incl._siplus_variants_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_cp_1243-1_dnp3__incl._siplus_variants_",
"product": {
"name": "simatic_cp_1243-1_dnp3__incl._siplus_variants_",
"product_id": "CSAFPID-1476082",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_cp_1243-1_dnp3__incl._siplus_variants_:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_cp_1243-1_iec__incl._siplus_variants_",
"product": {
"name": "simatic_cp_1243-1_iec__incl._siplus_variants_",
"product_id": "CSAFPID-1637651",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_cp_1243-1_iec__incl._siplus_variants_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_cp_1243-1_iec__incl._siplus_variants_",
"product": {
"name": "simatic_cp_1243-1_iec__incl._siplus_variants_",
"product_id": "CSAFPID-1476083",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_cp_1243-1_iec__incl._siplus_variants_:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_cp_1243-7_lte",
"product": {
"name": "simatic_cp_1243-7_lte",
"product_id": "CSAFPID-1637812",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_cp_1243-7_lte:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_cp_1243-7_lte",
"product": {
"name": "simatic_cp_1243-7_lte",
"product_id": "CSAFPID-1476334",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_cp_1243-7_lte:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_cp_1243-8_irc",
"product": {
"name": "simatic_cp_1243-8_irc",
"product_id": "CSAFPID-1476086",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_cp_1243-8_irc:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_cp_1243-8_irc__6gk7243-8rx30-0xe0_",
"product": {
"name": "simatic_cp_1243-8_irc__6gk7243-8rx30-0xe0_",
"product_id": "CSAFPID-1637652",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_cp_1243-8_irc__6gk7243-8rx30-0xe0_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_hmi_comfort_panels__incl._siplus_variants_",
"product": {
"name": "simatic_hmi_comfort_panels__incl._siplus_variants_",
"product_id": "CSAFPID-1637813",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_hmi_comfort_panels__incl._siplus_variants_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_hmi_comfort_panels__incl._siplus_variants_",
"product": {
"name": "simatic_hmi_comfort_panels__incl._siplus_variants_",
"product_id": "CSAFPID-1637557",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_hmi_comfort_panels__incl._siplus_variants_:all_versions:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_information_server_2020",
"product": {
"name": "simatic_information_server_2020",
"product_id": "CSAFPID-1637837",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_information_server_2020:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_information_server_2020",
"product": {
"name": "simatic_information_server_2020",
"product_id": "CSAFPID-1637574",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_information_server_2020:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_information_server_2022",
"product": {
"name": "simatic_information_server_2022",
"product_id": "CSAFPID-1637613",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_information_server_2022:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_information_server_2022",
"product": {
"name": "simatic_information_server_2022",
"product_id": "CSAFPID-1637570",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_information_server_2022:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_information_server_2024",
"product": {
"name": "simatic_information_server_2024",
"product_id": "CSAFPID-1637614",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_information_server_2024:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_information_server_2024",
"product": {
"name": "simatic_information_server_2024",
"product_id": "CSAFPID-1637571",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_information_server_2024:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_ipc_diagbase",
"product": {
"name": "simatic_ipc_diagbase",
"product_id": "CSAFPID-1637619",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_ipc_diagbase:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_ipc_diagbase",
"product": {
"name": "simatic_ipc_diagbase",
"product_id": "CSAFPID-1497078",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_ipc_diagbase:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_ipc_diagmonitor",
"product": {
"name": "simatic_ipc_diagmonitor",
"product_id": "CSAFPID-744729",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_ipc_diagmonitor:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_ipc_diagmonitor",
"product": {
"name": "simatic_ipc_diagmonitor",
"product_id": "CSAFPID-1457904",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_ipc_diagmonitor:all_versions:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_pcs_7_v9.1",
"product": {
"name": "simatic_pcs_7_v9.1",
"product_id": "CSAFPID-1501190",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_pcs_7_v9.1:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_pcs_7_v9.1",
"product": {
"name": "simatic_pcs_7_v9.1",
"product_id": "CSAFPID-1457909",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_pcs_7_v9.1:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_pcs_neo_v4.0",
"product": {
"name": "simatic_pcs_neo_v4.0",
"product_id": "CSAFPID-1637615",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_pcs_neo_v4.0:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_pcs_neo_v4.0",
"product": {
"name": "simatic_pcs_neo_v4.0",
"product_id": "CSAFPID-1496915",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_pcs_neo_v4.0:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_pcs_neo_v4.1",
"product": {
"name": "simatic_pcs_neo_v4.1",
"product_id": "CSAFPID-1637616",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_pcs_neo_v4.1:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_pcs_neo_v4.1",
"product": {
"name": "simatic_pcs_neo_v4.1",
"product_id": "CSAFPID-1637572",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_pcs_neo_v4.1:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_pcs_neo_v5.0",
"product": {
"name": "simatic_pcs_neo_v5.0",
"product_id": "CSAFPID-1637617",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_pcs_neo_v5.0:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_pcs_neo_v5.0",
"product": {
"name": "simatic_pcs_neo_v5.0",
"product_id": "CSAFPID-1637573",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_pcs_neo_v5.0:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_process_historian_2020",
"product": {
"name": "simatic_process_historian_2020",
"product_id": "CSAFPID-1637838",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_process_historian_2020:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_process_historian_2020",
"product": {
"name": "simatic_process_historian_2020",
"product_id": "CSAFPID-1637575",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_process_historian_2020:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_process_historian_2022",
"product": {
"name": "simatic_process_historian_2022",
"product_id": "CSAFPID-1637839",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_process_historian_2022:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_process_historian_2022",
"product": {
"name": "simatic_process_historian_2022",
"product_id": "CSAFPID-1637576",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_process_historian_2022:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf610r_cmiit",
"product": {
"name": "simatic_reader_rf610r_cmiit",
"product_id": "CSAFPID-1637577",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf610r_cmiit:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf610r_cmiit__6gt2811-6bc10-2aa0_",
"product": {
"name": "simatic_reader_rf610r_cmiit__6gt2811-6bc10-2aa0_",
"product_id": "CSAFPID-1637857",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf610r_cmiit__6gt2811-6bc10-2aa0_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf610r_etsi",
"product": {
"name": "simatic_reader_rf610r_etsi",
"product_id": "CSAFPID-1637578",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf610r_etsi:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf610r_etsi__6gt2811-6bc10-0aa0_",
"product": {
"name": "simatic_reader_rf610r_etsi__6gt2811-6bc10-0aa0_",
"product_id": "CSAFPID-1637858",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf610r_etsi__6gt2811-6bc10-0aa0_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf610r_fcc",
"product": {
"name": "simatic_reader_rf610r_fcc",
"product_id": "CSAFPID-1637579",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf610r_fcc:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf610r_fcc__6gt2811-6bc10-1aa0_",
"product": {
"name": "simatic_reader_rf610r_fcc__6gt2811-6bc10-1aa0_",
"product_id": "CSAFPID-1637859",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf610r_fcc__6gt2811-6bc10-1aa0_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf615r_cmiit",
"product": {
"name": "simatic_reader_rf615r_cmiit",
"product_id": "CSAFPID-1637580",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf615r_cmiit:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf615r_cmiit__6gt2811-6cc10-2aa0_",
"product": {
"name": "simatic_reader_rf615r_cmiit__6gt2811-6cc10-2aa0_",
"product_id": "CSAFPID-1637860",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf615r_cmiit__6gt2811-6cc10-2aa0_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf615r_etsi",
"product": {
"name": "simatic_reader_rf615r_etsi",
"product_id": "CSAFPID-1637581",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf615r_etsi:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf615r_etsi__6gt2811-6cc10-0aa0_",
"product": {
"name": "simatic_reader_rf615r_etsi__6gt2811-6cc10-0aa0_",
"product_id": "CSAFPID-1637861",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf615r_etsi__6gt2811-6cc10-0aa0_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf615r_fcc",
"product": {
"name": "simatic_reader_rf615r_fcc",
"product_id": "CSAFPID-1637582",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf615r_fcc:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf615r_fcc__6gt2811-6cc10-1aa0_",
"product": {
"name": "simatic_reader_rf615r_fcc__6gt2811-6cc10-1aa0_",
"product_id": "CSAFPID-1637862",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf615r_fcc__6gt2811-6cc10-1aa0_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf650r_arib",
"product": {
"name": "simatic_reader_rf650r_arib",
"product_id": "CSAFPID-1637583",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf650r_arib:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf650r_arib__6gt2811-6ab20-4aa0_",
"product": {
"name": "simatic_reader_rf650r_arib__6gt2811-6ab20-4aa0_",
"product_id": "CSAFPID-1637863",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf650r_arib__6gt2811-6ab20-4aa0_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf650r_cmiit",
"product": {
"name": "simatic_reader_rf650r_cmiit",
"product_id": "CSAFPID-1637584",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf650r_cmiit:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf650r_cmiit__6gt2811-6ab20-2aa0_",
"product": {
"name": "simatic_reader_rf650r_cmiit__6gt2811-6ab20-2aa0_",
"product_id": "CSAFPID-1637864",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf650r_cmiit__6gt2811-6ab20-2aa0_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf650r_etsi",
"product": {
"name": "simatic_reader_rf650r_etsi",
"product_id": "CSAFPID-1637585",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf650r_etsi:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf650r_etsi__6gt2811-6ab20-0aa0_",
"product": {
"name": "simatic_reader_rf650r_etsi__6gt2811-6ab20-0aa0_",
"product_id": "CSAFPID-1637865",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf650r_etsi__6gt2811-6ab20-0aa0_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf650r_fcc",
"product": {
"name": "simatic_reader_rf650r_fcc",
"product_id": "CSAFPID-1637586",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf650r_fcc:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf650r_fcc__6gt2811-6ab20-1aa0_",
"product": {
"name": "simatic_reader_rf650r_fcc__6gt2811-6ab20-1aa0_",
"product_id": "CSAFPID-1637866",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf650r_fcc__6gt2811-6ab20-1aa0_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf680r_arib",
"product": {
"name": "simatic_reader_rf680r_arib",
"product_id": "CSAFPID-1637587",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf680r_arib:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf680r_arib__6gt2811-6aa10-4aa0_",
"product": {
"name": "simatic_reader_rf680r_arib__6gt2811-6aa10-4aa0_",
"product_id": "CSAFPID-1637867",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf680r_arib__6gt2811-6aa10-4aa0_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf680r_cmiit",
"product": {
"name": "simatic_reader_rf680r_cmiit",
"product_id": "CSAFPID-1637588",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf680r_cmiit:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf680r_cmiit__6gt2811-6aa10-2aa0_",
"product": {
"name": "simatic_reader_rf680r_cmiit__6gt2811-6aa10-2aa0_",
"product_id": "CSAFPID-1637868",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf680r_cmiit__6gt2811-6aa10-2aa0_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf680r_etsi",
"product": {
"name": "simatic_reader_rf680r_etsi",
"product_id": "CSAFPID-1637589",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf680r_etsi:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf680r_etsi__6gt2811-6aa10-0aa0_",
"product": {
"name": "simatic_reader_rf680r_etsi__6gt2811-6aa10-0aa0_",
"product_id": "CSAFPID-1637869",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf680r_etsi__6gt2811-6aa10-0aa0_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf680r_fcc",
"product": {
"name": "simatic_reader_rf680r_fcc",
"product_id": "CSAFPID-1637590",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf680r_fcc:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf680r_fcc__6gt2811-6aa10-1aa0_",
"product": {
"name": "simatic_reader_rf680r_fcc__6gt2811-6aa10-1aa0_",
"product_id": "CSAFPID-1637870",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf680r_fcc__6gt2811-6aa10-1aa0_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf685r_arib",
"product": {
"name": "simatic_reader_rf685r_arib",
"product_id": "CSAFPID-1637591",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf685r_arib:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf685r_arib__6gt2811-6ca10-4aa0_",
"product": {
"name": "simatic_reader_rf685r_arib__6gt2811-6ca10-4aa0_",
"product_id": "CSAFPID-1637871",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf685r_arib__6gt2811-6ca10-4aa0_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf685r_cmiit",
"product": {
"name": "simatic_reader_rf685r_cmiit",
"product_id": "CSAFPID-1637592",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf685r_cmiit:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf685r_cmiit__6gt2811-6ca10-2aa0_",
"product": {
"name": "simatic_reader_rf685r_cmiit__6gt2811-6ca10-2aa0_",
"product_id": "CSAFPID-1637872",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf685r_cmiit__6gt2811-6ca10-2aa0_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf685r_etsi",
"product": {
"name": "simatic_reader_rf685r_etsi",
"product_id": "CSAFPID-1637593",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf685r_etsi:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf685r_etsi__6gt2811-6ca10-0aa0_",
"product": {
"name": "simatic_reader_rf685r_etsi__6gt2811-6ca10-0aa0_",
"product_id": "CSAFPID-1637873",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf685r_etsi__6gt2811-6ca10-0aa0_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf685r_fcc",
"product": {
"name": "simatic_reader_rf685r_fcc",
"product_id": "CSAFPID-1637594",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf685r_fcc:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf685r_fcc__6gt2811-6ca10-1aa0_",
"product": {
"name": "simatic_reader_rf685r_fcc__6gt2811-6ca10-1aa0_",
"product_id": "CSAFPID-1637874",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf685r_fcc__6gt2811-6ca10-1aa0_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_rf1140r",
"product": {
"name": "simatic_rf1140r",
"product_id": "CSAFPID-1637595",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_rf1140r:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_rf1140r__6gt2831-6cb00_",
"product": {
"name": "simatic_rf1140r__6gt2831-6cb00_",
"product_id": "CSAFPID-1637875",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_rf1140r__6gt2831-6cb00_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_rf1170r",
"product": {
"name": "simatic_rf1170r",
"product_id": "CSAFPID-1637596",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_rf1170r:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_rf1170r__6gt2831-6bb00_",
"product": {
"name": "simatic_rf1170r__6gt2831-6bb00_",
"product_id": "CSAFPID-1637876",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_rf1170r__6gt2831-6bb00_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_rf166c",
"product": {
"name": "simatic_rf166c",
"product_id": "CSAFPID-1637597",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_rf166c:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_rf166c__6gt2002-0ee20_",
"product": {
"name": "simatic_rf166c__6gt2002-0ee20_",
"product_id": "CSAFPID-1637877",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_rf166c__6gt2002-0ee20_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_rf185c",
"product": {
"name": "simatic_rf185c",
"product_id": "CSAFPID-1637598",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_rf185c:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_rf185c__6gt2002-0je10_",
"product": {
"name": "simatic_rf185c__6gt2002-0je10_",
"product_id": "CSAFPID-1637878",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_rf185c__6gt2002-0je10_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_rf186c",
"product": {
"name": "simatic_rf186c",
"product_id": "CSAFPID-1637599",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_rf186c:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_rf186c__6gt2002-0je20_",
"product": {
"name": "simatic_rf186c__6gt2002-0je20_",
"product_id": "CSAFPID-1637879",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_rf186c__6gt2002-0je20_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_rf186ci",
"product": {
"name": "simatic_rf186ci",
"product_id": "CSAFPID-1637600",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_rf186ci:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_rf186ci__6gt2002-0je50_",
"product": {
"name": "simatic_rf186ci__6gt2002-0je50_",
"product_id": "CSAFPID-1637880",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_rf186ci__6gt2002-0je50_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_rf188c",
"product": {
"name": "simatic_rf188c",
"product_id": "CSAFPID-1637601",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_rf188c:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_rf188c__6gt2002-0je40_",
"product": {
"name": "simatic_rf188c__6gt2002-0je40_",
"product_id": "CSAFPID-1637881",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_rf188c__6gt2002-0je40_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_rf188ci",
"product": {
"name": "simatic_rf188ci",
"product_id": "CSAFPID-1637602",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_rf188ci:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_rf188ci__6gt2002-0je60_",
"product": {
"name": "simatic_rf188ci__6gt2002-0je60_",
"product_id": "CSAFPID-1637882",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_rf188ci__6gt2002-0je60_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_rf360r",
"product": {
"name": "simatic_rf360r",
"product_id": "CSAFPID-1637603",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_rf360r:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_rf360r__6gt2801-5ba30_",
"product": {
"name": "simatic_rf360r__6gt2801-5ba30_",
"product_id": "CSAFPID-1637883",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_rf360r__6gt2801-5ba30_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ab0_",
"product": {
"name": "simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ab0_",
"product_id": "CSAFPID-1615260",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ab0_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ac0_",
"product": {
"name": "simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ac0_",
"product_id": "CSAFPID-1615261",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ac0_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ab0_",
"product": {
"name": "simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ab0_",
"product_id": "CSAFPID-1615262",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ab0_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ac0_",
"product": {
"name": "simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ac0_",
"product_id": "CSAFPID-1615263",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ac0_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_wincc",
"product": {
"name": "simatic_wincc",
"product_id": "CSAFPID-165973",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_wincc:7.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_wincc",
"product": {
"name": "simatic_wincc",
"product_id": "CSAFPID-186768",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_wincc:7.5:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_wincc",
"product": {
