CVE-2023-46280

EPSS 0.04%
Published 14.05.2024 16:15:40
Last modified 10.12.2024 14:30:35
Source productcert@siemens.com
Teams watchlist Login
Open Login

A vulnerability has been identified in Security Configuration Tool (SCT) (All versions), SIMATIC Automation Tool (All versions < V5.0 SP2), SIMATIC BATCH V9.1 (All versions < V9.1 SP2 Upd5), SIMATIC NET PC Software V16 (All versions < V16 Update 8), SIMATIC NET PC Software V17 (All versions), SIMATIC NET PC Software V18 (All versions < V18 SP1), SIMATIC NET PC Software V19 (All versions < V19 Update 2), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC PDM V9.2 (All versions < V9.2 SP2 Upd3), SIMATIC Route Control V9.1 (All versions < V9.1 SP2 Upd3), SIMATIC S7-PCT (All versions < V3.5 SP3 Update 6), SIMATIC STEP 7 V5 (All versions < V5.7 SP3), SIMATIC WinCC OA V3.17 (All versions), SIMATIC WinCC OA V3.18 (All versions < V3.18 P025), SIMATIC WinCC OA V3.19 (All versions < V3.19 P010), SIMATIC WinCC Runtime Advanced (All versions < V17 Update 8), SIMATIC WinCC Runtime Professional V16 (All versions < V16 Update 6), SIMATIC WinCC Runtime Professional V17 (All versions < V17 Update 8), SIMATIC WinCC Runtime Professional V18 (All versions < V18 Update 4), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 2), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 17), SIMATIC WinCC V8.0 (All versions < V8.0 Update 5), SINAMICS Startdrive (All versions < V19 SP1), SINEC NMS (All versions < V3.0), SINEC NMS (All versions < V3.0 SP1), SINUMERIK ONE virtual (All versions < V6.23), SINUMERIK PLC Programming Tool (All versions < V3.3.12), TIA Portal Cloud Connector (All versions < V2.0), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 4), Totally Integrated Automation Portal (TIA Portal) V19 (All versions < V19 Update 2). The affected applications contain an out of bounds read vulnerability. This could allow an attacker to cause a Blue Screen of Death (BSOD) crash of the underlying Windows kernel.

Affected products Warnungen 0 Metrics 3 CWE 1 References 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

VendorSiemens

≫

Product Security Configuration Tool (SCT)

