8.2
CVE-2023-28827
- EPSS 0.18%
- Veröffentlicht 10.09.2024 10:15:05
- Zuletzt bearbeitet 10.09.2024 12:09:50
- Quelle productcert@siemens.com
- Teams Watchlist Login
- Unerledigt Login
A vulnerability has been identified in SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-1 (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-7 LTE (All versions < V3.5.20), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions < V3.5.20), SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions), SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions), SIMATIC WinCC Runtime Advanced (All versions), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions < V2.4.8), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions < V2.4.8). The web server of the affected devices do not properly handle certain requests, causing a timeout in the watchdog, which could lead to the clean up of pointers. This could allow a remote attacker to cause a denial of service condition in the system.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerSiemens
≫
Produkt
SIMATIC CP 1242-7 V2 (incl. SIPLUS variants)
Default Statusunknown
Version <
V3.5.20
Version
0
Status
affected
HerstellerSiemens
≫
Produkt
SIMATIC CP 1243-1 (incl. SIPLUS variants)
Default Statusunknown
Version <
V3.5.20
Version
0
Status
affected
HerstellerSiemens
≫
Produkt
SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants)
Default Statusunknown
Version <
V3.5.20
Version
0
Status
affected
HerstellerSiemens
≫
Produkt
SIMATIC CP 1243-1 IEC (incl. SIPLUS variants)
Default Statusunknown
Version <
V3.5.20
Version
0
Status
affected
HerstellerSiemens
≫
Produkt
SIMATIC CP 1243-7 LTE
Default Statusunknown
Version <
V3.5.20
Version
0
Status
affected
HerstellerSiemens
≫
Produkt
SIMATIC CP 1243-8 IRC
Default Statusunknown
Version <
V3.5.20
Version
0
Status
affected
HerstellerSiemens
≫
Produkt
SIMATIC HMI Comfort Panels (incl. SIPLUS variants)
Default Statusunknown
Version
All versions
Status
affected
HerstellerSiemens
≫
Produkt
SIMATIC IPC DiagBase
Default Statusunknown
Version <
*
Version
0
Status
affected
HerstellerSiemens
≫
Produkt
SIMATIC IPC DiagMonitor
Default Statusunknown
Version
All versions
Status
affected
HerstellerSiemens
≫
Produkt
SIMATIC WinCC Runtime Advanced
Default Statusunknown
Version
All versions
Status
affected
HerstellerSiemens
≫
Produkt
SIPLUS TIM 1531 IRC
Default Statusunknown
Version <
V2.4.8
Version
0
Status
affected
HerstellerSiemens
≫
Produkt
TIM 1531 IRC
Default Statusunknown
Version <
V2.4.8
Version
0
Status
affected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.18% | 0.399 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| productcert@siemens.com | 8.2 | 0 | 0 |
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| productcert@siemens.com | 5.9 | 2.2 | 3.6 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
|
CWE-476 NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.