CNVD-2023-97276

Vulnerability from cnvd - Published: 2023-12-15
VLAI Severity ?
Title
Siemens User Management Component (UMC)经典缓冲区溢出漏洞
Description
Opcenter Quality是一种质量管理体系(QMS),使组织能够通过提高流程稳定性来保障合规性、优化质量、降低缺陷和返工成本并实现卓越运营。SIMATIC PCS neo是一种分布式控制系统(DCS)。SINUMERIK集成产品套件有助于在生产环境的IT中实现机床的简单联网。Totally Integrated Automation Portal (TIA Portal)是一款PC软件,可提供西门子数字化自动化服务的完整范围,从数字规划、集成工程到透明操作。User Management Component (UMC) 是一个集成组件,可实现对用户的全系统集中维护。 Siemens User Management Component (UMC)存在经典缓冲区溢出漏洞,当处理端口4002/tcp上的特定请求时,受影响的应用程序包含超过已分配缓冲区末尾的越界写入。攻击者可利用该漏洞使应用程序崩溃。相应的服务在崩溃后自动重新启动。
Severity
Patch Name
Siemens User Management Component (UMC)经典缓冲区溢出漏洞的补丁
Patch Description
Opcenter Quality是一种质量管理体系(QMS),使组织能够通过提高流程稳定性来保障合规性、优化质量、降低缺陷和返工成本并实现卓越运营。SIMATIC PCS neo是一种分布式控制系统(DCS)。SINUMERIK集成产品套件有助于在生产环境的IT中实现机床的简单联网。Totally Integrated Automation Portal (TIA Portal)是一款PC软件,可提供西门子数字化自动化服务的完整范围,从数字规划、集成工程到透明操作。User Management Component (UMC) 是一个集成组件,可实现对用户的全系统集中维护。 Siemens User Management Component (UMC)存在经典缓冲区溢出漏洞,当处理端口4002/tcp上的特定请求时,受影响的应用程序包含超过已分配缓冲区末尾的越界写入。攻击者可利用该漏洞使应用程序崩溃。相应的服务在崩溃后自动重新启动。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description

用户可参考如下供应商提供的安全公告获得补丁信息: https://cert-portal.siemens.com/productcert/html/ssa-999588.html

Reference
https://cert-portal.siemens.com/productcert/html/ssa-999588.html
Impacted products
Name
['Siemens Totally Integrated Automation Portal (TIA Portal) V16', 'Siemens Totally Integrated Automation Portal (TIA Portal) V17', 'Siemens Totally Integrated Automation Portal (TIA Portal) V14', 'Siemens Totally Integrated Automation Portal (TIA Portal) V15.1', 'Siemens SIMATIC PCS neo <4.1', 'Siemens Opcenter Quality', 'Siemens SINUMERIK Integrate RunMyHMI /Automotive', 'Siemens Totally Integrated Automation Portal (TIA Portal) V18 < V18 Update 3']
Show details on source website
To clipboard 

