All the vulnerabilites related to Siemens - SIMATIC S7-PM
cve-2023-25910
Vulnerability from cvelistv5
Published
2023-06-13 08:17
Modified
2024-08-02 11:32
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SIMATIC PCS 7 (All versions < V9.1 SP2 UC04), SIMATIC S7-PM (All versions < V5.7 SP1 HF1), SIMATIC S7-PM (All versions < V5.7 SP2 HF1), SIMATIC STEP 7 V5 (All versions < V5.7). The affected product contains a database management system that could allow remote users with low privileges to use embedded functions of the database (local or in a network share) that have impact on the server.
An attacker with network access to the server network could leverage these embedded functions to run code with elevated privileges in the database management system's server.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T11:32:12.730Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-968170.pdf" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-968170.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "SIMATIC PCS 7", "vendor": "Siemens", "versions": [ { "lessThan": "V9.1 SP2 UC04", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC S7-PM", "vendor": "Siemens", "versions": [ { "lessThan": "V5.7 SP1 HF1", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC S7-PM", "vendor": "Siemens", "versions": [ { "lessThan": "V5.7 SP2 HF1", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC STEP 7 V5", "vendor": "Siemens", "versions": [ { "lessThan": "V5.7", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in SIMATIC PCS 7 (All versions \u003c V9.1 SP2 UC04), SIMATIC S7-PM (All versions \u003c V5.7 SP1 HF1), SIMATIC S7-PM (All versions \u003c V5.7 SP2 HF1), SIMATIC STEP 7 V5 (All versions \u003c V5.7). The affected product contains a database management system that could allow remote users with low privileges to use embedded functions of the database (local or in a network share) that have impact on the server.\r\n\r\nAn attacker with network access to the server network could leverage these embedded functions to run code with elevated privileges in the database management system\u0027s server." } ], "metrics": [ { "cvssV3_1": { "baseScore": 10, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:T/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-94", "description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-05-15T07:23:34.211Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-968170.pdf" }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-968170.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-25910", "datePublished": "2023-06-13T08:17:04.612Z", "dateReserved": "2023-02-16T11:12:33.500Z", "dateUpdated": "2024-08-02T11:32:12.730Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
var-202306-1109
Vulnerability from variot
A vulnerability has been identified in SIMATIC PCS 7 (All versions < V9.1 SP2 UC04), SIMATIC S7-PM (All versions < V5.7 SP1 HF1), SIMATIC S7-PM (All versions < V5.7 SP2 HF1), SIMATIC STEP 7 V5 (All versions < V5.7). The affected product contains a database management system that could allow remote users with low privileges to use embedded functions of the database (local or in a network share) that have impact on the server.
An attacker with network access to the server network could leverage these embedded functions to run code with elevated privileges in the database management system's server
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202306-1109", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "simatic pcs 7", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic s7-pm", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic step 7", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "5.7" } ], "sources": [ { "db": "NVD", "id": "CVE-2023-25910" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:simatic_pcs_7:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:simatic_s7-pm:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:simatic_step_7:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "5.7", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2023-25910" } ] }, "cve": "CVE-2023-25910", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "productcert@siemens.com", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 6.0, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" } ], "severity": [ { "author": "NVD", "id": "CVE-2023-25910", "trust": 1.0, "value": "HIGH" }, { "author": "productcert@siemens.com", "id": "CVE-2023-25910", "trust": 1.0, "value": "CRITICAL" }, { "author": "CNNVD", "id": "CNNVD-202306-934", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202306-934" }, { "db": "NVD", "id": "CVE-2023-25910" }, { "db": "NVD", "id": "CVE-2023-25910" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in SIMATIC PCS 7 (All versions \u003c V9.1 SP2 UC04), SIMATIC S7-PM (All versions \u003c V5.7 SP1 HF1), SIMATIC S7-PM (All versions \u003c V5.7 SP2 HF1), SIMATIC STEP 7 V5 (All versions \u003c V5.7). The affected product contains a database management system that could allow remote users with low privileges to use embedded functions of the database (local or in a network share) that have impact on the server. \r\n\r\nAn attacker with network access to the server network could leverage these embedded functions to run code with elevated privileges in the database management system\u0027s server", "sources": [ { "db": "NVD", "id": "CVE-2023-25910" }, { "db": "VULMON", "id": "CVE-2023-25910" } ], "trust": 0.99 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "SIEMENS", "id": "SSA-968170", "trust": 1.7 }, { "db": "NVD", "id": "CVE-2023-25910", "trust": 1.7 }, { "db": "CNNVD", "id": "CNNVD-202306-934", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2023-25910", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2023-25910" }, { "db": "CNNVD", "id": "CNNVD-202306-934" }, { "db": "NVD", "id": "CVE-2023-25910" } ] }, "id": "VAR-202306-1109", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.6076923 }, "last_update_date": "2024-05-14T22:57:37.290000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Siemens SIMATIC PCS 7 Fixes for code injection vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=242374" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202306-934" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-94", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2023-25910" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-968170.pdf" }, { "trust": 1.0, "url": "https://cert-portal.siemens.com/productcert/html/ssa-968170.html" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2023-25910/" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "VULMON", "id": "CVE-2023-25910" }, { "db": "CNNVD", "id": "CNNVD-202306-934" }, { "db": "NVD", "id": "CVE-2023-25910" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2023-25910" }, { "db": "CNNVD", "id": "CNNVD-202306-934" }, { "db": "NVD", "id": "CVE-2023-25910" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-06-13T00:00:00", "db": "VULMON", "id": "CVE-2023-25910" }, { "date": "2023-06-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202306-934" }, { "date": "2023-06-13T09:15:16.280000", "db": "NVD", "id": "CVE-2023-25910" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-06-13T00:00:00", "db": "VULMON", "id": "CVE-2023-25910" }, { "date": "2023-06-21T00:00:00", "db": "CNNVD", "id": "CNNVD-202306-934" }, { "date": "2024-05-14T16:15:28.993000", "db": "NVD", "id": "CVE-2023-25910" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202306-934" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens SIMATIC PCS 7 Code injection vulnerability", "sources": [ { "db": "CNNVD", "id": "CNNVD-202306-934" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "code injection", "sources": [ { "db": "CNNVD", "id": "CNNVD-202306-934" } ], "trust": 0.6 } }