"name": "simatic_wincc",
"product_id": "CSAFPID-855579",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_wincc:8.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_wincc",
"product": {
"name": "simatic_wincc",
"product_id": "CSAFPID-1637479",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_wincc:runtime_advanced:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_wincc",
"product": {
"name": "simatic_wincc",
"product_id": "CSAFPID-1637482",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_wincc:runtime_professional_v17:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_wincc",
"product": {
"name": "simatic_wincc",
"product_id": "CSAFPID-1637483",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_wincc:runtime_professional_v18:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_wincc",
"product": {
"name": "simatic_wincc",
"product_id": "CSAFPID-1637480",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_wincc:runtime_professional_v19:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_wincc",
"product": {
"name": "simatic_wincc",
"product_id": "CSAFPID-1637481",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_wincc:runtime_professional_v20:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_wincc_runtime_advanced",
"product": {
"name": "simatic_wincc_runtime_advanced",
"product_id": "CSAFPID-766087",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_wincc_runtime_advanced:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_wincc_runtime_advanced",
"product": {
"name": "simatic_wincc_runtime_advanced",
"product_id": "CSAFPID-1637558",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_wincc_runtime_advanced:all_versions:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_wincc_runtime_professional_v17",
"product": {
"name": "simatic_wincc_runtime_professional_v17",
"product_id": "CSAFPID-1637887",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_wincc_runtime_professional_v17:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_wincc_runtime_professional_v18",
"product": {
"name": "simatic_wincc_runtime_professional_v18",
"product_id": "CSAFPID-1501188",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_wincc_runtime_professional_v18:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_wincc_runtime_professional_v18",
"product": {
"name": "simatic_wincc_runtime_professional_v18",
"product_id": "CSAFPID-1457962",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_wincc_runtime_professional_v18:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_wincc_runtime_professional_v19",
"product": {
"name": "simatic_wincc_runtime_professional_v19",
"product_id": "CSAFPID-1501192",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_wincc_runtime_professional_v19:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_wincc_runtime_professional_v19",
"product": {
"name": "simatic_wincc_runtime_professional_v19",
"product_id": "CSAFPID-1457963",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_wincc_runtime_professional_v19:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_wincc_runtime_professional_v20",
"product": {
"name": "simatic_wincc_runtime_professional_v20",
"product_id": "CSAFPID-1637888",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_wincc_runtime_professional_v20:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_wincc_v7.4",
"product": {
"name": "simatic_wincc_v7.4",
"product_id": "CSAFPID-1501193",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_wincc_v7.4:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_wincc_v7.4",
"product": {
"name": "simatic_wincc_v7.4",
"product_id": "CSAFPID-1457965",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_wincc_v7.4:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_wincc_v7.5",
"product": {
"name": "simatic_wincc_v7.5",
"product_id": "CSAFPID-1501191",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_wincc_v7.5:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_wincc_v7.5",
"product": {
"name": "simatic_wincc_v7.5",
"product_id": "CSAFPID-1457966",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_wincc_v7.5:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_wincc_v8.0",
"product": {
"name": "simatic_wincc_v8.0",
"product_id": "CSAFPID-1501189",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_wincc_v8.0:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_wincc_v8.0",
"product": {
"name": "simatic_wincc_v8.0",
"product_id": "CSAFPID-1457967",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_wincc_v8.0:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sinec_nms",
"product": {
"name": "sinec_nms",
"product_id": "CSAFPID-309392",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:sinec_nms:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sinec_nms",
"product": {
"name": "sinec_nms",
"product_id": "CSAFPID-1458012",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:sinec_nms:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sinema_remote_connect_client",
"product": {
"name": "sinema_remote_connect_client",
"product_id": "CSAFPID-894438",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:sinema_remote_connect_client:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sinema_remote_connect_client",
"product": {
"name": "sinema_remote_connect_client",
"product_id": "CSAFPID-1494867",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:sinema_remote_connect_client:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sinema_remote_connect_server",
"product": {
"name": "sinema_remote_connect_server",
"product_id": "CSAFPID-218852",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:sinema_remote_connect_server:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sinema_remote_connect_server",
"product": {
"name": "sinema_remote_connect_server",
"product_id": "CSAFPID-1496914",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:sinema_remote_connect_server:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sinumerik_828d_v4",
"product": {
"name": "sinumerik_828d_v4",
"product_id": "CSAFPID-1637627",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:sinumerik_828d_v4:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sinumerik_828d_v4",
"product": {
"name": "sinumerik_828d_v4",
"product_id": "CSAFPID-1637606",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:sinumerik_828d_v4:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sinumerik_828d_v5",
"product": {
"name": "sinumerik_828d_v5",
"product_id": "CSAFPID-1637762",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:sinumerik_828d_v5:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sinumerik_828d_v5",
"product": {
"name": "sinumerik_828d_v5",
"product_id": "CSAFPID-1637607",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:sinumerik_828d_v5:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sinumerik_840d_sl_v4",
"product": {
"name": "sinumerik_840d_sl_v4",
"product_id": "CSAFPID-1637628",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:sinumerik_840d_sl_v4:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sinumerik_840d_sl_v4",
"product": {
"name": "sinumerik_840d_sl_v4",
"product_id": "CSAFPID-1637608",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:sinumerik_840d_sl_v4:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sinumerik_one",
"product": {
"name": "sinumerik_one",
"product_id": "CSAFPID-455030",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:sinumerik_one:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sinumerik_one",
"product": {
"name": "sinumerik_one",
"product_id": "CSAFPID-1457969",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:sinumerik_one:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "siplus_s7-1500_cpu_1518-4_pn_dp_mfp__6ag1518-4ax00-4ac0_",
"product": {
"name": "siplus_s7-1500_cpu_1518-4_pn_dp_mfp__6ag1518-4ax00-4ac0_",
"product_id": "CSAFPID-1615264",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:siplus_s7-1500_cpu_1518-4_pn_dp_mfp__6ag1518-4ax00-4ac0_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "siplus_tim_1531_irc",
"product": {
"name": "siplus_tim_1531_irc",
"product_id": "CSAFPID-1476100",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:siplus_tim_1531_irc:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "siplus_tim_1531_irc__6ag1543-1mx00-7xe0_",
"product": {
"name": "siplus_tim_1531_irc__6ag1543-1mx00-7xe0_",
"product_id": "CSAFPID-1637814",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:siplus_tim_1531_irc__6ag1543-1mx00-7xe0_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sitipe_at",
"product": {
"name": "sitipe_at",
"product_id": "CSAFPID-1637842",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:sitipe_at:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "tecnomatix_plant_simulation_v2302",
"product": {
"name": "tecnomatix_plant_simulation_v2302",
"product_id": "CSAFPID-1637816",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2302:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "tecnomatix_plant_simulation_v2302",
"product": {
"name": "tecnomatix_plant_simulation_v2302",
"product_id": "CSAFPID-1465025",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2302:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "tecnomatix_plant_simulation_v2404",
"product": {
"name": "tecnomatix_plant_simulation_v2404",
"product_id": "CSAFPID-1637817",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2404:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "tecnomatix_plant_simulation_v2404",
"product": {
"name": "tecnomatix_plant_simulation_v2404",
"product_id": "CSAFPID-1476361",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2404:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "tia_administrator",
"product": {
"name": "tia_administrator",
"product_id": "CSAFPID-766096",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:tia_administrator:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "tia_portal",
"product": {
"name": "tia_portal",
"product_id": "CSAFPID-1637472",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:tia_portal:v16:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "tia_portal__v17_update_8",
"product": {
"name": "tia_portal__v17_update_8",
"product_id": "CSAFPID-1637474",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:tia_portal__v17_update_8:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "tia_portal_umc__v2.13.1",
"product": {
"name": "tia_portal_umc__v2.13.1",
"product_id": "CSAFPID-1637473",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:tia_portal_umc__v2.13.1:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "tim_1531_irc",
"product": {
"name": "tim_1531_irc",
"product_id": "CSAFPID-1476101",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:tim_1531_irc:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "tim_1531_irc__6gk7543-1mx00-0xe0_",
"product": {
"name": "tim_1531_irc__6gk7543-1mx00-0xe0_",
"product_id": "CSAFPID-1637815",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:tim_1531_irc__6gk7543-1mx00-0xe0_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "totally_integrated_automation_portal__tia_portal__v16",
"product": {
"name": "totally_integrated_automation_portal__tia_portal__v16",
"product_id": "CSAFPID-1615256",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:totally_integrated_automation_portal__tia_portal__v16:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "totally_integrated_automation_portal__tia_portal__v16",
"product": {
"name": "totally_integrated_automation_portal__tia_portal__v16",
"product_id": "CSAFPID-1458015",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:totally_integrated_automation_portal__tia_portal__v16:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "totally_integrated_automation_portal__tia_portal__v17",
"product": {
"name": "totally_integrated_automation_portal__tia_portal__v17",
"product_id": "CSAFPID-1615257",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:totally_integrated_automation_portal__tia_portal__v17:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "totally_integrated_automation_portal__tia_portal__v17",
"product": {
"name": "totally_integrated_automation_portal__tia_portal__v17",
"product_id": "CSAFPID-1458016",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:totally_integrated_automation_portal__tia_portal__v17:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "totally_integrated_automation_portal__tia_portal__v18",
"product": {
"name": "totally_integrated_automation_portal__tia_portal__v18",
"product_id": "CSAFPID-1615258",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:totally_integrated_automation_portal__tia_portal__v18:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "totally_integrated_automation_portal__tia_portal__v18",
"product": {
"name": "totally_integrated_automation_portal__tia_portal__v18",
"product_id": "CSAFPID-1458017",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:totally_integrated_automation_portal__tia_portal__v18:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "totally_integrated_automation_portal__tia_portal__v19",
"product": {
"name": "totally_integrated_automation_portal__tia_portal__v19",
"product_id": "CSAFPID-1637618",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:totally_integrated_automation_portal__tia_portal__v19:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "totally_integrated_automation_portal__tia_portal__v19",
"product": {
"name": "totally_integrated_automation_portal__tia_portal__v19",
"product_id": "CSAFPID-1470073",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:totally_integrated_automation_portal__tia_portal__v19:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sicam",
"product": {
"name": "sicam",
"product_id": "CSAFPID-1637469",
"product_identification_helper": {
"cpe": "cpe:2.3:h:siemens:sicam:8_software_solution:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sicam",
"product": {
"name": "sicam",
"product_id": "CSAFPID-1637470",
"product_identification_helper": {
"cpe": "cpe:2.3:h:siemens:sicam:a8000_device:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sicam",
"product": {
"name": "sicam",
"product_id": "CSAFPID-1637468",
"product_identification_helper": {
"cpe": "cpe:2.3:h:siemens:sicam:egs_device:*:*:*:*:*:*:*"
}
}
}
],
"category": "vendor",
"name": "siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2006-5051",
"references": [
{
"category": "self",
"summary": "CVE-2006-5051",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2006/CVE-2006-5051.json"
}
],
"title": "CVE-2006-5051"
},
{
"cve": "CVE-2023-28827",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "other",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1637479",
"CSAFPID-1476332",
"CSAFPID-1476333",
"CSAFPID-1476082",
"CSAFPID-1476083",
"CSAFPID-1476334",
"CSAFPID-1476086",
"CSAFPID-1637557",
"CSAFPID-1497078",
"CSAFPID-1457904",
"CSAFPID-1637558",
"CSAFPID-1476100",
"CSAFPID-1476101",
"CSAFPID-1637811",
"CSAFPID-1637649",
"CSAFPID-1637650",
"CSAFPID-1637651",
"CSAFPID-1637812",
"CSAFPID-1637652",
"CSAFPID-1637813",
"CSAFPID-1637619",
"CSAFPID-744729",
"CSAFPID-766087",
"CSAFPID-1637814",
"CSAFPID-1637815"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-28827",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-28827.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1637479",
"CSAFPID-1476332",
"CSAFPID-1476333",
"CSAFPID-1476082",
"CSAFPID-1476083",
"CSAFPID-1476334",
"CSAFPID-1476086",
"CSAFPID-1637557",
"CSAFPID-1497078",
"CSAFPID-1457904",
"CSAFPID-1637558",
"CSAFPID-1476100",
"CSAFPID-1476101",
"CSAFPID-1637811",
"CSAFPID-1637649",
"CSAFPID-1637650",
"CSAFPID-1637651",
"CSAFPID-1637812",
"CSAFPID-1637652",
"CSAFPID-1637813",
"CSAFPID-1637619",
"CSAFPID-744729",
"CSAFPID-766087",
"CSAFPID-1637814",
"CSAFPID-1637815"
]
}
],
"title": "CVE-2023-28827"
},
{
"cve": "CVE-2023-30755",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "other",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1637479",
"CSAFPID-1476332",
"CSAFPID-1476333",
"CSAFPID-1476082",
"CSAFPID-1476083",
"CSAFPID-1476334",
"CSAFPID-1476086",
"CSAFPID-1637557",
"CSAFPID-1497078",
"CSAFPID-1457904",
"CSAFPID-1637558",
"CSAFPID-1476100",
"CSAFPID-1476101",
"CSAFPID-1637811",
"CSAFPID-1637649",
"CSAFPID-1637650",
"CSAFPID-1637651",
"CSAFPID-1637812",
"CSAFPID-1637652",
"CSAFPID-1637813",
"CSAFPID-1637619",
"CSAFPID-744729",
"CSAFPID-766087",
"CSAFPID-1637814",
"CSAFPID-1637815"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-30755",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-30755.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1637479",
"CSAFPID-1476332",
"CSAFPID-1476333",
"CSAFPID-1476082",
"CSAFPID-1476083",
"CSAFPID-1476334",
"CSAFPID-1476086",
"CSAFPID-1637557",
"CSAFPID-1497078",
"CSAFPID-1457904",
"CSAFPID-1637558",
"CSAFPID-1476100",
"CSAFPID-1476101",
"CSAFPID-1637811",
"CSAFPID-1637649",
"CSAFPID-1637650",
"CSAFPID-1637651",
"CSAFPID-1637812",
"CSAFPID-1637652",
"CSAFPID-1637813",
"CSAFPID-1637619",
"CSAFPID-744729",
"CSAFPID-766087",
"CSAFPID-1637814",
"CSAFPID-1637815"
]
}
],
"title": "CVE-2023-30755"
},
{
"cve": "CVE-2023-30756",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "other",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1637479",
"CSAFPID-1476332",
"CSAFPID-1476333",
"CSAFPID-1476082",
"CSAFPID-1476083",
"CSAFPID-1476334",
"CSAFPID-1476086",
"CSAFPID-1637557",
"CSAFPID-1497078",
"CSAFPID-1457904",
"CSAFPID-1637558",
"CSAFPID-1476100",
"CSAFPID-1476101",
"CSAFPID-1637811",
"CSAFPID-1637649",
"CSAFPID-1637650",
"CSAFPID-1637651",
"CSAFPID-1637812",
"CSAFPID-1637652",
"CSAFPID-1637813",
"CSAFPID-1637619",
"CSAFPID-744729",
"CSAFPID-766087",
"CSAFPID-1637814",
"CSAFPID-1637815"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-30756",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-30756.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1637479",
"CSAFPID-1476332",
"CSAFPID-1476333",
"CSAFPID-1476082",
"CSAFPID-1476083",
"CSAFPID-1476334",
"CSAFPID-1476086",
"CSAFPID-1637557",
"CSAFPID-1497078",
"CSAFPID-1457904",
"CSAFPID-1637558",
"CSAFPID-1476100",
"CSAFPID-1476101",
"CSAFPID-1637811",
"CSAFPID-1637649",
"CSAFPID-1637650",
"CSAFPID-1637651",
"CSAFPID-1637812",
"CSAFPID-1637652",
"CSAFPID-1637813",
"CSAFPID-1637619",
"CSAFPID-744729",
"CSAFPID-766087",
"CSAFPID-1637814",
"CSAFPID-1637815"
]
}
],
"title": "CVE-2023-30756"
},
{
"cve": "CVE-2023-46850",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
}
],
"product_status": {
"known_affected": [
"CSAFPID-894438"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-46850",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-46850.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-894438"
]
}
],
"title": "CVE-2023-46850"
},
{
"cve": "CVE-2023-49069",
"cwe": {
"id": "CWE-204",
"name": "Observable Response Discrepancy"
},
"notes": [
{
"category": "other",
"text": "Observable Response Discrepancy",
"title": "CWE-204"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1637565",
"CSAFPID-1637566",
"CSAFPID-1637567",
"CSAFPID-1637568",
"CSAFPID-1637569",
"CSAFPID-1637622",
"CSAFPID-1637623",
"CSAFPID-1637624",
"CSAFPID-1637625",
"CSAFPID-1637626"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-49069",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-49069.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1637565",
"CSAFPID-1637566",
"CSAFPID-1637567",
"CSAFPID-1637568",
"CSAFPID-1637569",
"CSAFPID-1637622",
"CSAFPID-1637623",
"CSAFPID-1637624",
"CSAFPID-1637625",
"CSAFPID-1637626"
]
}
],
"title": "CVE-2023-49069"
},
{
"cve": "CVE-2024-2004",
"cwe": {
"id": "CWE-319",
"name": "Cleartext Transmission of Sensitive Information"
},
"notes": [
{
"category": "other",
"text": "Cleartext Transmission of Sensitive Information",
"title": "CWE-319"
},
{
"category": "other",
"text": "Misinterpretation of Input",
"title": "CWE-115"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1615260",
"CSAFPID-1615261",
"CSAFPID-1615262",
"CSAFPID-1615263",
"CSAFPID-1615264",
"CSAFPID-894438"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-2004",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-2004.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1615260",
"CSAFPID-1615261",
"CSAFPID-1615262",
"CSAFPID-1615263",
"CSAFPID-1615264",
"CSAFPID-894438"
]
}
],
"title": "CVE-2024-2004"
},
{
"cve": "CVE-2024-2379",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Certificate Validation",
"title": "CWE-295"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1615260",
"CSAFPID-1615261",
"CSAFPID-1615262",
"CSAFPID-1615263",
"CSAFPID-1615264",
"CSAFPID-894438"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-2379",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-2379.json"
}
],
"title": "CVE-2024-2379"
},
{
"cve": "CVE-2024-2398",
"cwe": {
"id": "CWE-772",
"name": "Missing Release of Resource after Effective Lifetime"
},
"notes": [
{
"category": "other",
"text": "Missing Release of Resource after Effective Lifetime",
"title": "CWE-772"
},
{
"category": "other",
"text": "Missing Release of Memory after Effective Lifetime",
"title": "CWE-401"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1615260",
"CSAFPID-1615261",
"CSAFPID-1615262",
"CSAFPID-1615263",
"CSAFPID-1615264",
"CSAFPID-894438"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-2398",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-2398.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1615260",
"CSAFPID-1615261",
"CSAFPID-1615262",
"CSAFPID-1615263",
"CSAFPID-1615264",
"CSAFPID-894438"
]
}
],
"title": "CVE-2024-2398"
},
{
"cve": "CVE-2024-2466",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Certificate Validation",
"title": "CWE-295"
},
{
"category": "other",
"text": "Improper Validation of Certificate with Host Mismatch",
"title": "CWE-297"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1615260",
"CSAFPID-1615261",
"CSAFPID-1615262",
"CSAFPID-1615263",
"CSAFPID-1615264",
"CSAFPID-894438"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-2466",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-2466.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1615260",
"CSAFPID-1615261",
"CSAFPID-1615262",
"CSAFPID-1615263",
"CSAFPID-1615264",
"CSAFPID-894438"
]
}
],
"title": "CVE-2024-2466"
},
{
"cve": "CVE-2024-6387",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "other",
"text": "Signal Handler Race Condition",
"title": "CWE-364"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1637818",
"CSAFPID-218852",
"CSAFPID-455030"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-6387",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6387.json"
}
],
"title": "CVE-2024-6387"
},
{
"cve": "CVE-2024-32006",
"cwe": {
"id": "CWE-613",
"name": "Insufficient Session Expiration"
},
"notes": [
{
"category": "other",
"text": "Insufficient Session Expiration",
"title": "CWE-613"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1494867",
"CSAFPID-894438"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-32006",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-32006.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1494867",
"CSAFPID-894438"
]
}
],
"title": "CVE-2024-32006"
},
{
"cve": "CVE-2024-33698",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1637472",
"CSAFPID-1637473",
"CSAFPID-1637474",
"CSAFPID-1637570",
"CSAFPID-1637571",
"CSAFPID-1496915",
"CSAFPID-1637572",
"CSAFPID-1637573",
"CSAFPID-1458012",
"CSAFPID-1458015",
"CSAFPID-1458016",
"CSAFPID-1458017",
"CSAFPID-1470073",
"CSAFPID-1637613",
"CSAFPID-1637614",
"CSAFPID-1637615",
"CSAFPID-1637616",
"CSAFPID-1637617",
"CSAFPID-309392",
"CSAFPID-1615256",
"CSAFPID-1615257",
"CSAFPID-1615258",
"CSAFPID-1637618"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-33698",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-33698.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1637472",
"CSAFPID-1637473",
"CSAFPID-1637474",
"CSAFPID-1637570",
"CSAFPID-1637571",
"CSAFPID-1496915",
"CSAFPID-1637572",
"CSAFPID-1637573",
"CSAFPID-1458012",
"CSAFPID-1458015",
"CSAFPID-1458016",
"CSAFPID-1458017",
"CSAFPID-1470073",
"CSAFPID-1637613",
"CSAFPID-1637614",
"CSAFPID-1637615",
"CSAFPID-1637616",
"CSAFPID-1637617",
"CSAFPID-309392",
"CSAFPID-1615256",
"CSAFPID-1615257",
"CSAFPID-1615258",
"CSAFPID-1637618"
]
}
],
"title": "CVE-2024-33698"
},
{
"cve": "CVE-2024-34057",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"notes": [
{
"category": "other",
"text": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"title": "CWE-120"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1637468",
"CSAFPID-1637469",
"CSAFPID-1637470",
"CSAFPID-1637471",
"CSAFPID-1637840",
"CSAFPID-1637841",
"CSAFPID-1637842"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-34057",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-34057.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1637468",
"CSAFPID-1637469",
"CSAFPID-1637470",
"CSAFPID-1637471",
"CSAFPID-1637840",
"CSAFPID-1637841",
"CSAFPID-1637842"
]
}
],
"title": "CVE-2024-34057"
},
{
"cve": "CVE-2024-35783",
"cwe": {
"id": "CWE-250",
"name": "Execution with Unnecessary Privileges"
},
"notes": [
{
"category": "other",
"text": "Execution with Unnecessary Privileges",
"title": "CWE-250"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1470063",
"CSAFPID-1637574",
"CSAFPID-1637570",
"CSAFPID-1457909",
"CSAFPID-1637575",
"CSAFPID-1637576",
"CSAFPID-1457962",
"CSAFPID-1457963",
"CSAFPID-1457965",
"CSAFPID-1457966",
"CSAFPID-1457967",
"CSAFPID-1625340",
"CSAFPID-1637837",
"CSAFPID-1637613",
"CSAFPID-1501190",
"CSAFPID-1637838",
"CSAFPID-1637839",
"CSAFPID-1501188",
"CSAFPID-1501192",
"CSAFPID-1501193",
"CSAFPID-1501191",
"CSAFPID-1501189"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-35783",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-35783.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1470063",
"CSAFPID-1637574",
"CSAFPID-1637570",
"CSAFPID-1457909",
"CSAFPID-1637575",
"CSAFPID-1637576",
"CSAFPID-1457962",
"CSAFPID-1457963",
"CSAFPID-1457965",
"CSAFPID-1457966",
"CSAFPID-1457967",
"CSAFPID-1625340",
"CSAFPID-1637837",
"CSAFPID-1637613",
"CSAFPID-1501190",
"CSAFPID-1637838",
"CSAFPID-1637839",
"CSAFPID-1501188",
"CSAFPID-1501192",
"CSAFPID-1501193",
"CSAFPID-1501191",
"CSAFPID-1501189"
]
}
],
"title": "CVE-2024-35783"
},
{
"cve": "CVE-2024-37990",
"cwe": {
"id": "CWE-912",
"name": "Hidden Functionality"
},
"notes": [
{
"category": "other",
"text": "Hidden Functionality",
"title": "CWE-912"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1637577",
"CSAFPID-1637578",
"CSAFPID-1637579",
"CSAFPID-1637580",
"CSAFPID-1637581",
"CSAFPID-1637582",
"CSAFPID-1637583",
"CSAFPID-1637584",
"CSAFPID-1637585",
"CSAFPID-1637586",
"CSAFPID-1637587",
"CSAFPID-1637588",
"CSAFPID-1637589",
"CSAFPID-1637590",
"CSAFPID-1637591",
"CSAFPID-1637592",
"CSAFPID-1637593",
"CSAFPID-1637594",
"CSAFPID-1637595",
"CSAFPID-1637596",
"CSAFPID-1637597",
"CSAFPID-1637598",
"CSAFPID-1637599",
"CSAFPID-1637600",
"CSAFPID-1637601",
"CSAFPID-1637602",
"CSAFPID-1637603",
"CSAFPID-1637857",
"CSAFPID-1637858",
"CSAFPID-1637859",
"CSAFPID-1637860",
"CSAFPID-1637861",
"CSAFPID-1637862",
"CSAFPID-1637863",
"CSAFPID-1637864",
"CSAFPID-1637865",
"CSAFPID-1637866",
"CSAFPID-1637867",
"CSAFPID-1637868",
"CSAFPID-1637869",
"CSAFPID-1637870",
"CSAFPID-1637871",
"CSAFPID-1637872",
"CSAFPID-1637873",
"CSAFPID-1637874",
"CSAFPID-1637875",
"CSAFPID-1637876",
"CSAFPID-1637877",
"CSAFPID-1637878",
"CSAFPID-1637879",
"CSAFPID-1637880",
"CSAFPID-1637881",
"CSAFPID-1637882",
"CSAFPID-1637883"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-37990",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37990.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1637577",
"CSAFPID-1637578",
"CSAFPID-1637579",
"CSAFPID-1637580",
"CSAFPID-1637581",
"CSAFPID-1637582",
"CSAFPID-1637583",
"CSAFPID-1637584",
"CSAFPID-1637585",
"CSAFPID-1637586",
"CSAFPID-1637587",
"CSAFPID-1637588",
"CSAFPID-1637589",
"CSAFPID-1637590",
"CSAFPID-1637591",
"CSAFPID-1637592",
"CSAFPID-1637593",
"CSAFPID-1637594",
"CSAFPID-1637595",
"CSAFPID-1637596",
"CSAFPID-1637597",
"CSAFPID-1637598",
"CSAFPID-1637599",
"CSAFPID-1637600",
"CSAFPID-1637601",
"CSAFPID-1637602",
"CSAFPID-1637603",
"CSAFPID-1637857",
"CSAFPID-1637858",
"CSAFPID-1637859",
"CSAFPID-1637860",
"CSAFPID-1637861",
"CSAFPID-1637862",
"CSAFPID-1637863",
"CSAFPID-1637864",
"CSAFPID-1637865",
"CSAFPID-1637866",
"CSAFPID-1637867",
"CSAFPID-1637868",
"CSAFPID-1637869",
"CSAFPID-1637870",
"CSAFPID-1637871",
"CSAFPID-1637872",
"CSAFPID-1637873",
"CSAFPID-1637874",
"CSAFPID-1637875",
"CSAFPID-1637876",
"CSAFPID-1637877",
"CSAFPID-1637878",
"CSAFPID-1637879",
"CSAFPID-1637880",
"CSAFPID-1637881",
"CSAFPID-1637882",
"CSAFPID-1637883"
]
}
],
"title": "CVE-2024-37990"
},
{
"cve": "CVE-2024-37992",
"cwe": {
"id": "CWE-703",
"name": "Improper Check or Handling of Exceptional Conditions"
},
"notes": [
{
"category": "other",
"text": "Improper Check or Handling of Exceptional Conditions",
"title": "CWE-703"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1637577",
"CSAFPID-1637578",
"CSAFPID-1637579",
"CSAFPID-1637580",
"CSAFPID-1637581",
"CSAFPID-1637582",
"CSAFPID-1637583",
"CSAFPID-1637584",
"CSAFPID-1637585",
"CSAFPID-1637586",
"CSAFPID-1637587",
"CSAFPID-1637588",
"CSAFPID-1637589",
"CSAFPID-1637590",
"CSAFPID-1637591",
"CSAFPID-1637592",
"CSAFPID-1637593",
"CSAFPID-1637594",
"CSAFPID-1637595",
"CSAFPID-1637596",
"CSAFPID-1637597",
"CSAFPID-1637598",
"CSAFPID-1637599",
"CSAFPID-1637600",
"CSAFPID-1637601",
"CSAFPID-1637602",
"CSAFPID-1637603",
"CSAFPID-1637857",
"CSAFPID-1637858",
"CSAFPID-1637859",
"CSAFPID-1637860",
"CSAFPID-1637861",
"CSAFPID-1637862",
"CSAFPID-1637863",
"CSAFPID-1637864",
"CSAFPID-1637865",
"CSAFPID-1637866",
"CSAFPID-1637867",
"CSAFPID-1637868",
"CSAFPID-1637869",
"CSAFPID-1637870",
"CSAFPID-1637871",
"CSAFPID-1637872",
"CSAFPID-1637873",
"CSAFPID-1637874",
"CSAFPID-1637875",
"CSAFPID-1637876",
"CSAFPID-1637877",
"CSAFPID-1637878",
"CSAFPID-1637879",
"CSAFPID-1637880",
"CSAFPID-1637881",
"CSAFPID-1637882",
"CSAFPID-1637883"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-37992",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37992.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1637577",
"CSAFPID-1637578",
"CSAFPID-1637579",
"CSAFPID-1637580",
"CSAFPID-1637581",
"CSAFPID-1637582",
"CSAFPID-1637583",
"CSAFPID-1637584",
"CSAFPID-1637585",
"CSAFPID-1637586",
"CSAFPID-1637587",
"CSAFPID-1637588",
"CSAFPID-1637589",
"CSAFPID-1637590",
"CSAFPID-1637591",
"CSAFPID-1637592",
"CSAFPID-1637593",
"CSAFPID-1637594",
"CSAFPID-1637595",
"CSAFPID-1637596",
"CSAFPID-1637597",
"CSAFPID-1637598",
"CSAFPID-1637599",
"CSAFPID-1637600",
"CSAFPID-1637601",
"CSAFPID-1637602",
"CSAFPID-1637603",
"CSAFPID-1637857",
"CSAFPID-1637858",
"CSAFPID-1637859",
"CSAFPID-1637860",
"CSAFPID-1637861",
"CSAFPID-1637862",
"CSAFPID-1637863",
"CSAFPID-1637864",
"CSAFPID-1637865",
"CSAFPID-1637866",
"CSAFPID-1637867",
"CSAFPID-1637868",
"CSAFPID-1637869",
"CSAFPID-1637870",
"CSAFPID-1637871",
"CSAFPID-1637872",
"CSAFPID-1637873",
"CSAFPID-1637874",
"CSAFPID-1637875",
"CSAFPID-1637876",
"CSAFPID-1637877",
"CSAFPID-1637878",
"CSAFPID-1637879",
"CSAFPID-1637880",
"CSAFPID-1637881",
"CSAFPID-1637882",
"CSAFPID-1637883"
]
}
],
"title": "CVE-2024-37992"
},
{
"cve": "CVE-2024-37993",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1637577",
"CSAFPID-1637578",
"CSAFPID-1637579",
"CSAFPID-1637580",
"CSAFPID-1637581",
"CSAFPID-1637582",
"CSAFPID-1637583",
"CSAFPID-1637584",
"CSAFPID-1637585",
"CSAFPID-1637586",
"CSAFPID-1637587",
"CSAFPID-1637588",
"CSAFPID-1637589",
"CSAFPID-1637590",
"CSAFPID-1637591",
"CSAFPID-1637592",
"CSAFPID-1637593",
"CSAFPID-1637594",
"CSAFPID-1637595",
"CSAFPID-1637596",
"CSAFPID-1637597",
"CSAFPID-1637598",
"CSAFPID-1637599",
"CSAFPID-1637600",
"CSAFPID-1637601",
"CSAFPID-1637602",
"CSAFPID-1637603",
"CSAFPID-1637857",
"CSAFPID-1637858",
"CSAFPID-1637859",
"CSAFPID-1637860",
"CSAFPID-1637861",
"CSAFPID-1637862",
"CSAFPID-1637863",
"CSAFPID-1637864",
"CSAFPID-1637865",
"CSAFPID-1637866",
"CSAFPID-1637867",
"CSAFPID-1637868",
"CSAFPID-1637869",
"CSAFPID-1637870",
"CSAFPID-1637871",
"CSAFPID-1637872",
"CSAFPID-1637873",
"CSAFPID-1637874",
"CSAFPID-1637875",
"CSAFPID-1637876",
"CSAFPID-1637877",
"CSAFPID-1637878",
"CSAFPID-1637879",
"CSAFPID-1637880",
"CSAFPID-1637881",
"CSAFPID-1637882",
"CSAFPID-1637883"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-37993",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37993.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1637577",
"CSAFPID-1637578",
"CSAFPID-1637579",
"CSAFPID-1637580",
"CSAFPID-1637581",
"CSAFPID-1637582",
"CSAFPID-1637583",
"CSAFPID-1637584",
"CSAFPID-1637585",
"CSAFPID-1637586",
"CSAFPID-1637587",
"CSAFPID-1637588",
"CSAFPID-1637589",
"CSAFPID-1637590",
"CSAFPID-1637591",
"CSAFPID-1637592",
"CSAFPID-1637593",
"CSAFPID-1637594",
"CSAFPID-1637595",
"CSAFPID-1637596",
"CSAFPID-1637597",
"CSAFPID-1637598",
"CSAFPID-1637599",
"CSAFPID-1637600",
"CSAFPID-1637601",
"CSAFPID-1637602",
"CSAFPID-1637603",
"CSAFPID-1637857",
"CSAFPID-1637858",
"CSAFPID-1637859",
"CSAFPID-1637860",
"CSAFPID-1637861",
"CSAFPID-1637862",
"CSAFPID-1637863",
"CSAFPID-1637864",
"CSAFPID-1637865",
"CSAFPID-1637866",
"CSAFPID-1637867",
"CSAFPID-1637868",
"CSAFPID-1637869",
"CSAFPID-1637870",
"CSAFPID-1637871",
"CSAFPID-1637872",
"CSAFPID-1637873",
"CSAFPID-1637874",
"CSAFPID-1637875",
"CSAFPID-1637876",
"CSAFPID-1637877",
"CSAFPID-1637878",
"CSAFPID-1637879",
"CSAFPID-1637880",
"CSAFPID-1637881",
"CSAFPID-1637882",
"CSAFPID-1637883"
]
}
],
"title": "CVE-2024-37993"
},
{
"cve": "CVE-2024-37994",
"cwe": {
"id": "CWE-912",
"name": "Hidden Functionality"
},
"notes": [
{
"category": "other",
"text": "Hidden Functionality",
"title": "CWE-912"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1637577",
"CSAFPID-1637578",
"CSAFPID-1637579",
"CSAFPID-1637580",
"CSAFPID-1637581",
"CSAFPID-1637582",
"CSAFPID-1637583",
"CSAFPID-1637584",
"CSAFPID-1637585",
"CSAFPID-1637586",
"CSAFPID-1637587",
"CSAFPID-1637588",
"CSAFPID-1637589",
"CSAFPID-1637590",
"CSAFPID-1637591",
"CSAFPID-1637592",
"CSAFPID-1637593",
"CSAFPID-1637594",
"CSAFPID-1637595",
"CSAFPID-1637596",
"CSAFPID-1637597",
"CSAFPID-1637598",
"CSAFPID-1637599",
"CSAFPID-1637600",
"CSAFPID-1637601",
"CSAFPID-1637602",
"CSAFPID-1637603",
"CSAFPID-1637857",
"CSAFPID-1637858",
"CSAFPID-1637859",
"CSAFPID-1637860",
"CSAFPID-1637861",
"CSAFPID-1637862",
"CSAFPID-1637863",
"CSAFPID-1637864",
"CSAFPID-1637865",
"CSAFPID-1637866",
"CSAFPID-1637867",
"CSAFPID-1637868",
"CSAFPID-1637869",
"CSAFPID-1637870",
"CSAFPID-1637871",
"CSAFPID-1637872",
"CSAFPID-1637873",
"CSAFPID-1637874",
"CSAFPID-1637875",
"CSAFPID-1637876",
"CSAFPID-1637877",
"CSAFPID-1637878",
"CSAFPID-1637879",
"CSAFPID-1637880",
"CSAFPID-1637881",
"CSAFPID-1637882",
"CSAFPID-1637883"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-37994",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37994.json"
}
],
"title": "CVE-2024-37994"
},
{
"cve": "CVE-2024-37995",
"cwe": {
"id": "CWE-703",
"name": "Improper Check or Handling of Exceptional Conditions"
},
"notes": [
{
"category": "other",
"text": "Improper Check or Handling of Exceptional Conditions",
"title": "CWE-703"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1637577",
"CSAFPID-1637578",
"CSAFPID-1637579",
"CSAFPID-1637580",
"CSAFPID-1637581",
"CSAFPID-1637582",
"CSAFPID-1637583",
"CSAFPID-1637584",
"CSAFPID-1637585",
"CSAFPID-1637586",
"CSAFPID-1637587",
"CSAFPID-1637588",
"CSAFPID-1637589",
"CSAFPID-1637590",
"CSAFPID-1637591",
"CSAFPID-1637592",
"CSAFPID-1637593",
"CSAFPID-1637594",
"CSAFPID-1637595",
"CSAFPID-1637596",
"CSAFPID-1637597",
"CSAFPID-1637598",
"CSAFPID-1637599",
"CSAFPID-1637600",
"CSAFPID-1637601",
"CSAFPID-1637602",
"CSAFPID-1637603",
"CSAFPID-1637857",
"CSAFPID-1637858",
"CSAFPID-1637859",
"CSAFPID-1637860",
"CSAFPID-1637861",
"CSAFPID-1637862",
"CSAFPID-1637863",
"CSAFPID-1637864",
"CSAFPID-1637865",
"CSAFPID-1637866",
"CSAFPID-1637867",
"CSAFPID-1637868",
"CSAFPID-1637869",
"CSAFPID-1637870",
"CSAFPID-1637871",
"CSAFPID-1637872",
"CSAFPID-1637873",
"CSAFPID-1637874",
"CSAFPID-1637875",
"CSAFPID-1637876",
"CSAFPID-1637877",
"CSAFPID-1637878",
"CSAFPID-1637879",
"CSAFPID-1637880",
"CSAFPID-1637881",
"CSAFPID-1637882",
"CSAFPID-1637883"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-37995",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37995.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1637577",
"CSAFPID-1637578",
"CSAFPID-1637579",
"CSAFPID-1637580",
"CSAFPID-1637581",
"CSAFPID-1637582",
"CSAFPID-1637583",
"CSAFPID-1637584",
"CSAFPID-1637585",
"CSAFPID-1637586",
"CSAFPID-1637587",
"CSAFPID-1637588",
"CSAFPID-1637589",
"CSAFPID-1637590",
"CSAFPID-1637591",
"CSAFPID-1637592",
"CSAFPID-1637593",
"CSAFPID-1637594",
"CSAFPID-1637595",
"CSAFPID-1637596",
"CSAFPID-1637597",
"CSAFPID-1637598",
"CSAFPID-1637599",
"CSAFPID-1637600",
"CSAFPID-1637601",
"CSAFPID-1637602",
"CSAFPID-1637603",
"CSAFPID-1637857",
"CSAFPID-1637858",
"CSAFPID-1637859",
"CSAFPID-1637860",
"CSAFPID-1637861",
"CSAFPID-1637862",
"CSAFPID-1637863",
"CSAFPID-1637864",
"CSAFPID-1637865",
"CSAFPID-1637866",
"CSAFPID-1637867",
"CSAFPID-1637868",
"CSAFPID-1637869",
"CSAFPID-1637870",
"CSAFPID-1637871",
"CSAFPID-1637872",
"CSAFPID-1637873",
"CSAFPID-1637874",
"CSAFPID-1637875",
"CSAFPID-1637876",
"CSAFPID-1637877",
"CSAFPID-1637878",
"CSAFPID-1637879",
"CSAFPID-1637880",
"CSAFPID-1637881",
"CSAFPID-1637882",
"CSAFPID-1637883"
]
}
],
"title": "CVE-2024-37995"
},
{
"cve": "CVE-2024-38355",
"cwe": {
"id": "CWE-754",
"name": "Improper Check for Unusual or Exceptional Conditions"
},
"notes": [
{
"category": "other",
"text": "Improper Check for Unusual or Exceptional Conditions",
"title": "CWE-754"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
}
],
"product_status": {
"known_affected": [
"CSAFPID-855579",
"CSAFPID-1637480",
"CSAFPID-1637481",
"CSAFPID-165973",
"CSAFPID-186768",
"CSAFPID-1637482",
"CSAFPID-1637483",
"CSAFPID-1637884",
"CSAFPID-1637885",
"CSAFPID-1637886",
"CSAFPID-1637616",
"CSAFPID-1637617",
"CSAFPID-1637887",
"CSAFPID-1501188",
"CSAFPID-1501192",
"CSAFPID-1637888",
"CSAFPID-1501193",
"CSAFPID-1501191",
"CSAFPID-1501189",
"CSAFPID-766096"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38355",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38355.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-855579",
"CSAFPID-1637480",
"CSAFPID-1637481",
"CSAFPID-165973",
"CSAFPID-186768",
"CSAFPID-1637482",
"CSAFPID-1637483",
"CSAFPID-1637884",
"CSAFPID-1637885",
"CSAFPID-1637886",
"CSAFPID-1637616",
"CSAFPID-1637617",
"CSAFPID-1637887",
"CSAFPID-1501188",
"CSAFPID-1501192",
"CSAFPID-1637888",
"CSAFPID-1501193",
"CSAFPID-1501191",
"CSAFPID-1501189",
"CSAFPID-766096"
]
}
],
"title": "CVE-2024-38355"
},
{
"cve": "CVE-2024-41170",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1465025",
"CSAFPID-1476361",
"CSAFPID-1637816",
"CSAFPID-1637817"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-41170",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41170.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1465025",
"CSAFPID-1476361",
"CSAFPID-1637816",
"CSAFPID-1637817"
]
}
],
"title": "CVE-2024-41170"
},
{
"cve": "CVE-2024-41171",
"cwe": {
"id": "CWE-732",
"name": "Incorrect Permission Assignment for Critical Resource"
},
"notes": [
{
"category": "other",
"text": "Incorrect Permission Assignment for Critical Resource",
"title": "CWE-732"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1637606",
"CSAFPID-1637607",
"CSAFPID-1637608",
"CSAFPID-1457969",
"CSAFPID-1637627",
"CSAFPID-1637762",
"CSAFPID-1637628",
"CSAFPID-455030"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-41171",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41171.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1637606",
"CSAFPID-1637607",
"CSAFPID-1637608",
"CSAFPID-1457969",
"CSAFPID-1637627",
"CSAFPID-1637762",
"CSAFPID-1637628",
"CSAFPID-455030"
]
}
],
"title": "CVE-2024-41171"
},
{
"cve": "CVE-2024-42344",
"cwe": {
"id": "CWE-532",
"name": "Insertion of Sensitive Information into Log File"
},
"notes": [
{
"category": "other",
"text": "Insertion of Sensitive Information into Log File",
"title": "CWE-532"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1494867",
"CSAFPID-894438"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-42344",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-42344.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1494867",
"CSAFPID-894438"
]
}
],
"title": "CVE-2024-42344"
},
{
"cve": "CVE-2024-42345",
"cwe": {
"id": "CWE-384",
"name": "Session Fixation"
},
"notes": [
{
"category": "other",
"text": "Session Fixation",
"title": "CWE-384"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1496914",
"CSAFPID-218852"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-42345",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-42345.json"
}
],
"title": "CVE-2024-42345"
},
{
"cve": "CVE-2024-43781",
"cwe": {
"id": "CWE-532",
"name": "Insertion of Sensitive Information into Log File"
},
"notes": [
{
"category": "other",
"text": "Insertion of Sensitive Information into Log File",
"title": "CWE-532"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1637606",
"CSAFPID-1637608",
"CSAFPID-1457969",
"CSAFPID-1637627",
"CSAFPID-1637628",
"CSAFPID-455030"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-43781",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-43781.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1637606",
"CSAFPID-1637608",
"CSAFPID-1457969",
"CSAFPID-1637627",
"CSAFPID-1637628",
"CSAFPID-455030"
]
}
],
"title": "CVE-2024-43781"
},
{
"cve": "CVE-2024-44087",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "other",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1553852",
"CSAFPID-1637609",
"CSAFPID-1637610",
"CSAFPID-1637629",
"CSAFPID-1637630",
"CSAFPID-1637631"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-44087",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-44087.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1553852",
"CSAFPID-1637609",
"CSAFPID-1637610",
"CSAFPID-1637629",
"CSAFPID-1637630",
"CSAFPID-1637631"
]
}
],
"title": "CVE-2024-44087"
},
{
"cve": "CVE-2024-45032",
"cwe": {
"id": "CWE-639",
"name": "Authorization Bypass Through User-Controlled Key"
},
"notes": [
{
"category": "other",
"text": "Authorization Bypass Through User-Controlled Key",
"title": "CWE-639"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1637611",
"CSAFPID-1637612",
"CSAFPID-1637809",
"CSAFPID-1637810"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-45032",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45032.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1637611",
"CSAFPID-1637612",
"CSAFPID-1637809",
"CSAFPID-1637810"
]
}
],
"title": "CVE-2024-45032"
}
]
}
NCSC-2024-0362
Vulnerability from csaf_ncscnl
Published
2024-09-10 18:20
Modified
2024-09-10 18:20
Summary
Kwetsbaarheden verholpen in Siemens producten
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Siemens heeft kwetsbaarheden verholpen in diverse producten als Mendix, SICAM, SIMATIC, SINEMA, SINUMERIK en Tecnomatix.
