Vulnerabilites related to Siemens - SIMATIC NET PC Software V19
cve-2023-46280
Vulnerability from cvelistv5
Published
2024-05-14 10:01
Modified
2024-12-10 13:53
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in Security Configuration Tool (SCT) (All versions), SIMATIC Automation Tool (All versions < V5.0 SP2), SIMATIC BATCH V9.1 (All versions < V9.1 SP2 Upd5), SIMATIC NET PC Software V16 (All versions < V16 Update 8), SIMATIC NET PC Software V17 (All versions), SIMATIC NET PC Software V18 (All versions < V18 SP1), SIMATIC NET PC Software V19 (All versions < V19 Update 2), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC PDM V9.2 (All versions < V9.2 SP2 Upd3), SIMATIC Route Control V9.1 (All versions < V9.1 SP2 Upd3), SIMATIC S7-PCT (All versions < V3.5 SP3 Update 6), SIMATIC STEP 7 V5 (All versions < V5.7 SP3), SIMATIC WinCC OA V3.17 (All versions), SIMATIC WinCC OA V3.18 (All versions < V3.18 P025), SIMATIC WinCC OA V3.19 (All versions < V3.19 P010), SIMATIC WinCC Runtime Advanced (All versions < V17 Update 8), SIMATIC WinCC Runtime Professional V16 (All versions < V16 Update 6), SIMATIC WinCC Runtime Professional V17 (All versions < V17 Update 8), SIMATIC WinCC Runtime Professional V18 (All versions < V18 Update 4), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 2), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 17), SIMATIC WinCC V8.0 (All versions < V8.0 Update 5), SINAMICS Startdrive (All versions < V19 SP1), SINEC NMS (All versions < V3.0), SINEC NMS (All versions < V3.0 SP1), SINUMERIK ONE virtual (All versions < V6.23), SINUMERIK PLC Programming Tool (All versions < V3.3.12), TIA Portal Cloud Connector (All versions < V2.0), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 4), Totally Integrated Automation Portal (TIA Portal) V19 (All versions < V19 Update 2). The affected applications contain an out of bounds read vulnerability. This could allow an attacker to cause a Blue Screen of Death (BSOD) crash of the underlying Windows kernel.
References
Impacted products
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2023-46280", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-29T14:20:28.448026Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:22:08.819Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T20:37:40.324Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/html/ssa-962515.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Security Configuration Tool (SCT)", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC Automation Tool", vendor: "Siemens", versions: [ { lessThan: "V5.0 SP2", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC BATCH V9.1", vendor: "Siemens", versions: [ { lessThan: "V9.1 SP2 Upd5", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC NET PC Software V16", vendor: "Siemens", versions: [ { lessThan: "V16 Update 8", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC NET PC Software V17", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC NET PC Software V18", vendor: "Siemens", versions: [ { lessThan: "V18 SP1", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC NET PC Software V19", vendor: "Siemens", versions: [ { lessThan: "V19 Update 2", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC PCS 7 V9.1", vendor: "Siemens", versions: [ { lessThan: "V9.1 SP2 UC05", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC PDM V9.2", vendor: "Siemens", versions: [ { lessThan: "V9.2 SP2 Upd3", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC Route Control V9.1", vendor: "Siemens", versions: [ { lessThan: "V9.1 SP2 Upd3", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC S7-PCT", vendor: "Siemens", versions: [ { lessThan: "V3.5 SP3 Update 6", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC STEP 7 V5", vendor: "Siemens", versions: [ { lessThan: "V5.7 SP3", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC WinCC OA V3.17", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC WinCC OA V3.18", vendor: "Siemens", versions: [ { lessThan: "V3.18 P025", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC WinCC OA V3.19", vendor: "Siemens", versions: [ { lessThan: "V3.19 P010", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC WinCC Runtime Advanced", vendor: "Siemens", versions: [ { lessThan: "V17 Update 8", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC WinCC Runtime Professional V16", vendor: "Siemens", versions: [ { lessThan: "V16 Update 6", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC WinCC Runtime Professional V17", vendor: "Siemens", versions: [ { lessThan: "V17 Update 8", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC WinCC Runtime Professional V18", vendor: "Siemens", versions: [ { lessThan: "V18 Update 4", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC WinCC Runtime Professional V19", vendor: "Siemens", versions: [ { lessThan: "V19 Update 2", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC WinCC V7.4", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC WinCC V7.5", vendor: "Siemens", versions: [ { lessThan: "V7.5 SP2 Update 17", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC WinCC V8.0", vendor: "Siemens", versions: [ { lessThan: "V8.0 Update 5", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SINAMICS Startdrive", vendor: "Siemens", versions: [ { lessThan: "V19 SP1", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SINEC NMS", vendor: "Siemens", versions: [ { lessThan: "V3.0", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SINEC NMS", vendor: "Siemens", versions: [ { lessThan: "V3.0 SP1", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SINUMERIK ONE virtual", vendor: "Siemens", versions: [ { lessThan: "V6.23", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SINUMERIK PLC Programming Tool", vendor: "Siemens", versions: [ { lessThan: "V3.3.12", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "TIA Portal Cloud Connector", vendor: "Siemens", versions: [ { lessThan: "V2.0", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Totally Integrated Automation Portal (TIA Portal) V15.1", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Totally Integrated Automation Portal (TIA Portal) V16", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Totally Integrated Automation Portal (TIA Portal) V17", vendor: "Siemens", versions: [ { lessThan: "V17 Update 8", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Totally Integrated Automation Portal (TIA Portal) V18", vendor: "Siemens", versions: [ { lessThan: "V18 Update 4", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Totally Integrated Automation Portal (TIA Portal) V19", vendor: "Siemens", versions: [ { lessThan: "V19 Update 2", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Security Configuration Tool (SCT) (All versions), SIMATIC Automation Tool (All versions < V5.0 SP2), SIMATIC BATCH V9.1 (All versions < V9.1 SP2 Upd5), SIMATIC NET PC Software V16 (All versions < V16 Update 8), SIMATIC NET PC Software V17 (All versions), SIMATIC NET PC Software V18 (All versions < V18 SP1), SIMATIC NET PC Software V19 (All versions < V19 Update 2), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC PDM V9.2 (All versions < V9.2 SP2 Upd3), SIMATIC Route Control V9.1 (All versions < V9.1 SP2 Upd3), SIMATIC S7-PCT (All versions < V3.5 SP3 Update 6), SIMATIC STEP 7 V5 (All versions < V5.7 SP3), SIMATIC WinCC OA V3.17 (All versions), SIMATIC WinCC OA V3.18 (All versions < V3.18 P025), SIMATIC WinCC OA V3.19 (All versions < V3.19 P010), SIMATIC WinCC Runtime Advanced (All versions < V17 Update 8), SIMATIC WinCC Runtime Professional V16 (All versions < V16 Update 6), SIMATIC WinCC Runtime Professional V17 (All versions < V17 Update 8), SIMATIC WinCC Runtime Professional V18 (All versions < V18 Update 4), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 2), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 17), SIMATIC WinCC V8.0 (All versions < V8.0 Update 5), SINAMICS Startdrive (All versions < V19 SP1), SINEC NMS (All versions < V3.0), SINEC NMS (All versions < V3.0 SP1), SINUMERIK ONE virtual (All versions < V6.23), SINUMERIK PLC Programming Tool (All versions < V3.3.12), TIA Portal Cloud Connector (All versions < V2.0), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 4), Totally Integrated Automation Portal (TIA Portal) V19 (All versions < V19 Update 2). The affected applications contain an out of bounds read vulnerability. This could allow an attacker to cause a Blue Screen of Death (BSOD) crash of the underlying Windows kernel.", }, ], metrics: [ { cvssV3_1: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, { cvssV4_0: { baseScore: 8.2, baseSeverity: "HIGH", vectorString: "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125: Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-10T13:53:28.579Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-962515.html", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-784301.html", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-331112.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-46280", datePublished: "2024-05-14T10:01:52.069Z", dateReserved: "2023-10-20T08:02:52.794Z", dateUpdated: "2024-12-10T13:53:28.579Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }