CVE-2023-52891

EPSS 0.12%
Veröffentlicht 09.07.2024 12:15:11
Zuletzt bearbeitet 21.11.2024 08:40:48
Quelle productcert@siemens.com
Teams Watchlist Login
Unerledigt Login

A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.5), SIMATIC Energy Manager PRO (All versions < V7.5), SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions), SIMIT V10 (All versions), SIMIT V11 (All versions < V11.1). Unified Automation .NET based OPC UA Server SDK before 3.2.2 used in Siemens products are affected by a similar vulnerability as documented in CVE-2023-27321 for the OPC Foundation UA .NET Standard implementation. A successful attack may lead to high load situation and memory exhaustion, and may block the server.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)

Herstellersiemens

≫

Produkt simatic_energy_manager_basic

Default Statusunknown

Version < V7.5

Version 0

Status affected

Herstellersiemens

≫

Produkt simatic_energy_manager_pro

Default Statusunknown

Version < V7.5

Version 0

Status affected

Herstellersiemens

≫

Produkt simatic_ipc_diagbase

Default Statusunknown

Version <= *

Version 0

Status affected

Herstellersiemens

≫

Produkt simatic_ipc_diagmonitor

Default Statusunknown

Version <= *

Version 0

Status affected

Herstellersiemens

≫

Produkt simit_v10

Default Statusunknown

Version <= *

Version 0

Status affected

Herstellersiemens

≫

Produkt simit_v11

Default Statusunknown

Version < V11.1

Version 0

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.12%	0.311

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
productcert@siemens.com	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-1325 Improperly Controlled Sequential Memory Allocation

The product manages a group of objects or resources and performs a separate memory allocation for each object, but it does not properly limit the total amount of memory that is consumed by all of the combined objects.

https://cert-portal.siemens.com/productcert/html/ssa-088132.html

https://nvd.nist.gov/vuln/detail/CVE-2023-52891

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-52891

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-52891

EUVD