4.6

CVE-2023-27465

A vulnerability has been identified in SIMOTION C240 (All versions >= V5.4 < V5.5 SP1), SIMOTION C240 PN (All versions >= V5.4 < V5.5 SP1), SIMOTION D410-2 DP (All versions >= V5.4 < V5.5 SP1), SIMOTION D410-2 DP/PN (All versions >= V5.4 < V5.5 SP1), SIMOTION D425-2 DP (All versions >= V5.4 < V5.5 SP1), SIMOTION D425-2 DP/PN (All versions >= V5.4 < V5.5 SP1), SIMOTION D435-2 DP (All versions >= V5.4 < V5.5 SP1), SIMOTION D435-2 DP/PN (All versions >= V5.4 < V5.5 SP1), SIMOTION D445-2 DP/PN (All versions >= V5.4), SIMOTION D445-2 DP/PN (All versions >= V5.4 < V5.5 SP1), SIMOTION D455-2 DP/PN (All versions >= V5.4 < V5.5 SP1), SIMOTION P320-4 E (All versions >= V5.4), SIMOTION P320-4 S (All versions >= V5.4). When operated with Security Level Low the device does not protect access to certain services relevant for debugging. This could allow an unauthenticated attacker to extract confidential technology object (TO) configuration from the device.

Data is provided by the National Vulnerability Database (NVD)
SiemensSimotion D425-2 Dp Firmware Version >= 5.4 < 5.5
   SiemensSimotion D425-2 Dp Version-
SiemensSimotion D425-2 Dp Firmware Version5.5 Update-
   SiemensSimotion D425-2 Dp Version-
SiemensSimotion D425-2 Dp/pn Firmware Version >= 5.4 < 5.5
   SiemensSimotion D425-2 Dp/pn Version-
SiemensSimotion D425-2 Dp/pn Firmware Version5.5 Update-
   SiemensSimotion D425-2 Dp/pn Version-
SiemensSimotion D435-2 Dp Firmware Version >= 5.4 < 5.5
   SiemensSimotion D435-2 Dp Version-
SiemensSimotion D435-2 Dp Firmware Version5.5 Update-
   SiemensSimotion D435-2 Dp Version-
SiemensSimotion D435-2 Dp/pn Firmware Version >= 5.4 < 5.5
   SiemensSimotion D435-2 Dp/pn Version-
SiemensSimotion D435-2 Dp/pn Firmware Version5.5 Update-
   SiemensSimotion D435-2 Dp/pn Version-
SiemensSimotion D455-2 Dp/pn Firmware Version >= 5.4 < 5.5
   SiemensSimotion D455-2 Dp/pn Version-
SiemensSimotion D455-2 Dp/pn Firmware Version5.5 Update-
   SiemensSimotion D455-2 Dp/pn Version-
SiemensSimotion P320-4 E Firmware Version5.4
   SiemensSimotion P320-4 E Version-
SiemensSimotion P320-4 S Firmware Version5.4
   SiemensSimotion P320-4 S Version-
SiemensSimotion D410-2 Dp Firmware Version >= 5.4 < 5.5
   SiemensSimotion D410-2 Dp Version-
SiemensSimotion D410-2 Dp Firmware Version5.5 Update-
   SiemensSimotion D410-2 Dp Version-
SiemensSimotion D410-2 Dp/pn Firmware Version >= 5.4 < 5.5
   SiemensSimotion D410-2 Dp/pn Version-
SiemensSimotion D410-2 Dp/pn Firmware Version5.5 Update-
   SiemensSimotion D410-2 Dp/pn Version-
SiemensSimotion C240 Pn Firmware Version >= 5.4 < 5.5
   SiemensSimotion C240 Pn Version-
SiemensSimotion C240 Pn Firmware Version5.5 Update-
   SiemensSimotion C240 Pn Version-
SiemensSimotion C240 Firmware Version >= 5.4 < 5.5
   SiemensSimotion C240 Version-
SiemensSimotion C240 Firmware Version5.5 Update-
   SiemensSimotion C240 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.1% 0.293
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 4.6 0.9 3.6
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
productcert@siemens.com 4.6 0.9 3.6
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CWE-213 Exposure of Sensitive Information Due to Incompatible Policies

The product's intended functionality exposes information to certain actors in accordance with the developer's security policy, but this information is regarded as sensitive according to the intended security policies of other stakeholders such as the product's administrator, users, or others whose information is being processed.