5.3

CVE-2023-52891

A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.5), SIMATIC Energy Manager PRO (All versions < V7.5), SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions), SIMIT V10 (All versions), SIMIT V11 (All versions < V11.1). Unified Automation .NET based OPC UA Server SDK before 3.2.2 used in Siemens products are affected by a similar vulnerability as documented in CVE-2023-27321 for the OPC Foundation UA .NET Standard implementation. A successful attack may lead to high load situation and memory exhaustion, and may block the server.
Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
Herstellersiemens
Produkt simatic_energy_manager_basic
Default Statusunknown
Version 0
Version < V7.5
Status affected
Herstellersiemens
Produkt simatic_energy_manager_pro
Default Statusunknown
Version 0
Version < V7.5
Status affected
Herstellersiemens
Produkt simatic_ipc_diagbase
Default Statusunknown
Version <= *
Version 0
Status affected
Herstellersiemens
Produkt simatic_ipc_diagmonitor
Default Statusunknown
Version <= *
Version 0
Status affected
Herstellersiemens
Produkt simit_v10
Default Statusunknown
Version <= *
Version 0
Status affected
Herstellersiemens
Produkt simit_v11
Default Statusunknown
Version 0
Version < V11.1
Status affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.12% 0.311
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
productcert@siemens.com 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CWE-1325 Improperly Controlled Sequential Memory Allocation

The product manages a group of objects or resources and performs a separate memory allocation for each object, but it does not properly limit the total amount of memory that is consumed by all of the combined objects.