8.7
CVE-2023-38380
- EPSS 0.96%
- Veröffentlicht 12.12.2023 12:15:11
- Zuletzt bearbeitet 21.11.2024 08:13:26
- Quelle productcert@siemens.com
- CVE-Watchlists
- Unerledigt
A vulnerability has been identified in SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-1 (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-7 LTE (All versions < V3.4.29), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions < V2.3), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions < V2.3), SIMATIC CP 1543-1 (6GK7543-1AX00-0XE0) (All versions < V3.0.37), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) (All versions < V2.3), SINAMICS S210 (6SL5...) (All versions >= V6.1 < V6.1 HF2), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) (All versions < V2.3), SIPLUS NET CP 1543-1 (6AG1543-1AX00-2XE0) (All versions < V3.0.37). The webserver implementation of the affected products does not correctly release allocated memory after it has been used. An attacker with network access could use this vulnerability to cause a denial-of-service condition in the webserver of the affected product.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Siemens ≫ 6gk7243-8rx30-0xe0 Firmware Version-
Siemens ≫ 6gk7543-1ax00-0xe0 Firmware Version-
Siemens ≫ 6ag1543-1ax00-2xe0 Firmware Version-
Siemens ≫ Simatic Cp 1242-7 V2 Firmware Version-
Siemens ≫ Simatic Cp 1243-1 Firmware Version-
Siemens ≫ Simatic Cp 1243-1 Dnp3 Firmware Version-
Siemens ≫ Simatic Cp 1243-1 Iec Firmware Version-
Siemens ≫ Sinamics S210 Firmware Version5.1 Update-
Siemens ≫ Sinamics S210 Firmware Version5.1 Updatesp1
Siemens ≫ Sinamics S210 Firmware Version5.1 Updatesp1_hotfix8
Siemens ≫ Sinamics S210 Firmware Version5.2 Update-
Siemens ≫ Sinamics S210 Firmware Version5.2 Updatehotfix2
Siemens ≫ Sinamics S210 Firmware Version5.2 Updatehotfix5
Siemens ≫ Sinamics S210 Firmware Version5.2 Updatehotfix6
Siemens ≫ Sinamics S210 Firmware Version5.2 Updatehotfix7
Siemens ≫ Sinamics S210 Firmware Version5.2 Updatesp3
Siemens ≫ Sinamics S210 Firmware Version5.2 Updatesp3_hotfix3
Siemens ≫ Sinamics S210 Firmware Version5.2 Updatesp3_hotfix5
Siemens ≫ Sinamics S210 Firmware Version5.2 Updatesp3_hotfix6
Siemens ≫ Sinamics S210 Firmware Version5.2 Updatesp3_hotfix9
Siemens ≫ Sinamics S210 Firmware Version6.1 Update-
Siemens ≫ Sinamics S210 Firmware Version6.1 Updatehotfix1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.96% | 0.568 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| productcert@siemens.com | 8.7 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| productcert@siemens.com | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
CWE-401 Missing Release of Memory after Effective Lifetime
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
https://cert-portal.siemens.com/productcert/html/ssa-139628.html
https://cert-portal.siemens.com/productcert/html/ssa-625862.html
https://cert-portal.siemens.com/productcert/html/ssa-693975.html
https://cert-portal.siemens.com/productcert/pdf/ssa-693975.pdf