Interpretaties
De kwetsbaarheden stellen een kwaadwillende mogelijk in staat aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:
- Denial-of-Service (DoS)
- Manipulatie van gegevens
- Omzeilen van een beveiligingsmaatregel
- Omzeilen van authenticatie
- (Remote) code execution (Administrator/Root rechten)
- (Remote) code execution (Gebruikersrechten)
- Toegang tot systeemgegevens
- Verhoogde gebruikersrechten
De kwaadwillende heeft hiervoor toegang nodig tot de productieomgeving. Het is goed gebruik een dergelijke omgeving niet publiek toegankelijk te hebben.
Oplossingen
Siemens heeft beveiligingsupdates uitgebracht om de kwetsbaarheden te verhelpen. Voor de kwetsbaarheden waar nog geen updates voor zijn, heeft Siemens mitigerende maatregelen gepubliceerd om de risico's zoveel als mogelijk te beperken. Zie de bijgevoegde referenties voor meer informatie.
Kans
medium
Schade
high
CWE-115
Misinterpretation of Input
CWE-912
Hidden Functionality
CWE-364
Signal Handler Race Condition
CWE-772
Missing Release of Resource after Effective Lifetime
CWE-732
Incorrect Permission Assignment for Critical Resource
CWE-297
Improper Validation of Certificate with Host Mismatch
CWE-754
Improper Check for Unusual or Exceptional Conditions
CWE-703
Improper Check or Handling of Exceptional Conditions
CWE-319
Cleartext Transmission of Sensitive Information
CWE-613
Insufficient Session Expiration
CWE-190
Integer Overflow or Wraparound
CWE-532
Insertion of Sensitive Information into Log File
CWE-204
Observable Response Discrepancy
CWE-639
Authorization Bypass Through User-Controlled Key
CWE-250
Execution with Unnecessary Privileges
CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE-404
Improper Resource Shutdown or Release
CWE-284
Improper Access Control
CWE-416
Use After Free
CWE-401
Missing Release of Memory after Effective Lifetime
CWE-476
NULL Pointer Dereference
CWE-295
Improper Certificate Validation
CWE-384
Session Fixation
CWE-122
Heap-based Buffer Overflow
CWE-121
Stack-based Buffer Overflow
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-20
Improper Input Validation
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Siemens heeft kwetsbaarheden verholpen in diverse producten als Mendix, SICAM, SIMATIC, SINEMA, SINUMERIK en Tecnomatix.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden stellen een kwaadwillende mogelijk in staat aanvallen uit te voeren die kunnen leiden tot de volgende categorie\u00ebn schade:\n\n- Denial-of-Service (DoS)\n- Manipulatie van gegevens\n- Omzeilen van een beveiligingsmaatregel\n- Omzeilen van authenticatie\n- (Remote) code execution (Administrator/Root rechten)\n- (Remote) code execution (Gebruikersrechten)\n- Toegang tot systeemgegevens\n- Verhoogde gebruikersrechten\n\nDe kwaadwillende heeft hiervoor toegang nodig tot de productieomgeving. Het is goed gebruik een dergelijke omgeving niet publiek toegankelijk te hebben.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Siemens heeft beveiligingsupdates uitgebracht om de kwetsbaarheden te verhelpen. Voor de kwetsbaarheden waar nog geen updates voor zijn, heeft Siemens mitigerende maatregelen gepubliceerd om de risico\u0027s zoveel als mogelijk te beperken. Zie de bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Misinterpretation of Input",
"title": "CWE-115"
},
{
"category": "general",
"text": "Hidden Functionality",
"title": "CWE-912"
},
{
"category": "general",
"text": "Signal Handler Race Condition",
"title": "CWE-364"
},
{
"category": "general",
"text": "Missing Release of Resource after Effective Lifetime",
"title": "CWE-772"
},
{
"category": "general",
"text": "Incorrect Permission Assignment for Critical Resource",
"title": "CWE-732"
},
{
"category": "general",
"text": "Improper Validation of Certificate with Host Mismatch",
"title": "CWE-297"
},
{
"category": "general",
"text": "Improper Check for Unusual or Exceptional Conditions",
"title": "CWE-754"
},
{
"category": "general",
"text": "Improper Check or Handling of Exceptional Conditions",
"title": "CWE-703"
},
{
"category": "general",
"text": "Cleartext Transmission of Sensitive Information",
"title": "CWE-319"
},
{
"category": "general",
"text": "Insufficient Session Expiration",
"title": "CWE-613"
},
{
"category": "general",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
},
{
"category": "general",
"text": "Insertion of Sensitive Information into Log File",
"title": "CWE-532"
},
{
"category": "general",
"text": "Observable Response Discrepancy",
"title": "CWE-204"
},
{
"category": "general",
"text": "Authorization Bypass Through User-Controlled Key",
"title": "CWE-639"
},
{
"category": "general",
"text": "Execution with Unnecessary Privileges",
"title": "CWE-250"
},
{
"category": "general",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "general",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "general",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "general",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "general",
"text": "Missing Release of Memory after Effective Lifetime",
"title": "CWE-401"
},
{
"category": "general",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
},
{
"category": "general",
"text": "Improper Certificate Validation",
"title": "CWE-295"
},
{
"category": "general",
"text": "Session Fixation",
"title": "CWE-384"
},
{
"category": "general",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "general",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
},
{
"category": "general",
"text": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"title": "CWE-120"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-039007.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-097435.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-097786.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-103653.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-342438.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-359713.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-417159.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-423808.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-427715.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-446545.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-629254.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-673996.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-765405.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-773256.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-869574.pdf"
}
],
"title": "Kwetsbaarheden verholpen in Siemens producten",
"tracking": {
"current_release_date": "2024-09-10T18:20:41.668720Z",
"id": "NCSC-2024-0362",
"initial_release_date": "2024-09-10T18:20:41.668720Z",
"revision_history": [
{
"date": "2024-09-10T18:20:41.668720Z",
"number": "0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "ai_model_deployer",
"product": {
"name": "ai_model_deployer",
"product_id": "CSAFPID-1637884",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:ai_model_deployer:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "automation_license_manager_v5",
"product": {
"name": "automation_license_manager_v5",
"product_id": "CSAFPID-1637629",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:automation_license_manager_v5:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "automation_license_manager_v5",
"product": {
"name": "automation_license_manager_v5",
"product_id": "CSAFPID-1553852",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:automation_license_manager_v5:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "automation_license_manager_v6.0",
"product": {
"name": "automation_license_manager_v6.0",
"product_id": "CSAFPID-1637630",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:automation_license_manager_v6.0:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "automation_license_manager_v6.0",
"product": {
"name": "automation_license_manager_v6.0",
"product_id": "CSAFPID-1637609",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:automation_license_manager_v6.0:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "automation_license_manager_v6.2",
"product": {
"name": "automation_license_manager_v6.2",
"product_id": "CSAFPID-1637631",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:automation_license_manager_v6.2:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "automation_license_manager_v6.2",
"product": {
"name": "automation_license_manager_v6.2",
"product_id": "CSAFPID-1637610",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:automation_license_manager_v6.2:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "data_flow_monitoring_industrial_edge_device_user_interface__dfm_ied_ui_",
"product": {
"name": "data_flow_monitoring_industrial_edge_device_user_interface__dfm_ied_ui_",
"product_id": "CSAFPID-1637885",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:data_flow_monitoring_industrial_edge_device_user_interface__dfm_ied_ui_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "eti5_ethernet_int._1x100tx_iec61850",
"product": {
"name": "eti5_ethernet_int._1x100tx_iec61850",
"product_id": "CSAFPID-1637840",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:eti5_ethernet_int._1x100tx_iec61850:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "industrial_edge_management_os__iem-os_",
"product": {
"name": "industrial_edge_management_os__iem-os_",
"product_id": "CSAFPID-1637818",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:industrial_edge_management_os__iem-os_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "industrial_edge_management_pro",
"product": {
"name": "industrial_edge_management_pro",
"product_id": "CSAFPID-1637809",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:industrial_edge_management_pro:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "industrial_edge_management_pro",
"product": {
"name": "industrial_edge_management_pro",
"product_id": "CSAFPID-1637611",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:industrial_edge_management_pro:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "industrial_edge_management_virtual",
"product": {
"name": "industrial_edge_management_virtual",
"product_id": "CSAFPID-1637810",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:industrial_edge_management_virtual:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "industrial_edge_management_virtual",
"product": {
"name": "industrial_edge_management_virtual",
"product_id": "CSAFPID-1637612",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:industrial_edge_management_virtual:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "livetwin_industrial_edge_app__6av2170-0bl00-0aa0_",
"product": {
"name": "livetwin_industrial_edge_app__6av2170-0bl00-0aa0_",
"product_id": "CSAFPID-1637886",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:livetwin_industrial_edge_app__6av2170-0bl00-0aa0_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "mendix_runtime_v10.12",
"product": {
"name": "mendix_runtime_v10.12",
"product_id": "CSAFPID-1637623",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:mendix_runtime_v10.12:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "mendix_runtime_v10.12",
"product": {
"name": "mendix_runtime_v10.12",
"product_id": "CSAFPID-1637566",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:mendix_runtime_v10.12:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "mendix_runtime_v10.6",
"product": {
"name": "mendix_runtime_v10.6",
"product_id": "CSAFPID-1637624",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:mendix_runtime_v10.6:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "mendix_runtime_v10.6",
"product": {
"name": "mendix_runtime_v10.6",
"product_id": "CSAFPID-1637567",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:mendix_runtime_v10.6:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "mendix_runtime_v10",
"product": {
"name": "mendix_runtime_v10",
"product_id": "CSAFPID-1637622",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:mendix_runtime_v10:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "mendix_runtime_v10",
"product": {
"name": "mendix_runtime_v10",
"product_id": "CSAFPID-1637565",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:mendix_runtime_v10:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "mendix_runtime_v8",
"product": {
"name": "mendix_runtime_v8",
"product_id": "CSAFPID-1637625",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:mendix_runtime_v8:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "mendix_runtime_v8",
"product": {
"name": "mendix_runtime_v8",
"product_id": "CSAFPID-1637568",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:mendix_runtime_v8:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "mendix_runtime_v9",
"product": {
"name": "mendix_runtime_v9",
"product_id": "CSAFPID-1637626",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:mendix_runtime_v9:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "mendix_runtime_v9",
"product": {
"name": "mendix_runtime_v9",
"product_id": "CSAFPID-1637569",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:mendix_runtime_v9:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sicam_scc",
"product": {
"name": "sicam_scc",
"product_id": "CSAFPID-1637841",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:sicam_scc:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sicam_scc__10.0",
"product": {
"name": "sicam_scc__10.0",
"product_id": "CSAFPID-1637471",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:sicam_scc__10.0:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_batch_v9.1",
"product": {
"name": "simatic_batch_v9.1",
"product_id": "CSAFPID-1625340",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_batch_v9.1:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_batch_v9.1",
"product": {
"name": "simatic_batch_v9.1",
"product_id": "CSAFPID-1470063",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_batch_v9.1:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_cp_1242-7_v2__incl._siplus_variants_",
"product": {
"name": "simatic_cp_1242-7_v2__incl._siplus_variants_",
"product_id": "CSAFPID-1637811",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_cp_1242-7_v2__incl._siplus_variants_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_cp_1242-7_v2__incl._siplus_variants_",
"product": {
"name": "simatic_cp_1242-7_v2__incl._siplus_variants_",
"product_id": "CSAFPID-1476332",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_cp_1242-7_v2__incl._siplus_variants_:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_cp_1243-1__incl._siplus_variants_",
"product": {
"name": "simatic_cp_1243-1__incl._siplus_variants_",
"product_id": "CSAFPID-1637649",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_cp_1243-1__incl._siplus_variants_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_cp_1243-1__incl._siplus_variants_",
"product": {
"name": "simatic_cp_1243-1__incl._siplus_variants_",
"product_id": "CSAFPID-1476333",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_cp_1243-1__incl._siplus_variants_:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_cp_1243-1_dnp3__incl._siplus_variants_",
"product": {
"name": "simatic_cp_1243-1_dnp3__incl._siplus_variants_",
"product_id": "CSAFPID-1637650",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_cp_1243-1_dnp3__incl._siplus_variants_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_cp_1243-1_dnp3__incl._siplus_variants_",
"product": {
"name": "simatic_cp_1243-1_dnp3__incl._siplus_variants_",
"product_id": "CSAFPID-1476082",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_cp_1243-1_dnp3__incl._siplus_variants_:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_cp_1243-1_iec__incl._siplus_variants_",
"product": {
"name": "simatic_cp_1243-1_iec__incl._siplus_variants_",
"product_id": "CSAFPID-1637651",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_cp_1243-1_iec__incl._siplus_variants_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_cp_1243-1_iec__incl._siplus_variants_",
"product": {
"name": "simatic_cp_1243-1_iec__incl._siplus_variants_",
"product_id": "CSAFPID-1476083",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_cp_1243-1_iec__incl._siplus_variants_:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_cp_1243-7_lte",
"product": {
"name": "simatic_cp_1243-7_lte",
"product_id": "CSAFPID-1637812",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_cp_1243-7_lte:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_cp_1243-7_lte",
"product": {
"name": "simatic_cp_1243-7_lte",
"product_id": "CSAFPID-1476334",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_cp_1243-7_lte:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_cp_1243-8_irc",
"product": {
"name": "simatic_cp_1243-8_irc",
"product_id": "CSAFPID-1476086",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_cp_1243-8_irc:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_cp_1243-8_irc__6gk7243-8rx30-0xe0_",
"product": {
"name": "simatic_cp_1243-8_irc__6gk7243-8rx30-0xe0_",
"product_id": "CSAFPID-1637652",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_cp_1243-8_irc__6gk7243-8rx30-0xe0_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_hmi_comfort_panels__incl._siplus_variants_",
"product": {
"name": "simatic_hmi_comfort_panels__incl._siplus_variants_",
"product_id": "CSAFPID-1637813",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_hmi_comfort_panels__incl._siplus_variants_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_hmi_comfort_panels__incl._siplus_variants_",
"product": {
"name": "simatic_hmi_comfort_panels__incl._siplus_variants_",
"product_id": "CSAFPID-1637557",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_hmi_comfort_panels__incl._siplus_variants_:all_versions:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_information_server_2020",
"product": {
"name": "simatic_information_server_2020",
"product_id": "CSAFPID-1637837",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_information_server_2020:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_information_server_2020",
"product": {
"name": "simatic_information_server_2020",
"product_id": "CSAFPID-1637574",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_information_server_2020:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_information_server_2022",
"product": {
"name": "simatic_information_server_2022",
"product_id": "CSAFPID-1637613",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_information_server_2022:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_information_server_2022",
"product": {
"name": "simatic_information_server_2022",
"product_id": "CSAFPID-1637570",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_information_server_2022:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_information_server_2024",
"product": {
"name": "simatic_information_server_2024",
"product_id": "CSAFPID-1637614",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_information_server_2024:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_information_server_2024",
"product": {
"name": "simatic_information_server_2024",
"product_id": "CSAFPID-1637571",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_information_server_2024:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_ipc_diagbase",
"product": {
"name": "simatic_ipc_diagbase",
"product_id": "CSAFPID-1637619",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_ipc_diagbase:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_ipc_diagbase",
"product": {
"name": "simatic_ipc_diagbase",
"product_id": "CSAFPID-1497078",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_ipc_diagbase:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_ipc_diagmonitor",
"product": {
"name": "simatic_ipc_diagmonitor",
"product_id": "CSAFPID-744729",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_ipc_diagmonitor:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_ipc_diagmonitor",
"product": {
"name": "simatic_ipc_diagmonitor",
"product_id": "CSAFPID-1457904",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_ipc_diagmonitor:all_versions:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_pcs_7_v9.1",
"product": {
"name": "simatic_pcs_7_v9.1",
"product_id": "CSAFPID-1501190",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_pcs_7_v9.1:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_pcs_7_v9.1",
"product": {
"name": "simatic_pcs_7_v9.1",
"product_id": "CSAFPID-1457909",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_pcs_7_v9.1:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_pcs_neo_v4.0",
"product": {
"name": "simatic_pcs_neo_v4.0",
"product_id": "CSAFPID-1637615",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_pcs_neo_v4.0:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_pcs_neo_v4.0",
"product": {
"name": "simatic_pcs_neo_v4.0",
"product_id": "CSAFPID-1496915",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_pcs_neo_v4.0:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_pcs_neo_v4.1",
"product": {
"name": "simatic_pcs_neo_v4.1",
"product_id": "CSAFPID-1637616",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_pcs_neo_v4.1:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_pcs_neo_v4.1",
"product": {
"name": "simatic_pcs_neo_v4.1",
"product_id": "CSAFPID-1637572",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_pcs_neo_v4.1:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_pcs_neo_v5.0",
"product": {
"name": "simatic_pcs_neo_v5.0",
"product_id": "CSAFPID-1637617",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_pcs_neo_v5.0:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_pcs_neo_v5.0",
"product": {
"name": "simatic_pcs_neo_v5.0",
"product_id": "CSAFPID-1637573",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_pcs_neo_v5.0:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_process_historian_2020",
"product": {
"name": "simatic_process_historian_2020",
"product_id": "CSAFPID-1637838",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_process_historian_2020:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_process_historian_2020",
"product": {
"name": "simatic_process_historian_2020",
"product_id": "CSAFPID-1637575",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_process_historian_2020:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_process_historian_2022",
"product": {
"name": "simatic_process_historian_2022",
"product_id": "CSAFPID-1637839",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_process_historian_2022:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_process_historian_2022",
"product": {
"name": "simatic_process_historian_2022",
"product_id": "CSAFPID-1637576",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_process_historian_2022:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf610r_cmiit",
"product": {
"name": "simatic_reader_rf610r_cmiit",
"product_id": "CSAFPID-1637577",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf610r_cmiit:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf610r_cmiit__6gt2811-6bc10-2aa0_",
"product": {
"name": "simatic_reader_rf610r_cmiit__6gt2811-6bc10-2aa0_",
"product_id": "CSAFPID-1637857",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf610r_cmiit__6gt2811-6bc10-2aa0_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf610r_etsi",
"product": {
"name": "simatic_reader_rf610r_etsi",
"product_id": "CSAFPID-1637578",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf610r_etsi:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf610r_etsi__6gt2811-6bc10-0aa0_",
"product": {
"name": "simatic_reader_rf610r_etsi__6gt2811-6bc10-0aa0_",
"product_id": "CSAFPID-1637858",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf610r_etsi__6gt2811-6bc10-0aa0_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf610r_fcc",
"product": {
"name": "simatic_reader_rf610r_fcc",
"product_id": "CSAFPID-1637579",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf610r_fcc:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf610r_fcc__6gt2811-6bc10-1aa0_",
"product": {
"name": "simatic_reader_rf610r_fcc__6gt2811-6bc10-1aa0_",
"product_id": "CSAFPID-1637859",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf610r_fcc__6gt2811-6bc10-1aa0_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf615r_cmiit",
"product": {
"name": "simatic_reader_rf615r_cmiit",
"product_id": "CSAFPID-1637580",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf615r_cmiit:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf615r_cmiit__6gt2811-6cc10-2aa0_",
"product": {
"name": "simatic_reader_rf615r_cmiit__6gt2811-6cc10-2aa0_",
"product_id": "CSAFPID-1637860",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf615r_cmiit__6gt2811-6cc10-2aa0_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf615r_etsi",
"product": {
"name": "simatic_reader_rf615r_etsi",
"product_id": "CSAFPID-1637581",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf615r_etsi:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf615r_etsi__6gt2811-6cc10-0aa0_",
"product": {
"name": "simatic_reader_rf615r_etsi__6gt2811-6cc10-0aa0_",
"product_id": "CSAFPID-1637861",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf615r_etsi__6gt2811-6cc10-0aa0_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf615r_fcc",
"product": {
"name": "simatic_reader_rf615r_fcc",
"product_id": "CSAFPID-1637582",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf615r_fcc:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf615r_fcc__6gt2811-6cc10-1aa0_",
"product": {
"name": "simatic_reader_rf615r_fcc__6gt2811-6cc10-1aa0_",
"product_id": "CSAFPID-1637862",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf615r_fcc__6gt2811-6cc10-1aa0_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf650r_arib",
"product": {
"name": "simatic_reader_rf650r_arib",
"product_id": "CSAFPID-1637583",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf650r_arib:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf650r_arib__6gt2811-6ab20-4aa0_",
"product": {
"name": "simatic_reader_rf650r_arib__6gt2811-6ab20-4aa0_",
"product_id": "CSAFPID-1637863",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf650r_arib__6gt2811-6ab20-4aa0_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf650r_cmiit",
"product": {
"name": "simatic_reader_rf650r_cmiit",
"product_id": "CSAFPID-1637584",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf650r_cmiit:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf650r_cmiit__6gt2811-6ab20-2aa0_",
"product": {
"name": "simatic_reader_rf650r_cmiit__6gt2811-6ab20-2aa0_",
"product_id": "CSAFPID-1637864",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf650r_cmiit__6gt2811-6ab20-2aa0_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf650r_etsi",
"product": {
"name": "simatic_reader_rf650r_etsi",
"product_id": "CSAFPID-1637585",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf650r_etsi:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf650r_etsi__6gt2811-6ab20-0aa0_",
"product": {
"name": "simatic_reader_rf650r_etsi__6gt2811-6ab20-0aa0_",
"product_id": "CSAFPID-1637865",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf650r_etsi__6gt2811-6ab20-0aa0_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf650r_fcc",
"product": {
"name": "simatic_reader_rf650r_fcc",
"product_id": "CSAFPID-1637586",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf650r_fcc:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf650r_fcc__6gt2811-6ab20-1aa0_",
"product": {
"name": "simatic_reader_rf650r_fcc__6gt2811-6ab20-1aa0_",
"product_id": "CSAFPID-1637866",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf650r_fcc__6gt2811-6ab20-1aa0_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf680r_arib",
"product": {
"name": "simatic_reader_rf680r_arib",
"product_id": "CSAFPID-1637587",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf680r_arib:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf680r_arib__6gt2811-6aa10-4aa0_",
"product": {
"name": "simatic_reader_rf680r_arib__6gt2811-6aa10-4aa0_",
"product_id": "CSAFPID-1637867",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf680r_arib__6gt2811-6aa10-4aa0_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf680r_cmiit",
"product": {
"name": "simatic_reader_rf680r_cmiit",
"product_id": "CSAFPID-1637588",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf680r_cmiit:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf680r_cmiit__6gt2811-6aa10-2aa0_",
"product": {
"name": "simatic_reader_rf680r_cmiit__6gt2811-6aa10-2aa0_",
"product_id": "CSAFPID-1637868",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf680r_cmiit__6gt2811-6aa10-2aa0_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf680r_etsi",
"product": {
"name": "simatic_reader_rf680r_etsi",
"product_id": "CSAFPID-1637589",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf680r_etsi:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf680r_etsi__6gt2811-6aa10-0aa0_",
"product": {
"name": "simatic_reader_rf680r_etsi__6gt2811-6aa10-0aa0_",
"product_id": "CSAFPID-1637869",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf680r_etsi__6gt2811-6aa10-0aa0_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf680r_fcc",
"product": {
"name": "simatic_reader_rf680r_fcc",
"product_id": "CSAFPID-1637590",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf680r_fcc:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf680r_fcc__6gt2811-6aa10-1aa0_",
"product": {
"name": "simatic_reader_rf680r_fcc__6gt2811-6aa10-1aa0_",
"product_id": "CSAFPID-1637870",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf680r_fcc__6gt2811-6aa10-1aa0_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf685r_arib",
"product": {
"name": "simatic_reader_rf685r_arib",
"product_id": "CSAFPID-1637591",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf685r_arib:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf685r_arib__6gt2811-6ca10-4aa0_",
"product": {
"name": "simatic_reader_rf685r_arib__6gt2811-6ca10-4aa0_",
"product_id": "CSAFPID-1637871",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf685r_arib__6gt2811-6ca10-4aa0_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf685r_cmiit",
"product": {
"name": "simatic_reader_rf685r_cmiit",
"product_id": "CSAFPID-1637592",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf685r_cmiit:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf685r_cmiit__6gt2811-6ca10-2aa0_",
"product": {
"name": "simatic_reader_rf685r_cmiit__6gt2811-6ca10-2aa0_",
"product_id": "CSAFPID-1637872",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf685r_cmiit__6gt2811-6ca10-2aa0_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf685r_etsi",
"product": {
"name": "simatic_reader_rf685r_etsi",
"product_id": "CSAFPID-1637593",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf685r_etsi:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf685r_etsi__6gt2811-6ca10-0aa0_",
"product": {
"name": "simatic_reader_rf685r_etsi__6gt2811-6ca10-0aa0_",
"product_id": "CSAFPID-1637873",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf685r_etsi__6gt2811-6ca10-0aa0_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf685r_fcc",
"product": {
"name": "simatic_reader_rf685r_fcc",
"product_id": "CSAFPID-1637594",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf685r_fcc:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf685r_fcc__6gt2811-6ca10-1aa0_",
"product": {
"name": "simatic_reader_rf685r_fcc__6gt2811-6ca10-1aa0_",
"product_id": "CSAFPID-1637874",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf685r_fcc__6gt2811-6ca10-1aa0_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_rf1140r",
"product": {
"name": "simatic_rf1140r",
"product_id": "CSAFPID-1637595",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_rf1140r:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_rf1140r__6gt2831-6cb00_",
"product": {
"name": "simatic_rf1140r__6gt2831-6cb00_",
"product_id": "CSAFPID-1637875",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_rf1140r__6gt2831-6cb00_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_rf1170r",
"product": {
"name": "simatic_rf1170r",
"product_id": "CSAFPID-1637596",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_rf1170r:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_rf1170r__6gt2831-6bb00_",
"product": {
"name": "simatic_rf1170r__6gt2831-6bb00_",
"product_id": "CSAFPID-1637876",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_rf1170r__6gt2831-6bb00_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_rf166c",
"product": {
"name": "simatic_rf166c",
"product_id": "CSAFPID-1637597",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_rf166c:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_rf166c__6gt2002-0ee20_",
"product": {
"name": "simatic_rf166c__6gt2002-0ee20_",
"product_id": "CSAFPID-1637877",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_rf166c__6gt2002-0ee20_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_rf185c",
"product": {
"name": "simatic_rf185c",
"product_id": "CSAFPID-1637598",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_rf185c:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_rf185c__6gt2002-0je10_",
"product": {
"name": "simatic_rf185c__6gt2002-0je10_",
"product_id": "CSAFPID-1637878",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_rf185c__6gt2002-0je10_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_rf186c",
"product": {
"name": "simatic_rf186c",
"product_id": "CSAFPID-1637599",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_rf186c:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_rf186c__6gt2002-0je20_",
"product": {
"name": "simatic_rf186c__6gt2002-0je20_",
"product_id": "CSAFPID-1637879",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_rf186c__6gt2002-0je20_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_rf186ci",
"product": {
"name": "simatic_rf186ci",
"product_id": "CSAFPID-1637600",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_rf186ci:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_rf186ci__6gt2002-0je50_",
"product": {
"name": "simatic_rf186ci__6gt2002-0je50_",
"product_id": "CSAFPID-1637880",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_rf186ci__6gt2002-0je50_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_rf188c",
"product": {
"name": "simatic_rf188c",
"product_id": "CSAFPID-1637601",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_rf188c:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_rf188c__6gt2002-0je40_",
"product": {
"name": "simatic_rf188c__6gt2002-0je40_",
"product_id": "CSAFPID-1637881",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_rf188c__6gt2002-0je40_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_rf188ci",
"product": {
"name": "simatic_rf188ci",
"product_id": "CSAFPID-1637602",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_rf188ci:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_rf188ci__6gt2002-0je60_",
"product": {
"name": "simatic_rf188ci__6gt2002-0je60_",
"product_id": "CSAFPID-1637882",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_rf188ci__6gt2002-0je60_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_rf360r",
"product": {
"name": "simatic_rf360r",
"product_id": "CSAFPID-1637603",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_rf360r:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_rf360r__6gt2801-5ba30_",
"product": {
"name": "simatic_rf360r__6gt2801-5ba30_",
"product_id": "CSAFPID-1637883",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_rf360r__6gt2801-5ba30_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ab0_",
"product": {
"name": "simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ab0_",
"product_id": "CSAFPID-1615260",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ab0_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ac0_",
"product": {
"name": "simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ac0_",
"product_id": "CSAFPID-1615261",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ac0_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ab0_",
"product": {
"name": "simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ab0_",
"product_id": "CSAFPID-1615262",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ab0_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ac0_",
"product": {
"name": "simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ac0_",
"product_id": "CSAFPID-1615263",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ac0_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_wincc",
"product": {
"name": "simatic_wincc",
"product_id": "CSAFPID-165973",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_wincc:7.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_wincc",
"product": {
"name": "simatic_wincc",
"product_id": "CSAFPID-186768",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_wincc:7.5:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_wincc",
"product": {
"name": "simatic_wincc",
"product_id": "CSAFPID-855579",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_wincc:8.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_wincc",
"product": {
"name": "simatic_wincc",
"product_id": "CSAFPID-1637479",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_wincc:runtime_advanced:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_wincc",
"product": {
"name": "simatic_wincc",
"product_id": "CSAFPID-1637482",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_wincc:runtime_professional_v17:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_wincc",
"product": {
"name": "simatic_wincc",
"product_id": "CSAFPID-1637483",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_wincc:runtime_professional_v18:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_wincc",
"product": {
"name": "simatic_wincc",
"product_id": "CSAFPID-1637480",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_wincc:runtime_professional_v19:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_wincc",
"product": {
"name": "simatic_wincc",
"product_id": "CSAFPID-1637481",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_wincc:runtime_professional_v20:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_wincc_runtime_advanced",
"product": {
"name": "simatic_wincc_runtime_advanced",
"product_id": "CSAFPID-766087",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_wincc_runtime_advanced:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_wincc_runtime_advanced",
"product": {
"name": "simatic_wincc_runtime_advanced",
"product_id": "CSAFPID-1637558",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_wincc_runtime_advanced:all_versions:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_wincc_runtime_professional_v17",
"product": {
"name": "simatic_wincc_runtime_professional_v17",
"product_id": "CSAFPID-1637887",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_wincc_runtime_professional_v17:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_wincc_runtime_professional_v18",
"product": {
"name": "simatic_wincc_runtime_professional_v18",
"product_id": "CSAFPID-1501188",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_wincc_runtime_professional_v18:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_wincc_runtime_professional_v18",
"product": {
"name": "simatic_wincc_runtime_professional_v18",
"product_id": "CSAFPID-1457962",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_wincc_runtime_professional_v18:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_wincc_runtime_professional_v19",
"product": {
"name": "simatic_wincc_runtime_professional_v19",
"product_id": "CSAFPID-1501192",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_wincc_runtime_professional_v19:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_wincc_runtime_professional_v19",
"product": {
"name": "simatic_wincc_runtime_professional_v19",
"product_id": "CSAFPID-1457963",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_wincc_runtime_professional_v19:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_wincc_runtime_professional_v20",
"product": {
"name": "simatic_wincc_runtime_professional_v20",
"product_id": "CSAFPID-1637888",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_wincc_runtime_professional_v20:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_wincc_v7.4",
"product": {
"name": "simatic_wincc_v7.4",
"product_id": "CSAFPID-1501193",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_wincc_v7.4:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_wincc_v7.4",
"product": {
"name": "simatic_wincc_v7.4",
"product_id": "CSAFPID-1457965",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_wincc_v7.4:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_wincc_v7.5",
"product": {
"name": "simatic_wincc_v7.5",
"product_id": "CSAFPID-1501191",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_wincc_v7.5:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_wincc_v7.5",
"product": {
"name": "simatic_wincc_v7.5",
"product_id": "CSAFPID-1457966",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_wincc_v7.5:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_wincc_v8.0",
"product": {
"name": "simatic_wincc_v8.0",
"product_id": "CSAFPID-1501189",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_wincc_v8.0:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_wincc_v8.0",
"product": {
"name": "simatic_wincc_v8.0",
"product_id": "CSAFPID-1457967",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_wincc_v8.0:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sinec_nms",
"product": {
"name": "sinec_nms",
"product_id": "CSAFPID-309392",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:sinec_nms:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sinec_nms",
