5.3

CVE-2023-52891

A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.5), SIMATIC Energy Manager PRO (All versions < V7.5), SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions), SIMIT V10 (All versions), SIMIT V11 (All versions < V11.1). Unified Automation .NET based OPC UA Server SDK before 3.2.2 used in Siemens products are affected by a similar vulnerability as documented in CVE-2023-27321 for the OPC Foundation UA .NET Standard implementation. A successful attack may lead to high load situation and memory exhaustion, and may block the server.

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users.
Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
Vendorsiemens
Product simatic_energy_manager_basic
Default Statusunknown
Version < V7.5
Version 0
Status affected
Vendorsiemens
Product simatic_energy_manager_pro
Default Statusunknown
Version < V7.5
Version 0
Status affected
Vendorsiemens
Product simatic_ipc_diagbase
Default Statusunknown
Version <= *
Version 0
Status affected
Vendorsiemens
Product simatic_ipc_diagmonitor
Default Statusunknown
Version <= *
Version 0
Status affected
Vendorsiemens
Product simit_v10
Default Statusunknown
Version <= *
Version 0
Status affected
Vendorsiemens
Product simit_v11
Default Statusunknown
Version < V11.1
Version 0
Status affected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.12% 0.311
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
productcert@siemens.com 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CWE-1325 Improperly Controlled Sequential Memory Allocation

The product manages a group of objects or resources and performs a separate memory allocation for each object, but it does not properly limit the total amount of memory that is consumed by all of the combined objects.