CVE-2023-46280

EPSS 0.04%
Veröffentlicht 14.05.2024 16:15:40
Zuletzt bearbeitet 10.12.2024 14:30:35
Quelle productcert@siemens.com
Teams Watchlist Login
Unerledigt Login

A vulnerability has been identified in Security Configuration Tool (SCT) (All versions), SIMATIC Automation Tool (All versions < V5.0 SP2), SIMATIC BATCH V9.1 (All versions < V9.1 SP2 Upd5), SIMATIC NET PC Software V16 (All versions < V16 Update 8), SIMATIC NET PC Software V17 (All versions), SIMATIC NET PC Software V18 (All versions < V18 SP1), SIMATIC NET PC Software V19 (All versions < V19 Update 2), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC PDM V9.2 (All versions < V9.2 SP2 Upd3), SIMATIC Route Control V9.1 (All versions < V9.1 SP2 Upd3), SIMATIC S7-PCT (All versions < V3.5 SP3 Update 6), SIMATIC STEP 7 V5 (All versions < V5.7 SP3), SIMATIC WinCC OA V3.17 (All versions), SIMATIC WinCC OA V3.18 (All versions < V3.18 P025), SIMATIC WinCC OA V3.19 (All versions < V3.19 P010), SIMATIC WinCC Runtime Advanced (All versions < V17 Update 8), SIMATIC WinCC Runtime Professional V16 (All versions < V16 Update 6), SIMATIC WinCC Runtime Professional V17 (All versions < V17 Update 8), SIMATIC WinCC Runtime Professional V18 (All versions < V18 Update 4), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 2), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 17), SIMATIC WinCC V8.0 (All versions < V8.0 Update 5), SINAMICS Startdrive (All versions < V19 SP1), SINEC NMS (All versions < V3.0), SINEC NMS (All versions < V3.0 SP1), SINUMERIK ONE virtual (All versions < V6.23), SINUMERIK PLC Programming Tool (All versions < V3.3.12), TIA Portal Cloud Connector (All versions < V2.0), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 4), Totally Integrated Automation Portal (TIA Portal) V19 (All versions < V19 Update 2). The affected applications contain an out of bounds read vulnerability. This could allow an attacker to cause a Blue Screen of Death (BSOD) crash of the underlying Windows kernel.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerSiemens

≫

Produkt Security Configuration Tool (SCT)