"product": {
"name": "sinec_nms",
"product_id": "CSAFPID-1458012",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:sinec_nms:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sinema_remote_connect_client",
"product": {
"name": "sinema_remote_connect_client",
"product_id": "CSAFPID-894438",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:sinema_remote_connect_client:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sinema_remote_connect_client",
"product": {
"name": "sinema_remote_connect_client",
"product_id": "CSAFPID-1494867",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:sinema_remote_connect_client:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sinema_remote_connect_server",
"product": {
"name": "sinema_remote_connect_server",
"product_id": "CSAFPID-218852",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:sinema_remote_connect_server:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sinema_remote_connect_server",
"product": {
"name": "sinema_remote_connect_server",
"product_id": "CSAFPID-1496914",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:sinema_remote_connect_server:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sinumerik_828d_v4",
"product": {
"name": "sinumerik_828d_v4",
"product_id": "CSAFPID-1637627",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:sinumerik_828d_v4:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sinumerik_828d_v4",
"product": {
"name": "sinumerik_828d_v4",
"product_id": "CSAFPID-1637606",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:sinumerik_828d_v4:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sinumerik_828d_v5",
"product": {
"name": "sinumerik_828d_v5",
"product_id": "CSAFPID-1637762",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:sinumerik_828d_v5:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sinumerik_828d_v5",
"product": {
"name": "sinumerik_828d_v5",
"product_id": "CSAFPID-1637607",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:sinumerik_828d_v5:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sinumerik_840d_sl_v4",
"product": {
"name": "sinumerik_840d_sl_v4",
"product_id": "CSAFPID-1637628",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:sinumerik_840d_sl_v4:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sinumerik_840d_sl_v4",
"product": {
"name": "sinumerik_840d_sl_v4",
"product_id": "CSAFPID-1637608",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:sinumerik_840d_sl_v4:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sinumerik_one",
"product": {
"name": "sinumerik_one",
"product_id": "CSAFPID-455030",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:sinumerik_one:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sinumerik_one",
"product": {
"name": "sinumerik_one",
"product_id": "CSAFPID-1457969",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:sinumerik_one:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "siplus_s7-1500_cpu_1518-4_pn_dp_mfp__6ag1518-4ax00-4ac0_",
"product": {
"name": "siplus_s7-1500_cpu_1518-4_pn_dp_mfp__6ag1518-4ax00-4ac0_",
"product_id": "CSAFPID-1615264",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:siplus_s7-1500_cpu_1518-4_pn_dp_mfp__6ag1518-4ax00-4ac0_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "siplus_tim_1531_irc",
"product": {
"name": "siplus_tim_1531_irc",
"product_id": "CSAFPID-1476100",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:siplus_tim_1531_irc:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "siplus_tim_1531_irc__6ag1543-1mx00-7xe0_",
"product": {
"name": "siplus_tim_1531_irc__6ag1543-1mx00-7xe0_",
"product_id": "CSAFPID-1637814",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:siplus_tim_1531_irc__6ag1543-1mx00-7xe0_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sitipe_at",
"product": {
"name": "sitipe_at",
"product_id": "CSAFPID-1637842",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:sitipe_at:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "tecnomatix_plant_simulation_v2302",
"product": {
"name": "tecnomatix_plant_simulation_v2302",
"product_id": "CSAFPID-1637816",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2302:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "tecnomatix_plant_simulation_v2302",
"product": {
"name": "tecnomatix_plant_simulation_v2302",
"product_id": "CSAFPID-1465025",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2302:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "tecnomatix_plant_simulation_v2404",
"product": {
"name": "tecnomatix_plant_simulation_v2404",
"product_id": "CSAFPID-1637817",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2404:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "tecnomatix_plant_simulation_v2404",
"product": {
"name": "tecnomatix_plant_simulation_v2404",
"product_id": "CSAFPID-1476361",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2404:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "tia_administrator",
"product": {
"name": "tia_administrator",
"product_id": "CSAFPID-766096",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:tia_administrator:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "tia_portal",
"product": {
"name": "tia_portal",
"product_id": "CSAFPID-1637472",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:tia_portal:v16:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "tia_portal__v17_update_8",
"product": {
"name": "tia_portal__v17_update_8",
"product_id": "CSAFPID-1637474",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:tia_portal__v17_update_8:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "tia_portal_umc__v2.13.1",
"product": {
"name": "tia_portal_umc__v2.13.1",
"product_id": "CSAFPID-1637473",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:tia_portal_umc__v2.13.1:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "tim_1531_irc",
"product": {
"name": "tim_1531_irc",
"product_id": "CSAFPID-1476101",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:tim_1531_irc:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "tim_1531_irc__6gk7543-1mx00-0xe0_",
"product": {
"name": "tim_1531_irc__6gk7543-1mx00-0xe0_",
"product_id": "CSAFPID-1637815",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:tim_1531_irc__6gk7543-1mx00-0xe0_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "totally_integrated_automation_portal__tia_portal__v16",
"product": {
"name": "totally_integrated_automation_portal__tia_portal__v16",
"product_id": "CSAFPID-1615256",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:totally_integrated_automation_portal__tia_portal__v16:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "totally_integrated_automation_portal__tia_portal__v16",
"product": {
"name": "totally_integrated_automation_portal__tia_portal__v16",
"product_id": "CSAFPID-1458015",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:totally_integrated_automation_portal__tia_portal__v16:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "totally_integrated_automation_portal__tia_portal__v17",
"product": {
"name": "totally_integrated_automation_portal__tia_portal__v17",
"product_id": "CSAFPID-1615257",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:totally_integrated_automation_portal__tia_portal__v17:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "totally_integrated_automation_portal__tia_portal__v17",
"product": {
"name": "totally_integrated_automation_portal__tia_portal__v17",
"product_id": "CSAFPID-1458016",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:totally_integrated_automation_portal__tia_portal__v17:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "totally_integrated_automation_portal__tia_portal__v18",
"product": {
"name": "totally_integrated_automation_portal__tia_portal__v18",
"product_id": "CSAFPID-1615258",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:totally_integrated_automation_portal__tia_portal__v18:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "totally_integrated_automation_portal__tia_portal__v18",
"product": {
"name": "totally_integrated_automation_portal__tia_portal__v18",
"product_id": "CSAFPID-1458017",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:totally_integrated_automation_portal__tia_portal__v18:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "totally_integrated_automation_portal__tia_portal__v19",
"product": {
"name": "totally_integrated_automation_portal__tia_portal__v19",
"product_id": "CSAFPID-1637618",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:totally_integrated_automation_portal__tia_portal__v19:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "totally_integrated_automation_portal__tia_portal__v19",
"product": {
"name": "totally_integrated_automation_portal__tia_portal__v19",
"product_id": "CSAFPID-1470073",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:totally_integrated_automation_portal__tia_portal__v19:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sicam",
"product": {
"name": "sicam",
"product_id": "CSAFPID-1637469",
"product_identification_helper": {
"cpe": "cpe:2.3:h:siemens:sicam:8_software_solution:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sicam",
"product": {
"name": "sicam",
"product_id": "CSAFPID-1637470",
"product_identification_helper": {
"cpe": "cpe:2.3:h:siemens:sicam:a8000_device:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sicam",
"product": {
"name": "sicam",
"product_id": "CSAFPID-1637468",
"product_identification_helper": {
"cpe": "cpe:2.3:h:siemens:sicam:egs_device:*:*:*:*:*:*:*"
}
}
}
],
"category": "vendor",
"name": "siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2006-5051",
"references": [
{
"category": "self",
"summary": "CVE-2006-5051",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2006/CVE-2006-5051.json"
}
],
"title": "CVE-2006-5051"
},
{
"cve": "CVE-2023-28827",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "other",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1637479",
"CSAFPID-1476332",
"CSAFPID-1476333",
"CSAFPID-1476082",
"CSAFPID-1476083",
"CSAFPID-1476334",
"CSAFPID-1476086",
"CSAFPID-1637557",
"CSAFPID-1497078",
"CSAFPID-1457904",
"CSAFPID-1637558",
"CSAFPID-1476100",
"CSAFPID-1476101",
"CSAFPID-1637811",
"CSAFPID-1637649",
"CSAFPID-1637650",
"CSAFPID-1637651",
"CSAFPID-1637812",
"CSAFPID-1637652",
"CSAFPID-1637813",
"CSAFPID-1637619",
"CSAFPID-744729",
"CSAFPID-766087",
"CSAFPID-1637814",
"CSAFPID-1637815"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-28827",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-28827.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1637479",
"CSAFPID-1476332",
"CSAFPID-1476333",
"CSAFPID-1476082",
"CSAFPID-1476083",
"CSAFPID-1476334",
"CSAFPID-1476086",
"CSAFPID-1637557",
"CSAFPID-1497078",
"CSAFPID-1457904",
"CSAFPID-1637558",
"CSAFPID-1476100",
"CSAFPID-1476101",
"CSAFPID-1637811",
"CSAFPID-1637649",
"CSAFPID-1637650",
"CSAFPID-1637651",
"CSAFPID-1637812",
"CSAFPID-1637652",
"CSAFPID-1637813",
"CSAFPID-1637619",
"CSAFPID-744729",
"CSAFPID-766087",
"CSAFPID-1637814",
"CSAFPID-1637815"
]
}
],
"title": "CVE-2023-28827"
},
{
"cve": "CVE-2023-30755",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "other",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1637479",
"CSAFPID-1476332",
"CSAFPID-1476333",
"CSAFPID-1476082",
"CSAFPID-1476083",
"CSAFPID-1476334",
"CSAFPID-1476086",
"CSAFPID-1637557",
"CSAFPID-1497078",
"CSAFPID-1457904",
"CSAFPID-1637558",
"CSAFPID-1476100",
"CSAFPID-1476101",
"CSAFPID-1637811",
"CSAFPID-1637649",
"CSAFPID-1637650",
"CSAFPID-1637651",
"CSAFPID-1637812",
"CSAFPID-1637652",
"CSAFPID-1637813",
"CSAFPID-1637619",
"CSAFPID-744729",
"CSAFPID-766087",
"CSAFPID-1637814",
"CSAFPID-1637815"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-30755",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-30755.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1637479",
"CSAFPID-1476332",
"CSAFPID-1476333",
"CSAFPID-1476082",
"CSAFPID-1476083",
"CSAFPID-1476334",
"CSAFPID-1476086",
"CSAFPID-1637557",
"CSAFPID-1497078",
"CSAFPID-1457904",
"CSAFPID-1637558",
"CSAFPID-1476100",
"CSAFPID-1476101",
"CSAFPID-1637811",
"CSAFPID-1637649",
"CSAFPID-1637650",
"CSAFPID-1637651",
"CSAFPID-1637812",
"CSAFPID-1637652",
"CSAFPID-1637813",
"CSAFPID-1637619",
"CSAFPID-744729",
"CSAFPID-766087",
"CSAFPID-1637814",
"CSAFPID-1637815"
]
}
],
"title": "CVE-2023-30755"
},
{
"cve": "CVE-2023-30756",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "other",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1637479",
"CSAFPID-1476332",
"CSAFPID-1476333",
"CSAFPID-1476082",
"CSAFPID-1476083",
"CSAFPID-1476334",
"CSAFPID-1476086",
"CSAFPID-1637557",
"CSAFPID-1497078",
"CSAFPID-1457904",
"CSAFPID-1637558",
"CSAFPID-1476100",
"CSAFPID-1476101",
"CSAFPID-1637811",
"CSAFPID-1637649",
"CSAFPID-1637650",
"CSAFPID-1637651",
"CSAFPID-1637812",
"CSAFPID-1637652",
"CSAFPID-1637813",
"CSAFPID-1637619",
"CSAFPID-744729",
"CSAFPID-766087",
"CSAFPID-1637814",
"CSAFPID-1637815"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-30756",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-30756.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1637479",
"CSAFPID-1476332",
"CSAFPID-1476333",
"CSAFPID-1476082",
"CSAFPID-1476083",
"CSAFPID-1476334",
"CSAFPID-1476086",
"CSAFPID-1637557",
"CSAFPID-1497078",
"CSAFPID-1457904",
"CSAFPID-1637558",
"CSAFPID-1476100",
"CSAFPID-1476101",
"CSAFPID-1637811",
"CSAFPID-1637649",
"CSAFPID-1637650",
"CSAFPID-1637651",
"CSAFPID-1637812",
"CSAFPID-1637652",
"CSAFPID-1637813",
"CSAFPID-1637619",
"CSAFPID-744729",
"CSAFPID-766087",
"CSAFPID-1637814",
"CSAFPID-1637815"
]
}
],
"title": "CVE-2023-30756"
},
{
"cve": "CVE-2023-46850",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
}
],
"product_status": {
"known_affected": [
"CSAFPID-894438"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-46850",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-46850.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-894438"
]
}
],
"title": "CVE-2023-46850"
},
{
"cve": "CVE-2023-49069",
"cwe": {
"id": "CWE-204",
"name": "Observable Response Discrepancy"
},
"notes": [
{
"category": "other",
"text": "Observable Response Discrepancy",
"title": "CWE-204"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1637565",
"CSAFPID-1637566",
"CSAFPID-1637567",
"CSAFPID-1637568",
"CSAFPID-1637569",
"CSAFPID-1637622",
"CSAFPID-1637623",
"CSAFPID-1637624",
"CSAFPID-1637625",
"CSAFPID-1637626"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-49069",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-49069.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1637565",
"CSAFPID-1637566",
"CSAFPID-1637567",
"CSAFPID-1637568",
"CSAFPID-1637569",
"CSAFPID-1637622",
"CSAFPID-1637623",
"CSAFPID-1637624",
"CSAFPID-1637625",
"CSAFPID-1637626"
]
}
],
"title": "CVE-2023-49069"
},
{
"cve": "CVE-2024-2004",
"cwe": {
"id": "CWE-319",
"name": "Cleartext Transmission of Sensitive Information"
},
"notes": [
{
"category": "other",
"text": "Cleartext Transmission of Sensitive Information",
"title": "CWE-319"
},
{
"category": "other",
"text": "Misinterpretation of Input",
"title": "CWE-115"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1615260",
"CSAFPID-1615261",
"CSAFPID-1615262",
"CSAFPID-1615263",
"CSAFPID-1615264",
"CSAFPID-894438"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-2004",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-2004.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1615260",
"CSAFPID-1615261",
"CSAFPID-1615262",
"CSAFPID-1615263",
"CSAFPID-1615264",
"CSAFPID-894438"
]
}
],
"title": "CVE-2024-2004"
},
{
"cve": "CVE-2024-2379",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Certificate Validation",
"title": "CWE-295"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1615260",
"CSAFPID-1615261",
"CSAFPID-1615262",
"CSAFPID-1615263",
"CSAFPID-1615264",
"CSAFPID-894438"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-2379",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-2379.json"
}
],
"title": "CVE-2024-2379"
},
{
"cve": "CVE-2024-2398",
"cwe": {
"id": "CWE-772",
"name": "Missing Release of Resource after Effective Lifetime"
},
"notes": [
{
"category": "other",
"text": "Missing Release of Resource after Effective Lifetime",
"title": "CWE-772"
},
{
"category": "other",
"text": "Missing Release of Memory after Effective Lifetime",
"title": "CWE-401"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1615260",
"CSAFPID-1615261",
"CSAFPID-1615262",
"CSAFPID-1615263",
"CSAFPID-1615264",
"CSAFPID-894438"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-2398",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-2398.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1615260",
"CSAFPID-1615261",
"CSAFPID-1615262",
"CSAFPID-1615263",
"CSAFPID-1615264",
"CSAFPID-894438"
]
}
],
"title": "CVE-2024-2398"
},
{
"cve": "CVE-2024-2466",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Certificate Validation",
"title": "CWE-295"
},
{
"category": "other",
"text": "Improper Validation of Certificate with Host Mismatch",
"title": "CWE-297"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1615260",
"CSAFPID-1615261",
"CSAFPID-1615262",
"CSAFPID-1615263",
"CSAFPID-1615264",
"CSAFPID-894438"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-2466",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-2466.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1615260",
"CSAFPID-1615261",
"CSAFPID-1615262",
"CSAFPID-1615263",
"CSAFPID-1615264",
"CSAFPID-894438"
]
}
],
"title": "CVE-2024-2466"
},
{
"cve": "CVE-2024-6387",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "other",
"text": "Signal Handler Race Condition",
"title": "CWE-364"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1637818",
"CSAFPID-218852",
"CSAFPID-455030"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-6387",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6387.json"
}
],
"title": "CVE-2024-6387"
},
{
"cve": "CVE-2024-32006",
"cwe": {
"id": "CWE-613",
"name": "Insufficient Session Expiration"
},
"notes": [
{
"category": "other",
"text": "Insufficient Session Expiration",
"title": "CWE-613"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1494867",
"CSAFPID-894438"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-32006",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-32006.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1494867",
"CSAFPID-894438"
]
}
],
"title": "CVE-2024-32006"
},
{
"cve": "CVE-2024-33698",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1637472",
"CSAFPID-1637473",
"CSAFPID-1637474",
"CSAFPID-1637570",
"CSAFPID-1637571",
"CSAFPID-1496915",
"CSAFPID-1637572",
"CSAFPID-1637573",
"CSAFPID-1458012",
"CSAFPID-1458015",
"CSAFPID-1458016",
"CSAFPID-1458017",
"CSAFPID-1470073",
"CSAFPID-1637613",
"CSAFPID-1637614",
"CSAFPID-1637615",
"CSAFPID-1637616",
"CSAFPID-1637617",
"CSAFPID-309392",
"CSAFPID-1615256",
"CSAFPID-1615257",
"CSAFPID-1615258",
"CSAFPID-1637618"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-33698",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-33698.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1637472",
"CSAFPID-1637473",
"CSAFPID-1637474",
"CSAFPID-1637570",
"CSAFPID-1637571",
"CSAFPID-1496915",
"CSAFPID-1637572",
"CSAFPID-1637573",
"CSAFPID-1458012",
"CSAFPID-1458015",
"CSAFPID-1458016",
"CSAFPID-1458017",
"CSAFPID-1470073",
"CSAFPID-1637613",
"CSAFPID-1637614",
"CSAFPID-1637615",
"CSAFPID-1637616",
"CSAFPID-1637617",
"CSAFPID-309392",
"CSAFPID-1615256",
"CSAFPID-1615257",
"CSAFPID-1615258",
"CSAFPID-1637618"
]
}
],
"title": "CVE-2024-33698"
},
{
"cve": "CVE-2024-34057",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"notes": [
{
"category": "other",
"text": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"title": "CWE-120"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1637468",
"CSAFPID-1637469",
"CSAFPID-1637470",
"CSAFPID-1637471",
"CSAFPID-1637840",
"CSAFPID-1637841",
"CSAFPID-1637842"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-34057",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-34057.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1637468",
"CSAFPID-1637469",
"CSAFPID-1637470",
"CSAFPID-1637471",
"CSAFPID-1637840",
"CSAFPID-1637841",
"CSAFPID-1637842"
]
}
],
"title": "CVE-2024-34057"
},
{
"cve": "CVE-2024-35783",
"cwe": {
"id": "CWE-250",
"name": "Execution with Unnecessary Privileges"
},
"notes": [
{
"category": "other",
"text": "Execution with Unnecessary Privileges",
"title": "CWE-250"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1470063",
"CSAFPID-1637574",
"CSAFPID-1637570",
"CSAFPID-1457909",
"CSAFPID-1637575",
"CSAFPID-1637576",
"CSAFPID-1457962",
"CSAFPID-1457963",
"CSAFPID-1457965",
"CSAFPID-1457966",
"CSAFPID-1457967",
"CSAFPID-1625340",
"CSAFPID-1637837",
"CSAFPID-1637613",
"CSAFPID-1501190",
"CSAFPID-1637838",
