8.2
CVE-2023-28827
- EPSS 0.49%
- Veröffentlicht 10.09.2024 10:15:05
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle productcert@siemens.com
- CVE-Watchlists
- Unerledigt
A vulnerability has been identified in SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-1 (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-7 LTE (All versions < V3.5.20), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions < V3.5.20), SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions), SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions), SIMATIC WinCC Runtime Advanced (All versions), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions < V2.4.8), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions < V2.4.8). The web server of the affected devices do not properly handle certain requests, causing a timeout in the watchdog, which could lead to the clean up of pointers. This could allow a remote attacker to cause a denial of service condition in the system.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerSiemens
≫
Produkt
SIMATIC CP 1242-7 V2 (incl. SIPLUS variants)
Default Statusunknown
Version
0
Version <
V3.5.20
Status
affected
HerstellerSiemens
≫
Produkt
SIMATIC CP 1243-1 (incl. SIPLUS variants)
Default Statusunknown
Version
0
Version <
V3.5.20
Status
affected
HerstellerSiemens
≫
Produkt
SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants)
Default Statusunknown
Version
0
Version <
V3.5.20
Status
affected
HerstellerSiemens
≫
Produkt
SIMATIC CP 1243-1 IEC (incl. SIPLUS variants)
Default Statusunknown
Version
0
Version <
V3.5.20
Status
affected
HerstellerSiemens
≫
Produkt
SIMATIC CP 1243-7 LTE
Default Statusunknown
Version
0
Version <
V3.5.20
Status
affected
HerstellerSiemens
≫
Produkt
SIMATIC CP 1243-8 IRC
Default Statusunknown
Version
0
Version <
V3.5.20
Status
affected
HerstellerSiemens
≫
Produkt
SIMATIC HMI Comfort Panels (incl. SIPLUS variants)
Default Statusunknown
Version
All versions
Status
affected
HerstellerSiemens
≫
Produkt
SIMATIC IPC DiagBase
Default Statusunknown
Version
0
Version <
*
Status
affected
HerstellerSiemens
≫
Produkt
SIMATIC IPC DiagMonitor
Default Statusunknown
Version
All versions
Status
affected
HerstellerSiemens
≫
Produkt
SIMATIC WinCC Runtime Advanced
Default Statusunknown
Version
All versions
Status
affected
HerstellerSiemens
≫
Produkt
SIPLUS TIM 1531 IRC
Default Statusunknown
Version
0
Version <
V2.4.8
Status
affected
HerstellerSiemens
≫
Produkt
TIM 1531 IRC
Default Statusunknown
Version
0
Version <
V2.4.8
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.49% | 0.646 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| productcert@siemens.com | 8.2 | 0 | 0 |
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| productcert@siemens.com | 5.9 | 2.2 | 3.6 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
|
CWE-476 NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.