CVE-2023-46283

EPSS 0.22%
Veröffentlicht 12.12.2023 12:15:14
Zuletzt bearbeitet 21.11.2024 08:28:13
Quelle productcert@siemens.com
Teams Watchlist Login
Unerledigt Login

A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer when handling specific requests on port 4002/tcp. This could allow an attacker to crash the application. The corresponding service is auto-restarted after the crash.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Siemens ≫ Opcenter Quality Version-

Siemens ≫ Simatic Pcs Neo Version < 4.1

Siemens ≫ Sinumerik Integrate Runmyhmi /automotive Version-

Siemens ≫ Totally Integrated Automation Portal Version >= 14.0 < 15

Siemens ≫ Totally Integrated Automation Portal Version >= 15 < 16

Siemens ≫ Totally Integrated Automation Portal Version >= 16 < 17

Siemens ≫ Totally Integrated Automation Portal Version >= 17 < 18

Siemens ≫ Totally Integrated Automation Portal Version-

Siemens ≫ Totally Integrated Automation Portal Version18

Siemens ≫ Totally Integrated Automation Portal Version18 Updateupdate_1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.22%	0.443

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
productcert@siemens.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

https://cert-portal.siemens.com/productcert/html/ssa-999588.html

https://cert-portal.siemens.com/productcert/pdf/ssa-999588.pdf

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-46283

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-46283

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-46283

EUVD