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2023-46283"
    }
  },
  "description": "Opcenter Quality\u662f\u4e00\u79cd\u8d28\u91cf\u7ba1\u7406\u4f53\u7cfb\uff08QMS\uff09\uff0c\u4f7f\u7ec4\u7ec7\u80fd\u591f\u901a\u8fc7\u63d0\u9ad8\u6d41\u7a0b\u7a33\u5b9a\u6027\u6765\u4fdd\u969c\u5408\u89c4\u6027\u3001\u4f18\u5316\u8d28\u91cf\u3001\u964d\u4f4e\u7f3a\u9677\u548c\u8fd4\u5de5\u6210\u672c\u5e76\u5b9e\u73b0\u5353\u8d8a\u8fd0\u8425\u3002SIMATIC PCS neo\u662f\u4e00\u79cd\u5206\u5e03\u5f0f\u63a7\u5236\u7cfb\u7edf\uff08DCS\uff09\u3002SINUMERIK\u96c6\u6210\u4ea7\u54c1\u5957\u4ef6\u6709\u52a9\u4e8e\u5728\u751f\u4ea7\u73af\u5883\u7684IT\u4e2d\u5b9e\u73b0\u673a\u5e8a\u7684\u7b80\u5355\u8054\u7f51\u3002Totally Integrated Automation Portal (TIA Portal)\u662f\u4e00\u6b3ePC\u8f6f\u4ef6\uff0c\u53ef\u63d0\u4f9b\u897f\u95e8\u5b50\u6570\u5b57\u5316\u81ea\u52a8\u5316\u670d\u52a1\u7684\u5b8c\u6574\u8303\u56f4\uff0c\u4ece\u6570\u5b57\u89c4\u5212\u3001\u96c6\u6210\u5de5\u7a0b\u5230\u900f\u660e\u64cd\u4f5c\u3002User Management Component (UMC) \u662f\u4e00\u4e2a\u96c6\u6210\u7ec4\u4ef6\uff0c\u53ef\u5b9e\u73b0\u5bf9\u7528\u6237\u7684\u5168\u7cfb\u7edf\u96c6\u4e2d\u7ef4\u62a4\u3002\n\nSiemens User Management Component (UMC)\u5b58\u5728\u7ecf\u5178\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u5f53\u5904\u7406\u7aef\u53e34002/tcp\u4e0a\u7684\u7279\u5b9a\u8bf7\u6c42\u65f6\uff0c\u53d7\u5f71\u54cd\u7684\u5e94\u7528\u7a0b\u5e8f\u5305\u542b\u8d85\u8fc7\u5df2\u5206\u914d\u7f13\u51b2\u533a\u672b\u5c3e\u7684\u8d8a\u754c\u5199\u5165\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4f7f\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u3002\u76f8\u5e94\u7684\u670d\u52a1\u5728\u5d29\u6e83\u540e\u81ea\u52a8\u91cd\u65b0\u542f\u52a8\u3002",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://cert-portal.siemens.com/productcert/html/ssa-999588.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2023-97276",
  "openTime": "2023-12-15",
  "patchDescription": "Opcenter Quality\u662f\u4e00\u79cd\u8d28\u91cf\u7ba1\u7406\u4f53\u7cfb\uff08QMS\uff09\uff0c\u4f7f\u7ec4\u7ec7\u80fd\u591f\u901a\u8fc7\u63d0\u9ad8\u6d41\u7a0b\u7a33\u5b9a\u6027\u6765\u4fdd\u969c\u5408\u89c4\u6027\u3001\u4f18\u5316\u8d28\u91cf\u3001\u964d\u4f4e\u7f3a\u9677\u548c\u8fd4\u5de5\u6210\u672c\u5e76\u5b9e\u73b0\u5353\u8d8a\u8fd0\u8425\u3002SIMATIC PCS neo\u662f\u4e00\u79cd\u5206\u5e03\u5f0f\u63a7\u5236\u7cfb\u7edf\uff08DCS\uff09\u3002SINUMERIK\u96c6\u6210\u4ea7\u54c1\u5957\u4ef6\u6709\u52a9\u4e8e\u5728\u751f\u4ea7\u73af\u5883\u7684IT\u4e2d\u5b9e\u73b0\u673a\u5e8a\u7684\u7b80\u5355\u8054\u7f51\u3002Totally Integrated Automation Portal (TIA Portal)\u662f\u4e00\u6b3ePC\u8f6f\u4ef6\uff0c\u53ef\u63d0\u4f9b\u897f\u95e8\u5b50\u6570\u5b57\u5316\u81ea\u52a8\u5316\u670d\u52a1\u7684\u5b8c\u6574\u8303\u56f4\uff0c\u4ece\u6570\u5b57\u89c4\u5212\u3001\u96c6\u6210\u5de5\u7a0b\u5230\u900f\u660e\u64cd\u4f5c\u3002User Management Component (UMC) \u662f\u4e00\u4e2a\u96c6\u6210\u7ec4\u4ef6\uff0c\u53ef\u5b9e\u73b0\u5bf9\u7528\u6237\u7684\u5168\u7cfb\u7edf\u96c6\u4e2d\u7ef4\u62a4\u3002\r\n\r\nSiemens User Management Component (UMC)\u5b58\u5728\u7ecf\u5178\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u5f53\u5904\u7406\u7aef\u53e34002/tcp\u4e0a\u7684\u7279\u5b9a\u8bf7\u6c42\u65f6\uff0c\u53d7\u5f71\u54cd\u7684\u5e94\u7528\u7a0b\u5e8f\u5305\u542b\u8d85\u8fc7\u5df2\u5206\u914d\u7f13\u51b2\u533a\u672b\u5c3e\u7684\u8d8a\u754c\u5199\u5165\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4f7f\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u3002\u76f8\u5e94\u7684\u670d\u52a1\u5728\u5d29\u6e83\u540e\u81ea\u52a8\u91cd\u65b0\u542f\u52a8\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Siemens User Management Component (UMC)\u7ecf\u5178\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Siemens Totally Integrated Automation Portal (TIA Portal) V16",
      "Siemens Totally Integrated Automation Portal (TIA Portal) V17",
      "Siemens Totally Integrated Automation Portal (TIA Portal) V14",
      "Siemens Totally Integrated Automation Portal (TIA Portal) V15.1",
      "Siemens SIMATIC PCS neo \u003c4.1",
      "Siemens Opcenter Quality",
      "Siemens SINUMERIK Integrate RunMyHMI /Automotive",
      "Siemens Totally Integrated Automation Portal (TIA Portal) V18 \u003c V18 Update 3"
    ]
  },
  "referenceLink": "https://cert-portal.siemens.com/productcert/html/ssa-999588.html",
  "serverity": "\u9ad8",
  "submitTime": "2023-12-13",
  "title": "Siemens User Management Component (UMC)\u7ecf\u5178\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.