"CSAFPID-1637839",
"CSAFPID-1501188",
"CSAFPID-1501192",
"CSAFPID-1501193",
"CSAFPID-1501191",
"CSAFPID-1501189"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-35783",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-35783.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1470063",
"CSAFPID-1637574",
"CSAFPID-1637570",
"CSAFPID-1457909",
"CSAFPID-1637575",
"CSAFPID-1637576",
"CSAFPID-1457962",
"CSAFPID-1457963",
"CSAFPID-1457965",
"CSAFPID-1457966",
"CSAFPID-1457967",
"CSAFPID-1625340",
"CSAFPID-1637837",
"CSAFPID-1637613",
"CSAFPID-1501190",
"CSAFPID-1637838",
"CSAFPID-1637839",
"CSAFPID-1501188",
"CSAFPID-1501192",
"CSAFPID-1501193",
"CSAFPID-1501191",
"CSAFPID-1501189"
]
}
],
"title": "CVE-2024-35783"
},
{
"cve": "CVE-2024-37990",
"cwe": {
"id": "CWE-912",
"name": "Hidden Functionality"
},
"notes": [
{
"category": "other",
"text": "Hidden Functionality",
"title": "CWE-912"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1637577",
"CSAFPID-1637578",
"CSAFPID-1637579",
"CSAFPID-1637580",
"CSAFPID-1637581",
"CSAFPID-1637582",
"CSAFPID-1637583",
"CSAFPID-1637584",
"CSAFPID-1637585",
"CSAFPID-1637586",
"CSAFPID-1637587",
"CSAFPID-1637588",
"CSAFPID-1637589",
"CSAFPID-1637590",
"CSAFPID-1637591",
"CSAFPID-1637592",
"CSAFPID-1637593",
"CSAFPID-1637594",
"CSAFPID-1637595",
"CSAFPID-1637596",
"CSAFPID-1637597",
"CSAFPID-1637598",
"CSAFPID-1637599",
"CSAFPID-1637600",
"CSAFPID-1637601",
"CSAFPID-1637602",
"CSAFPID-1637603",
"CSAFPID-1637857",
"CSAFPID-1637858",
"CSAFPID-1637859",
"CSAFPID-1637860",
"CSAFPID-1637861",
"CSAFPID-1637862",
"CSAFPID-1637863",
"CSAFPID-1637864",
"CSAFPID-1637865",
"CSAFPID-1637866",
"CSAFPID-1637867",
"CSAFPID-1637868",
"CSAFPID-1637869",
"CSAFPID-1637870",
"CSAFPID-1637871",
"CSAFPID-1637872",
"CSAFPID-1637873",
"CSAFPID-1637874",
"CSAFPID-1637875",
"CSAFPID-1637876",
"CSAFPID-1637877",
"CSAFPID-1637878",
"CSAFPID-1637879",
"CSAFPID-1637880",
"CSAFPID-1637881",
"CSAFPID-1637882",
"CSAFPID-1637883"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-37990",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37990.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1637577",
"CSAFPID-1637578",
"CSAFPID-1637579",
"CSAFPID-1637580",
"CSAFPID-1637581",
"CSAFPID-1637582",
"CSAFPID-1637583",
"CSAFPID-1637584",
"CSAFPID-1637585",
"CSAFPID-1637586",
"CSAFPID-1637587",
"CSAFPID-1637588",
"CSAFPID-1637589",
"CSAFPID-1637590",
"CSAFPID-1637591",
"CSAFPID-1637592",
"CSAFPID-1637593",
"CSAFPID-1637594",
"CSAFPID-1637595",
"CSAFPID-1637596",
"CSAFPID-1637597",
"CSAFPID-1637598",
"CSAFPID-1637599",
"CSAFPID-1637600",
"CSAFPID-1637601",
"CSAFPID-1637602",
"CSAFPID-1637603",
"CSAFPID-1637857",
"CSAFPID-1637858",
"CSAFPID-1637859",
"CSAFPID-1637860",
"CSAFPID-1637861",
"CSAFPID-1637862",
"CSAFPID-1637863",
"CSAFPID-1637864",
"CSAFPID-1637865",
"CSAFPID-1637866",
"CSAFPID-1637867",
"CSAFPID-1637868",
"CSAFPID-1637869",
"CSAFPID-1637870",
"CSAFPID-1637871",
"CSAFPID-1637872",
"CSAFPID-1637873",
"CSAFPID-1637874",
"CSAFPID-1637875",
"CSAFPID-1637876",
"CSAFPID-1637877",
"CSAFPID-1637878",
"CSAFPID-1637879",
"CSAFPID-1637880",
"CSAFPID-1637881",
"CSAFPID-1637882",
"CSAFPID-1637883"
]
}
],
"title": "CVE-2024-37990"
},
{
"cve": "CVE-2024-37992",
"cwe": {
"id": "CWE-703",
"name": "Improper Check or Handling of Exceptional Conditions"
},
"notes": [
{
"category": "other",
"text": "Improper Check or Handling of Exceptional Conditions",
"title": "CWE-703"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1637577",
"CSAFPID-1637578",
"CSAFPID-1637579",
"CSAFPID-1637580",
"CSAFPID-1637581",
"CSAFPID-1637582",
"CSAFPID-1637583",
"CSAFPID-1637584",
"CSAFPID-1637585",
"CSAFPID-1637586",
"CSAFPID-1637587",
"CSAFPID-1637588",
"CSAFPID-1637589",
"CSAFPID-1637590",
"CSAFPID-1637591",
"CSAFPID-1637592",
"CSAFPID-1637593",
"CSAFPID-1637594",
"CSAFPID-1637595",
"CSAFPID-1637596",
"CSAFPID-1637597",
"CSAFPID-1637598",
"CSAFPID-1637599",
"CSAFPID-1637600",
"CSAFPID-1637601",
"CSAFPID-1637602",
"CSAFPID-1637603",
"CSAFPID-1637857",
"CSAFPID-1637858",
"CSAFPID-1637859",
"CSAFPID-1637860",
"CSAFPID-1637861",
"CSAFPID-1637862",
"CSAFPID-1637863",
"CSAFPID-1637864",
"CSAFPID-1637865",
"CSAFPID-1637866",
"CSAFPID-1637867",
"CSAFPID-1637868",
"CSAFPID-1637869",
"CSAFPID-1637870",
"CSAFPID-1637871",
"CSAFPID-1637872",
"CSAFPID-1637873",
"CSAFPID-1637874",
"CSAFPID-1637875",
"CSAFPID-1637876",
"CSAFPID-1637877",
"CSAFPID-1637878",
"CSAFPID-1637879",
"CSAFPID-1637880",
"CSAFPID-1637881",
"CSAFPID-1637882",
"CSAFPID-1637883"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-37992",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37992.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1637577",
"CSAFPID-1637578",
"CSAFPID-1637579",
"CSAFPID-1637580",
"CSAFPID-1637581",
"CSAFPID-1637582",
"CSAFPID-1637583",
"CSAFPID-1637584",
"CSAFPID-1637585",
"CSAFPID-1637586",
"CSAFPID-1637587",
"CSAFPID-1637588",
"CSAFPID-1637589",
"CSAFPID-1637590",
"CSAFPID-1637591",
"CSAFPID-1637592",
"CSAFPID-1637593",
"CSAFPID-1637594",
"CSAFPID-1637595",
"CSAFPID-1637596",
"CSAFPID-1637597",
"CSAFPID-1637598",
"CSAFPID-1637599",
"CSAFPID-1637600",
"CSAFPID-1637601",
"CSAFPID-1637602",
"CSAFPID-1637603",
"CSAFPID-1637857",
"CSAFPID-1637858",
"CSAFPID-1637859",
"CSAFPID-1637860",
"CSAFPID-1637861",
"CSAFPID-1637862",
"CSAFPID-1637863",
"CSAFPID-1637864",
"CSAFPID-1637865",
"CSAFPID-1637866",
"CSAFPID-1637867",
"CSAFPID-1637868",
"CSAFPID-1637869",
"CSAFPID-1637870",
"CSAFPID-1637871",
"CSAFPID-1637872",
"CSAFPID-1637873",
"CSAFPID-1637874",
"CSAFPID-1637875",
"CSAFPID-1637876",
"CSAFPID-1637877",
"CSAFPID-1637878",
"CSAFPID-1637879",
"CSAFPID-1637880",
"CSAFPID-1637881",
"CSAFPID-1637882",
"CSAFPID-1637883"
]
}
],
"title": "CVE-2024-37992"
},
{
"cve": "CVE-2024-37993",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1637577",
"CSAFPID-1637578",
"CSAFPID-1637579",
"CSAFPID-1637580",
"CSAFPID-1637581",
"CSAFPID-1637582",
"CSAFPID-1637583",
"CSAFPID-1637584",
"CSAFPID-1637585",
"CSAFPID-1637586",
"CSAFPID-1637587",
"CSAFPID-1637588",
"CSAFPID-1637589",
"CSAFPID-1637590",
"CSAFPID-1637591",
"CSAFPID-1637592",
"CSAFPID-1637593",
"CSAFPID-1637594",
"CSAFPID-1637595",
"CSAFPID-1637596",
"CSAFPID-1637597",
"CSAFPID-1637598",
"CSAFPID-1637599",
"CSAFPID-1637600",
"CSAFPID-1637601",
"CSAFPID-1637602",
"CSAFPID-1637603",
"CSAFPID-1637857",
"CSAFPID-1637858",
"CSAFPID-1637859",
"CSAFPID-1637860",
"CSAFPID-1637861",
"CSAFPID-1637862",
"CSAFPID-1637863",
"CSAFPID-1637864",
"CSAFPID-1637865",
"CSAFPID-1637866",
"CSAFPID-1637867",
"CSAFPID-1637868",
"CSAFPID-1637869",
"CSAFPID-1637870",
"CSAFPID-1637871",
"CSAFPID-1637872",
"CSAFPID-1637873",
"CSAFPID-1637874",
"CSAFPID-1637875",
"CSAFPID-1637876",
"CSAFPID-1637877",
"CSAFPID-1637878",
"CSAFPID-1637879",
"CSAFPID-1637880",
"CSAFPID-1637881",
"CSAFPID-1637882",
"CSAFPID-1637883"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-37993",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37993.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1637577",
"CSAFPID-1637578",
"CSAFPID-1637579",
"CSAFPID-1637580",
"CSAFPID-1637581",
"CSAFPID-1637582",
"CSAFPID-1637583",
"CSAFPID-1637584",
"CSAFPID-1637585",
"CSAFPID-1637586",
"CSAFPID-1637587",
"CSAFPID-1637588",
"CSAFPID-1637589",
"CSAFPID-1637590",
"CSAFPID-1637591",
"CSAFPID-1637592",
"CSAFPID-1637593",
"CSAFPID-1637594",
"CSAFPID-1637595",
"CSAFPID-1637596",
"CSAFPID-1637597",
"CSAFPID-1637598",
"CSAFPID-1637599",
"CSAFPID-1637600",
"CSAFPID-1637601",
"CSAFPID-1637602",
"CSAFPID-1637603",
"CSAFPID-1637857",
"CSAFPID-1637858",
"CSAFPID-1637859",
"CSAFPID-1637860",
"CSAFPID-1637861",
"CSAFPID-1637862",
"CSAFPID-1637863",
"CSAFPID-1637864",
"CSAFPID-1637865",
"CSAFPID-1637866",
"CSAFPID-1637867",
"CSAFPID-1637868",
"CSAFPID-1637869",
"CSAFPID-1637870",
"CSAFPID-1637871",
"CSAFPID-1637872",
"CSAFPID-1637873",
"CSAFPID-1637874",
"CSAFPID-1637875",
"CSAFPID-1637876",
"CSAFPID-1637877",
"CSAFPID-1637878",
"CSAFPID-1637879",
"CSAFPID-1637880",
"CSAFPID-1637881",
"CSAFPID-1637882",
"CSAFPID-1637883"
]
}
],
"title": "CVE-2024-37993"
},
{
"cve": "CVE-2024-37994",
"cwe": {
"id": "CWE-912",
"name": "Hidden Functionality"
},
"notes": [
{
"category": "other",
"text": "Hidden Functionality",
"title": "CWE-912"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1637577",
"CSAFPID-1637578",
"CSAFPID-1637579",
"CSAFPID-1637580",
"CSAFPID-1637581",
"CSAFPID-1637582",
"CSAFPID-1637583",
"CSAFPID-1637584",
"CSAFPID-1637585",
"CSAFPID-1637586",
"CSAFPID-1637587",
"CSAFPID-1637588",
"CSAFPID-1637589",
"CSAFPID-1637590",
"CSAFPID-1637591",
"CSAFPID-1637592",
"CSAFPID-1637593",
"CSAFPID-1637594",
"CSAFPID-1637595",
"CSAFPID-1637596",
"CSAFPID-1637597",
"CSAFPID-1637598",
"CSAFPID-1637599",
"CSAFPID-1637600",
"CSAFPID-1637601",
"CSAFPID-1637602",
"CSAFPID-1637603",
"CSAFPID-1637857",
"CSAFPID-1637858",
"CSAFPID-1637859",
"CSAFPID-1637860",
"CSAFPID-1637861",
"CSAFPID-1637862",
"CSAFPID-1637863",
"CSAFPID-1637864",
"CSAFPID-1637865",
"CSAFPID-1637866",
"CSAFPID-1637867",
"CSAFPID-1637868",
"CSAFPID-1637869",
"CSAFPID-1637870",
"CSAFPID-1637871",
"CSAFPID-1637872",
"CSAFPID-1637873",
"CSAFPID-1637874",
"CSAFPID-1637875",
"CSAFPID-1637876",
"CSAFPID-1637877",
"CSAFPID-1637878",
"CSAFPID-1637879",
"CSAFPID-1637880",
"CSAFPID-1637881",
"CSAFPID-1637882",
"CSAFPID-1637883"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-37994",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37994.json"
}
],
"title": "CVE-2024-37994"
},
{
"cve": "CVE-2024-37995",
"cwe": {
"id": "CWE-703",
"name": "Improper Check or Handling of Exceptional Conditions"
},
"notes": [
{
"category": "other",
"text": "Improper Check or Handling of Exceptional Conditions",
"title": "CWE-703"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1637577",
"CSAFPID-1637578",
"CSAFPID-1637579",
"CSAFPID-1637580",
"CSAFPID-1637581",
"CSAFPID-1637582",
"CSAFPID-1637583",
"CSAFPID-1637584",
"CSAFPID-1637585",
"CSAFPID-1637586",
"CSAFPID-1637587",
"CSAFPID-1637588",
"CSAFPID-1637589",
"CSAFPID-1637590",
"CSAFPID-1637591",
"CSAFPID-1637592",
"CSAFPID-1637593",
"CSAFPID-1637594",
"CSAFPID-1637595",
"CSAFPID-1637596",
"CSAFPID-1637597",
"CSAFPID-1637598",
"CSAFPID-1637599",
"CSAFPID-1637600",
"CSAFPID-1637601",
"CSAFPID-1637602",
"CSAFPID-1637603",
"CSAFPID-1637857",
"CSAFPID-1637858",
"CSAFPID-1637859",
"CSAFPID-1637860",
"CSAFPID-1637861",
"CSAFPID-1637862",
"CSAFPID-1637863",
"CSAFPID-1637864",
"CSAFPID-1637865",
"CSAFPID-1637866",
"CSAFPID-1637867",
"CSAFPID-1637868",
"CSAFPID-1637869",
"CSAFPID-1637870",
"CSAFPID-1637871",
"CSAFPID-1637872",
"CSAFPID-1637873",
"CSAFPID-1637874",
"CSAFPID-1637875",
"CSAFPID-1637876",
"CSAFPID-1637877",
"CSAFPID-1637878",
"CSAFPID-1637879",
"CSAFPID-1637880",
"CSAFPID-1637881",
"CSAFPID-1637882",
"CSAFPID-1637883"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-37995",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37995.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1637577",
"CSAFPID-1637578",
"CSAFPID-1637579",
"CSAFPID-1637580",
"CSAFPID-1637581",
"CSAFPID-1637582",
"CSAFPID-1637583",
"CSAFPID-1637584",
"CSAFPID-1637585",
"CSAFPID-1637586",
"CSAFPID-1637587",
"CSAFPID-1637588",
"CSAFPID-1637589",
"CSAFPID-1637590",
"CSAFPID-1637591",
"CSAFPID-1637592",
"CSAFPID-1637593",
"CSAFPID-1637594",
"CSAFPID-1637595",
"CSAFPID-1637596",
"CSAFPID-1637597",
"CSAFPID-1637598",
"CSAFPID-1637599",
"CSAFPID-1637600",
"CSAFPID-1637601",
"CSAFPID-1637602",
"CSAFPID-1637603",
"CSAFPID-1637857",
"CSAFPID-1637858",
"CSAFPID-1637859",
"CSAFPID-1637860",
"CSAFPID-1637861",
"CSAFPID-1637862",
"CSAFPID-1637863",
"CSAFPID-1637864",
"CSAFPID-1637865",
"CSAFPID-1637866",
"CSAFPID-1637867",
"CSAFPID-1637868",
"CSAFPID-1637869",
"CSAFPID-1637870",
"CSAFPID-1637871",
"CSAFPID-1637872",
"CSAFPID-1637873",
"CSAFPID-1637874",
"CSAFPID-1637875",
"CSAFPID-1637876",
"CSAFPID-1637877",
"CSAFPID-1637878",
"CSAFPID-1637879",
"CSAFPID-1637880",
"CSAFPID-1637881",
"CSAFPID-1637882",
"CSAFPID-1637883"
]
}
],
"title": "CVE-2024-37995"
},
{
"cve": "CVE-2024-38355",
"cwe": {
"id": "CWE-754",
"name": "Improper Check for Unusual or Exceptional Conditions"
},
"notes": [
{
"category": "other",
"text": "Improper Check for Unusual or Exceptional Conditions",
"title": "CWE-754"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
}
],
"product_status": {
"known_affected": [
"CSAFPID-855579",
"CSAFPID-1637480",
"CSAFPID-1637481",
"CSAFPID-165973",
"CSAFPID-186768",
"CSAFPID-1637482",
"CSAFPID-1637483",
"CSAFPID-1637884",
"CSAFPID-1637885",
"CSAFPID-1637886",
"CSAFPID-1637616",
"CSAFPID-1637617",
"CSAFPID-1637887",
"CSAFPID-1501188",
"CSAFPID-1501192",
"CSAFPID-1637888",
"CSAFPID-1501193",
"CSAFPID-1501191",
"CSAFPID-1501189",
"CSAFPID-766096"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38355",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38355.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-855579",
"CSAFPID-1637480",
"CSAFPID-1637481",
"CSAFPID-165973",
"CSAFPID-186768",
"CSAFPID-1637482",
"CSAFPID-1637483",
"CSAFPID-1637884",
"CSAFPID-1637885",
"CSAFPID-1637886",
"CSAFPID-1637616",
"CSAFPID-1637617",
"CSAFPID-1637887",
"CSAFPID-1501188",
"CSAFPID-1501192",
"CSAFPID-1637888",
"CSAFPID-1501193",
"CSAFPID-1501191",
"CSAFPID-1501189",
"CSAFPID-766096"
]
}
],
"title": "CVE-2024-38355"
},
{
"cve": "CVE-2024-41170",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1465025",
"CSAFPID-1476361",
"CSAFPID-1637816",
"CSAFPID-1637817"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-41170",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41170.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1465025",
"CSAFPID-1476361",
"CSAFPID-1637816",
"CSAFPID-1637817"
]
}
],
"title": "CVE-2024-41170"
},
{
"cve": "CVE-2024-41171",
"cwe": {
"id": "CWE-732",
"name": "Incorrect Permission Assignment for Critical Resource"
},
"notes": [
{
"category": "other",
"text": "Incorrect Permission Assignment for Critical Resource",
"title": "CWE-732"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1637606",
"CSAFPID-1637607",
"CSAFPID-1637608",
"CSAFPID-1457969",
"CSAFPID-1637627",
"CSAFPID-1637762",
"CSAFPID-1637628",
"CSAFPID-455030"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-41171",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41171.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1637606",
"CSAFPID-1637607",
"CSAFPID-1637608",
"CSAFPID-1457969",
"CSAFPID-1637627",
"CSAFPID-1637762",
"CSAFPID-1637628",
"CSAFPID-455030"
]
}
],
"title": "CVE-2024-41171"
},
{
"cve": "CVE-2024-42344",
"cwe": {
"id": "CWE-532",
"name": "Insertion of Sensitive Information into Log File"
},
"notes": [
{
"category": "other",
"text": "Insertion of Sensitive Information into Log File",
"title": "CWE-532"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1494867",
"CSAFPID-894438"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-42344",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-42344.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1494867",
"CSAFPID-894438"
]
}
],
"title": "CVE-2024-42344"
},
{
"cve": "CVE-2024-42345",
"cwe": {
"id": "CWE-384",
"name": "Session Fixation"
},
"notes": [
{
"category": "other",
"text": "Session Fixation",
"title": "CWE-384"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1496914",
"CSAFPID-218852"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-42345",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-42345.json"
}
],
"title": "CVE-2024-42345"
},
{
"cve": "CVE-2024-43781",
"cwe": {
"id": "CWE-532",
"name": "Insertion of Sensitive Information into Log File"
},
"notes": [
{
"category": "other",
"text": "Insertion of Sensitive Information into Log File",
"title": "CWE-532"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1637606",
"CSAFPID-1637608",
"CSAFPID-1457969",
"CSAFPID-1637627",
"CSAFPID-1637628",
"CSAFPID-455030"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-43781",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-43781.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1637606",
"CSAFPID-1637608",
"CSAFPID-1457969",
"CSAFPID-1637627",
"CSAFPID-1637628",
"CSAFPID-455030"
]
}
],
"title": "CVE-2024-43781"
},
{
"cve": "CVE-2024-44087",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "other",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1553852",
"CSAFPID-1637609",
"CSAFPID-1637610",
"CSAFPID-1637629",
"CSAFPID-1637630",
"CSAFPID-1637631"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-44087",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-44087.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1553852",
"CSAFPID-1637609",
"CSAFPID-1637610",
"CSAFPID-1637629",
"CSAFPID-1637630",
"CSAFPID-1637631"
]
}
],
"title": "CVE-2024-44087"
},
{
"cve": "CVE-2024-45032",
"cwe": {
"id": "CWE-639",
"name": "Authorization Bypass Through User-Controlled Key"
},
"notes": [
{
"category": "other",
"text": "Authorization Bypass Through User-Controlled Key",
"title": "CWE-639"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1637611",
"CSAFPID-1637612",
"CSAFPID-1637809",
"CSAFPID-1637810"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-45032",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45032.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1637611",
"CSAFPID-1637612",
"CSAFPID-1637809",
"CSAFPID-1637810"
]
}
],
"title": "CVE-2024-45032"
}
]
}
var-202409-0293
Vulnerability from variot
A vulnerability has been identified in Opcenter Execution Foundation (All versions), Opcenter Quality (All versions), Opcenter RDL (All versions), SIMATIC Information Server 2022 (All versions), SIMATIC Information Server 2024 (All versions), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions < V4.1 Update 2), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 5), Totally Integrated Automation Portal (TIA Portal) V19 (All versions < V19 Update 3). Affected products contain a heap-based buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to execute arbitrary code. SIMATIC PCS neo is a distributed control system (DCS). SINEC NMS is a new generation of network management system (NMS) for digital enterprises. The system can be used to centrally monitor, manage and configure networks. Totally Integrated Automation Portal (TIA Portal) is a PC software that provides access to Siemens' full range of digital automation services, from digital planning and integrated engineering to transparent operation. User Management Component (UMC) is an integrated component that enables centralized maintenance of users across the system
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202409-0293",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sinec nms",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "totally integrated automation portal",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v16"
},
{
"model": "totally integrated automation portal",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v17"
},
{
"model": "totally integrated automation portal",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v18"
},
{
"model": "simatic pcs neo",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.0"
},
{
"model": "simatic information server",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "2022"
},
{
"model": "simatic pcs neo",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.1"
},
{
"model": "simatic pcs neo",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v5.0"
},
{
"model": "totally integrated automation portal",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v19"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38025"
}
]
},
"cve": "CVE-2024-33698",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2024-38025",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "productcert@siemens.com",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2024-33698",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "productcert@siemens.com",
"id": "CVE-2024-33698",
"trust": 1.0,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2024-38025",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38025"
},
{
"db": "NVD",
"id": "CVE-2024-33698"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in Opcenter Execution Foundation (All versions), Opcenter Quality (All versions), Opcenter RDL (All versions), SIMATIC Information Server 2022 (All versions), SIMATIC Information Server 2024 (All versions), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions \u003c V4.1 Update 2), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions \u003c V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions \u003c V18 Update 5), Totally Integrated Automation Portal (TIA Portal) V19 (All versions \u003c V19 Update 3). Affected products contain a heap-based buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to execute arbitrary code. SIMATIC PCS neo is a distributed control system (DCS). SINEC NMS is a new generation of network management system (NMS) for digital enterprises. The system can be used to centrally monitor, manage and configure networks. Totally Integrated Automation Portal (TIA Portal) is a PC software that provides access to Siemens\u0027 full range of digital automation services, from digital planning and integrated engineering to transparent operation. User Management Component (UMC) is an integrated component that enables centralized maintenance of users across the system",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-33698"