Default Statusunknown

Version < *

Version 0

Status affected

HerstellerSiemens

≫

Produkt SIMATIC Automation Tool

Default Statusunknown

Version < V5.0 SP2

Version 0

Status affected

HerstellerSiemens

≫

Produkt SIMATIC BATCH V9.1

Default Statusunknown

Version < V9.1 SP2 Upd5

Version 0

Status affected

HerstellerSiemens

≫

Produkt SIMATIC NET PC Software V16

Default Statusunknown

Version < V16 Update 8

Version 0

Status affected

HerstellerSiemens

≫

Produkt SIMATIC NET PC Software V17

Default Statusunknown

Version < *

Version 0

Status affected

HerstellerSiemens

≫

Produkt SIMATIC NET PC Software V18

Default Statusunknown

Version < V18 SP1

Version 0

Status affected

HerstellerSiemens

≫

Produkt SIMATIC NET PC Software V19

Default Statusunknown

Version < V19 Update 2

Version 0

Status affected

HerstellerSiemens

≫

Produkt SIMATIC PCS 7 V9.1

Default Statusunknown

Version < V9.1 SP2 UC05

Version 0

Status affected

HerstellerSiemens

≫

Produkt SIMATIC PDM V9.2

Default Statusunknown

Version < V9.2 SP2 Upd3

Version 0

Status affected

HerstellerSiemens

≫

Produkt SIMATIC Route Control V9.1

Default Statusunknown

Version < V9.1 SP2 Upd3

Version 0

Status affected

HerstellerSiemens

≫

Produkt SIMATIC S7-PCT

Default Statusunknown

Version < V3.5 SP3 Update 6

Version 0

Status affected

HerstellerSiemens

≫

Produkt SIMATIC STEP 7 V5

Default Statusunknown

Version < V5.7 SP3

Version 0

Status affected

HerstellerSiemens

≫

Produkt SIMATIC WinCC OA V3.17

Default Statusunknown

Version < *

Version 0

Status affected

HerstellerSiemens

≫

Produkt SIMATIC WinCC OA V3.18

Default Statusunknown

Version < V3.18 P025

Version 0

Status affected

HerstellerSiemens

≫

Produkt SIMATIC WinCC OA V3.19

Default Statusunknown

Version < V3.19 P010

Version 0

Status affected

HerstellerSiemens

≫

Produkt SIMATIC WinCC Runtime Advanced

Default Statusunknown

Version < V17 Update 8

Version 0

Status affected

HerstellerSiemens

≫

Produkt SIMATIC WinCC Runtime Professional V16

Default Statusunknown

Version < V16 Update 6

Version 0

Status affected

HerstellerSiemens

≫

Produkt SIMATIC WinCC Runtime Professional V17

Default Statusunknown

Version < V17 Update 8

Version 0

Status affected

HerstellerSiemens

≫

Produkt SIMATIC WinCC Runtime Professional V18

Default Statusunknown

Version < V18 Update 4

Version 0

Status affected

HerstellerSiemens

≫

Produkt SIMATIC WinCC Runtime Professional V19

Default Statusunknown

Version < V19 Update 2

Version 0

Status affected

HerstellerSiemens

≫

Produkt SIMATIC WinCC V7.4

Default Statusunknown

Version < *

Version 0

Status affected

HerstellerSiemens

≫

Produkt SIMATIC WinCC V7.5

Default Statusunknown

Version < V7.5 SP2 Update 17

Version 0

Status affected

HerstellerSiemens

≫

Produkt SIMATIC WinCC V8.0

Default Statusunknown

Version < V8.0 Update 5

Version 0

Status affected

HerstellerSiemens

≫

Produkt SINAMICS Startdrive

Default Statusunknown

Version < V19 SP1

Version 0

Status affected

HerstellerSiemens

≫

Produkt SINEC NMS

Default Statusunknown

Version < V3.0

Version 0

Status affected

HerstellerSiemens

≫

Produkt SINEC NMS

Default Statusunknown

Version < V3.0 SP1

Version 0

Status affected

HerstellerSiemens

≫

Produkt SINUMERIK ONE virtual

Default Statusunknown

Version < V6.23

Version 0

Status affected

HerstellerSiemens

≫

Produkt SINUMERIK PLC Programming Tool

Default Statusunknown

Version < V3.3.12

Version 0

Status affected

HerstellerSiemens

≫

Produkt TIA Portal Cloud Connector

Default Statusunknown

Version < V2.0

Version 0

Status affected

HerstellerSiemens

≫

Produkt Totally Integrated Automation Portal (TIA Portal) V15.1

Default Statusunknown

Version < *

Version 0

Status affected

HerstellerSiemens

≫

Produkt Totally Integrated Automation Portal (TIA Portal) V16

Default Statusunknown

Version < *

Version 0

Status affected

HerstellerSiemens

≫

Produkt Totally Integrated Automation Portal (TIA Portal) V17

Default Statusunknown

Version < V17 Update 8

Version 0

Status affected

HerstellerSiemens

≫

Produkt Totally Integrated Automation Portal (TIA Portal) V18

Default Statusunknown

Version < V18 Update 4

Version 0

Status affected

HerstellerSiemens

≫

Produkt Totally Integrated Automation Portal (TIA Portal) V19

Default Statusunknown

Version < V19 Update 2

Version 0

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.11

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
productcert@siemens.com	8.2	0	0	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
productcert@siemens.com	6.5	2	4	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://cert-portal.siemens.com/productcert/html/ssa-331112.html

https://cert-portal.siemens.com/productcert/html/ssa-784301.html

https://cert-portal.siemens.com/productcert/html/ssa-962515.html

https://nvd.nist.gov/vuln/detail/CVE-2023-46280

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-46280

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-46280

EUVD