Default Statusunknown

Version < *

Version 0

Status affected

VendorSiemens

≫

Product SIMATIC Automation Tool

Default Statusunknown

Version < V5.0 SP2

Version 0

Status affected

VendorSiemens

≫

Product SIMATIC BATCH V9.1

Default Statusunknown

Version < V9.1 SP2 Upd5

Version 0

Status affected

VendorSiemens

≫

Product SIMATIC NET PC Software V16

Default Statusunknown

Version < V16 Update 8

Version 0

Status affected

VendorSiemens

≫

Product SIMATIC NET PC Software V17

Default Statusunknown

Version < *

Version 0

Status affected

VendorSiemens

≫

Product SIMATIC NET PC Software V18

Default Statusunknown

Version < V18 SP1

Version 0

Status affected

VendorSiemens

≫

Product SIMATIC NET PC Software V19

Default Statusunknown

Version < V19 Update 2

Version 0

Status affected

VendorSiemens

≫

Product SIMATIC PCS 7 V9.1

Default Statusunknown

Version < V9.1 SP2 UC05

Version 0

Status affected

VendorSiemens

≫

Product SIMATIC PDM V9.2

Default Statusunknown

Version < V9.2 SP2 Upd3

Version 0

Status affected

VendorSiemens

≫

Product SIMATIC Route Control V9.1

Default Statusunknown

Version < V9.1 SP2 Upd3

Version 0

Status affected

VendorSiemens

≫

Product SIMATIC S7-PCT

Default Statusunknown

Version < V3.5 SP3 Update 6

Version 0

Status affected

VendorSiemens

≫

Product SIMATIC STEP 7 V5

Default Statusunknown

Version < V5.7 SP3

Version 0

Status affected

VendorSiemens

≫

Product SIMATIC WinCC OA V3.17

Default Statusunknown

Version < *

Version 0

Status affected

VendorSiemens

≫

Product SIMATIC WinCC OA V3.18

Default Statusunknown

Version < V3.18 P025

Version 0

Status affected

VendorSiemens

≫

Product SIMATIC WinCC OA V3.19

Default Statusunknown

Version < V3.19 P010

Version 0

Status affected

VendorSiemens

≫

Product SIMATIC WinCC Runtime Advanced

Default Statusunknown

Version < V17 Update 8

Version 0

Status affected

VendorSiemens

≫

Product SIMATIC WinCC Runtime Professional V16

Default Statusunknown

Version < V16 Update 6

Version 0

Status affected

VendorSiemens

≫

Product SIMATIC WinCC Runtime Professional V17

Default Statusunknown

Version < V17 Update 8

Version 0

Status affected

VendorSiemens

≫

Product SIMATIC WinCC Runtime Professional V18

Default Statusunknown

Version < V18 Update 4

Version 0

Status affected

VendorSiemens

≫

Product SIMATIC WinCC Runtime Professional V19

Default Statusunknown

Version < V19 Update 2

Version 0

Status affected

VendorSiemens

≫

Product SIMATIC WinCC V7.4

Default Statusunknown

Version < *

Version 0

Status affected

VendorSiemens

≫

Product SIMATIC WinCC V7.5

Default Statusunknown

Version < V7.5 SP2 Update 17

Version 0

Status affected

VendorSiemens

≫

Product SIMATIC WinCC V8.0

Default Statusunknown

Version < V8.0 Update 5

Version 0

Status affected

VendorSiemens

≫

Product SINAMICS Startdrive

Default Statusunknown

Version < V19 SP1

Version 0

Status affected

VendorSiemens

≫

Product SINEC NMS

Default Statusunknown

Version < V3.0

Version 0

Status affected

VendorSiemens

≫

Product SINEC NMS

Default Statusunknown

Version < V3.0 SP1

Version 0

Status affected

VendorSiemens

≫

Product SINUMERIK ONE virtual

Default Statusunknown

Version < V6.23

Version 0

Status affected

VendorSiemens

≫

Product SINUMERIK PLC Programming Tool

Default Statusunknown

Version < V3.3.12

Version 0

Status affected

VendorSiemens

≫

Product TIA Portal Cloud Connector

Default Statusunknown

Version < V2.0

Version 0

Status affected

VendorSiemens

≫

Product Totally Integrated Automation Portal (TIA Portal) V15.1

Default Statusunknown

Version < *

Version 0

Status affected

VendorSiemens

≫

Product Totally Integrated Automation Portal (TIA Portal) V16

Default Statusunknown

Version < *

Version 0

Status affected

VendorSiemens

≫

Product Totally Integrated Automation Portal (TIA Portal) V17

Default Statusunknown

Version < V17 Update 8

Version 0

Status affected

VendorSiemens

≫

Product Totally Integrated Automation Portal (TIA Portal) V18

Default Statusunknown

Version < V18 Update 4

Version 0

Status affected

VendorSiemens

≫

Product Totally Integrated Automation Portal (TIA Portal) V19

Default Statusunknown

Version < V19 Update 2

Version 0

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.11

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
productcert@siemens.com	8.2	0	0	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
productcert@siemens.com	6.5	2	4	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://cert-portal.siemens.com/productcert/html/ssa-331112.html

https://cert-portal.siemens.com/productcert/html/ssa-784301.html

https://cert-portal.siemens.com/productcert/html/ssa-962515.html

https://nvd.nist.gov/vuln/detail/CVE-2023-46280

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-46280

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-46280

EUVD