},
{
"db": "CNVD",
"id": "CNVD-2024-38025"
}
],
"trust": 1.44
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "SIEMENS",
"id": "SSA-039007",
"trust": 1.6
},
{
"db": "NVD",
"id": "CVE-2024-33698",
"trust": 1.6
},
{
"db": "CNVD",
"id": "CNVD-2024-38025",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38025"
},
{
"db": "NVD",
"id": "CVE-2024-33698"
}
]
},
"id": "VAR-202409-0293",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38025"
}
],
"trust": 1.2891259499999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38025"
}
]
},
"last_update_date": "2024-11-12T23:18:04.812000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Siemens User Management Component (UMC) Heap Buffer Overflow Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/590261"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38025"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-122",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2024-33698"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://cert-portal.siemens.com/productcert/html/ssa-039007.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38025"
},
{
"db": "NVD",
"id": "CVE-2024-33698"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2024-38025"
},
{
"db": "NVD",
"id": "CVE-2024-33698"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-09-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-38025"
},
{
"date": "2024-09-10T10:15:09.707000",
"db": "NVD",
"id": "CVE-2024-33698"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-09-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-38025"
},
{
"date": "2024-11-12T13:15:07.653000",
"db": "NVD",
"id": "CVE-2024-33698"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens User Management Component (UMC) Heap Buffer Overflow Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38025"
}
],
"trust": 0.6
}
}
CERTFR-2024-AVI-0757
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Siemens | N/A | SIMATIC WinCC Runtime Professional V18 toutes versions pour la vulnérabilité CVE-2024-38355 | ||
| Siemens | N/A | SIMATIC WinCC V7.4 toutes versionswith installed WebRH. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2024-38355. | ||
| Siemens | N/A | SIMATIC WinCC Runtime Advanced toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour les vulnérabilités CVE-2023-28827, CVE-2023-30755 et CVE-2023-30756. | ||
| Siemens | N/A | SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) versions antérieures à V4.2 | ||
| Siemens | N/A | SIMATIC WinCC V8.0 versions antérieures à V8.0 Update 5 | ||
| Siemens | N/A | SIMATIC WinCC Runtime Professional V19 toutes versions pour la vulnérabilité CVE-2024-35783 | ||
| Siemens | N/A | SIMATIC IPC DiagMonitor toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour les vulnérabilités CVE-2023-28827, CVE-2023-30755 et CVE-2023-30756. | ||
| Siemens | N/A | SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) versions antérieures à V4.2 | ||
| Siemens | N/A | SIMATIC PCS neo V5.0 toutes versions pour la vulnérabilité CVE-2024-38355 | ||
| Siemens | N/A | SIMATIC HMI Comfort Panels (incl. SIPLUS variants) toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour les vulnérabilités CVE-2023-28827, CVE-2023-30755 et CVE-2023-30756. | ||
| Siemens | N/A | SCALANCE W700 802.11 AX versions antérieures à V2.4.0 | ||
| Siemens | N/A | SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) versions antérieures à V4.2 | ||
| Siemens | N/A | SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) versions antérieures à V4.2 | ||
| Siemens | N/A | SIMATIC WinCC V8.0 toutes versions pour la vulnérabilité CVE-2024-38355 | ||
| Siemens | N/A | SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) versions antérieures à V4.2 | ||
| Siemens | N/A | SIMATIC Information Server 2024 toutes versions pour la vulnérabilité CVE-2024-33698 | ||
| Siemens | N/A | SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) versions antérieures à V4.2 | ||
| Siemens | N/A | SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) versions antérieures à V4.2 | ||
| Siemens | N/A | SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) versions antérieures à V4.2 | ||
| Siemens | N/A | Totally Integrated Automation Portal (TIA Portal) V18 toutes versions | ||
| Siemens | N/A | SIMATIC RF188C (6GT2002-0JE40) versions antérieures à V2.2 | ||
| Siemens | N/A | SIMATIC PCS neo V4.1 versions antérieures à V4.1 Update 2 | ||
| Siemens | N/A | SIMATIC S7-200 SMART toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2024-43647. | ||
| Siemens | N/A | SIMATIC PCS neo V4.0 toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2024-33698. | ||
| Siemens | N/A | SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) versions antérieures à V4.2 | ||
| Siemens | N/A | SIMATIC WinCC V7.5 toutes versions pour la vulnérabilité CVE-2024-38355 | ||
| Siemens | N/A | SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) versions antérieures à V4.2 | ||
| Siemens | N/A | SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) versions antérieures à V3.5.20 | ||
| Siemens | N/A | SIMATIC RF1140R (6GT2831-6CB00) versions antérieures à V1.1 | ||
| Siemens | N/A | SIMATIC PCS 7 V9.1 toutes versions | ||
| Siemens | N/A | SIMATIC WinCC Runtime Professional V20 toutes versions pour la vulnérabilité CVE-2024-38355 | ||
| Siemens | N/A | SIMATIC RF1170R (6GT2831-6BB00) versions antérieures à V1.1 | ||
| Siemens | N/A | SIMATIC Information Server 2022 toutes versions pour la vulnérabilité CVE-2024-35783 | ||
| Siemens | N/A | SIMATIC RF166C (6GT2002-0EE20) versions antérieures à V2.2 | ||
| Siemens | N/A | Totally Integrated Automation Portal (TIA Portal) V19 toutes versions | ||
| Siemens | N/A | SIMATIC Information Server 2022 toutes versions pour la vulnérabilité CVE-2024-33698 | ||
| Siemens | N/A | SIMATIC WinCC Runtime Professional V17 toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2024-38355. | ||
| Siemens | N/A | SIMATIC RF186CI (6GT2002-0JE50) versions antérieures à V2.2 | ||
| Siemens | N/A | SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) versions antérieures à V3.5.20 | ||
| Siemens | N/A | Totally Integrated Automation Portal (TIA Portal) V17 versions antérieures à V17 Update 8 | ||
| Siemens | N/A | SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) versions antérieures à V4.2 | ||
| Siemens | N/A | SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) versions antérieures à V4.2 | ||
| Siemens | N/A | SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) versions antérieures à V4.2 | ||
| Siemens | N/A | SIMATIC Information Server 2020 toutes versions pour la vulnérabilité CVE-2024-35783 | ||
| Siemens | N/A | SIMATIC Process Historian 2020 toutes versions pour la vulnérabilité CVE-2024-35783 | ||
| Siemens | N/A | SIMATIC RF185C (6GT2002-0JE10) versions antérieures à V2.2 | ||
| Siemens | N/A | SIMATIC WinCC V7.5 versions antérieures à V7.5 SP2 Update 18 | ||
| Siemens | N/A | SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) versions antérieures à V4.2 | ||
| Siemens | N/A | SICAM SCC versions antérieures à V10.0 | ||
| Siemens | N/A | Totally Integrated Automation Portal (TIA Portal) V16 toutes versions pour la vulnérabilité CVE-2024-33698 | ||
| Siemens | N/A | SIMATIC WinCC Runtime Professional V18 toutes versions pour la vulnérabilité CVE-2024-35783 | ||
| Siemens | N/A | SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) versions antérieures à V3.5.20 | ||
| Siemens | N/A | SIMATIC WinCC Runtime Professional V19 toutes versions pour la vulnérabilité CVE-2024-38355 | ||
| Siemens | N/A | SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) versions antérieures à V4.2 | ||
| Siemens | N/A | SIMATIC WinCC V7.4 toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2024-35783. | ||
| Siemens | N/A | SIMATIC RF360R (6GT2801-5BA30) versions antérieures à V2.2 | ||
| Siemens | N/A | SIMATIC RF188CI (6GT2002-0JE60) versions antérieures à V2.2 | ||
| Siemens | N/A | SIMATIC IPC DiagBase toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour les vulnérabilités CVE-2023-28827, CVE-2023-30755 et CVE-2023-30756. | ||
| Siemens | N/A | SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) versions antérieures à V3.5.20 | ||
| Siemens | N/A | SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) versions antérieures à V4.2 | ||
| Siemens | N/A | SIMATIC Process Historian 2022 toutes versions pour la vulnérabilité CVE-2024-35783 | ||
| Siemens | N/A | SIMATIC RF186C (6GT2002-0JE20) versions antérieures à V2.2 | ||
| Siemens | N/A | SIMATIC CP 1243-7 LTE versions antérieures à V3.5.20 | ||
| Siemens | N/A | SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) versions antérieures à V4.2 | ||
| Siemens | N/A | SIMATIC PCS neo V5.0 toutes versions pour la vulnérabilité CVE-2024-33698 | ||
| Siemens | N/A | SIMATIC CP 1243-1 (incl. SIPLUS variants) versions antérieures à V3.5.20 | ||
| Siemens | N/A | SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) versions antérieures à V4.2 | ||
| Siemens | N/A | SIMATIC BATCH V9.1 toutes versions pour la vulnérabilité CVE-2024-35783 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SIMATIC WinCC Runtime Professional V18 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-38355",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC V7.4 toutes versionswith installed WebRH. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2024-38355.",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC Runtime Advanced toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour les vuln\u00e9rabilit\u00e9s CVE-2023-28827, CVE-2023-30755 et CVE-2023-30756.",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) versions ant\u00e9rieures \u00e0 V4.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC V8.0 versions ant\u00e9rieures \u00e0 V8.0 Update 5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC Runtime Professional V19 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-35783",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC IPC DiagMonitor toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour les vuln\u00e9rabilit\u00e9s CVE-2023-28827, CVE-2023-30755 et CVE-2023-30756.",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) versions ant\u00e9rieures \u00e0 V4.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC PCS neo V5.0 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-38355",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI Comfort Panels (incl. SIPLUS variants) toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour les vuln\u00e9rabilit\u00e9s CVE-2023-28827, CVE-2023-30755 et CVE-2023-30756.",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE W700 802.11 AX versions ant\u00e9rieures \u00e0 V2.4.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) versions ant\u00e9rieures \u00e0 V4.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) versions ant\u00e9rieures \u00e0 V4.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC V8.0 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-38355",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) versions ant\u00e9rieures \u00e0 V4.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Information Server 2024 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-33698",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) versions ant\u00e9rieures \u00e0 V4.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) versions ant\u00e9rieures \u00e0 V4.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) versions ant\u00e9rieures \u00e0 V4.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Totally Integrated Automation Portal (TIA Portal) V18 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RF188C (6GT2002-0JE40) versions ant\u00e9rieures \u00e0 V2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC PCS neo V4.1 versions ant\u00e9rieures \u00e0 V4.1 Update 2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-200 SMART toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2024-43647.",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC PCS neo V4.0 toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2024-33698.",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) versions ant\u00e9rieures \u00e0 V4.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC V7.5 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-38355",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) versions ant\u00e9rieures \u00e0 V4.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) versions ant\u00e9rieures \u00e0 V3.5.20",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RF1140R (6GT2831-6CB00) versions ant\u00e9rieures \u00e0 V1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC PCS 7 V9.1 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC Runtime Professional V20 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-38355",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RF1170R (6GT2831-6BB00) versions ant\u00e9rieures \u00e0 V1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Information Server 2022 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-35783",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RF166C (6GT2002-0EE20) versions ant\u00e9rieures \u00e0 V2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Totally Integrated Automation Portal (TIA Portal) V19 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Information Server 2022 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-33698",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC Runtime Professional V17 toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2024-38355.",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RF186CI (6GT2002-0JE50) versions ant\u00e9rieures \u00e0 V2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) versions ant\u00e9rieures \u00e0 V3.5.20",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Totally Integrated Automation Portal (TIA Portal) V17 versions ant\u00e9rieures \u00e0 V17 Update 8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) versions ant\u00e9rieures \u00e0 V4.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) versions ant\u00e9rieures \u00e0 V4.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) versions ant\u00e9rieures \u00e0 V4.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Information Server 2020 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-35783",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Process Historian 2020 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-35783",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RF185C (6GT2002-0JE10) versions ant\u00e9rieures \u00e0 V2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC V7.5 versions ant\u00e9rieures \u00e0 V7.5 SP2 Update 18",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) versions ant\u00e9rieures \u00e0 V4.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SICAM SCC versions ant\u00e9rieures \u00e0 V10.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Totally Integrated Automation Portal (TIA Portal) V16 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-33698",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC Runtime Professional V18 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-35783",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) versions ant\u00e9rieures \u00e0 V3.5.20",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC Runtime Professional V19 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-38355",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) versions ant\u00e9rieures \u00e0 V4.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC V7.4 toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2024-35783.",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RF360R (6GT2801-5BA30) versions ant\u00e9rieures \u00e0 V2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RF188CI (6GT2002-0JE60) versions ant\u00e9rieures \u00e0 V2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC IPC DiagBase toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour les vuln\u00e9rabilit\u00e9s CVE-2023-28827, CVE-2023-30755 et CVE-2023-30756.",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) versions ant\u00e9rieures \u00e0 V3.5.20",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) versions ant\u00e9rieures \u00e0 V4.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Process Historian 2022 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-35783",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RF186C (6GT2002-0JE20) versions ant\u00e9rieures \u00e0 V2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 1243-7 LTE versions ant\u00e9rieures \u00e0 V3.5.20",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) versions ant\u00e9rieures \u00e0 V4.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC PCS neo V5.0 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-33698",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 1243-1 (incl. SIPLUS variants) versions ant\u00e9rieures \u00e0 V3.5.20",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) versions ant\u00e9rieures \u00e0 V4.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC BATCH V9.1 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-35783",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-43647",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43647"
},
{
"name": "CVE-2024-37995",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37995"
},
{
"name": "CVE-2024-37990",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37990"
},
{
"name": "CVE-2024-37993",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37993"
},
{
"name": "CVE-2024-37991",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37991"
},
{
"name": "CVE-2023-30756",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30756"
},
{
"name": "CVE-2024-33698",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33698"
},
{
"name": "CVE-2024-37992",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37992"
},
{
"name": "CVE-2024-34057",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34057"
},
{
"name": "CVE-2023-30755",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30755"
},
{
"name": "CVE-2023-28827",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28827"
},
{
"name": "CVE-2023-44373",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44373"
},
{
"name": "CVE-2024-35783",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35783"
},
{
"name": "CVE-2024-38355",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38355"
},
{
"name": "CVE-2024-37994",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37994"
}
],
"initial_release_date": "2024-09-10T00:00:00",
"last_revision_date": "2024-09-10T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0757",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-09-10T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Siemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
"vendor_advisories": [
{
"published_at": "2024-09-10",
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-721642",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-721642.html"
},
{
"published_at": "2024-09-10",
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-969738",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-969738.html"
},
{
"published_at": "2024-09-10",
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-673996",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-673996.html"
},
{
"published_at": "2024-09-10",
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-773256",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-773256.html"
},
{
"published_at": "2024-09-10",
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-423808",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-423808.html"
},
{
"published_at": "2024-09-10",
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-039007",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-039007.html"
},
{
"published_at": "2024-09-10",
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-629254",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-629254.html"
},
{
"published_at": "2024-09-10",
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-765405",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-765405.html"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…