cnvd - cnvd-2024-09315

CNVD-2024-09315

Vulnerability from cnvd - Published: 2024-02-23

Title

多款Siemens产品空指针解引用漏洞

Description

SIMATIC PCS 7是一个集散控制系统(DCS)，集成了SIMATIC WinCC、SIMATIC Batch、SIMATIC Route control、OpenPCS 7等组件。SIMATIC WinCC是一个监控和数据采集(SCADA)系统。SIMATIC WinCC Runtime Professional是一个可视化运行时平台，用于操作员控制和监视机器和工厂。多款Siemens产品存在空指针解引用漏洞，攻击者可利用该漏洞在RPC服务器中导致拒绝服务状态。

Severity

中

Patch Name

多款Siemens产品空指针解引用漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://cert-portal.siemens.com/productcert/html/ssa-753746.html

Reference

https://cert-portal.siemens.com/productcert/html/ssa-753746.html

Impacted products

Name
['SIEMENS SIMATIC WinCC V7.4', 'SIEMENS SIMATIC PCS 7 V9.1', 'Siemens OpenPCS 7 9.1', 'Siemens SIMATIC BATCH 9.1', 'Siemens SIMATIC Route Control 9.1', 'Siemens SIMATIC WinCC Runtime Professional V18', 'Siemens SIMATIC WinCC Runtime Professional V19', 'Siemens SIMATIC WinCC <7.5 SP2 Update 15', 'Siemens SIMATIC WinCC <8.0 SP4']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2023-48363"
    }
  },
  "description": "SIMATIC PCS 7\u662f\u4e00\u4e2a\u96c6\u6563\u63a7\u5236\u7cfb\u7edf(DCS)\uff0c\u96c6\u6210\u4e86SIMATIC WinCC\u3001SIMATIC Batch\u3001SIMATIC Route control\u3001OpenPCS 7\u7b49\u7ec4\u4ef6\u3002SIMATIC WinCC\u662f\u4e00\u4e2a\u76d1\u63a7\u548c\u6570\u636e\u91c7\u96c6(SCADA)\u7cfb\u7edf\u3002SIMATIC WinCC Runtime Professional\u662f\u4e00\u4e2a\u53ef\u89c6\u5316\u8fd0\u884c\u65f6\u5e73\u53f0\uff0c\u7528\u4e8e\u64cd\u4f5c\u5458\u63a7\u5236\u548c\u76d1\u89c6\u673a\u5668\u548c\u5de5\u5382\u3002\n\n\u591a\u6b3eSiemens\u4ea7\u54c1\u5b58\u5728\u7a7a\u6307\u9488\u89e3\u5f15\u7528\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728RPC\u670d\u52a1\u5668\u4e2d\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u72b6\u6001\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://cert-portal.siemens.com/productcert/html/ssa-753746.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2024-09315",
  "openTime": "2024-02-23",
  "patchDescription": "SIMATIC PCS 7\u662f\u4e00\u4e2a\u96c6\u6563\u63a7\u5236\u7cfb\u7edf(DCS)\uff0c\u96c6\u6210\u4e86SIMATIC WinCC\u3001SIMATIC Batch\u3001SIMATIC Route control\u3001OpenPCS 7\u7b49\u7ec4\u4ef6\u3002SIMATIC WinCC\u662f\u4e00\u4e2a\u76d1\u63a7\u548c\u6570\u636e\u91c7\u96c6(SCADA)\u7cfb\u7edf\u3002SIMATIC WinCC Runtime Professional\u662f\u4e00\u4e2a\u53ef\u89c6\u5316\u8fd0\u884c\u65f6\u5e73\u53f0\uff0c\u7528\u4e8e\u64cd\u4f5c\u5458\u63a7\u5236\u548c\u76d1\u89c6\u673a\u5668\u548c\u5de5\u5382\u3002\r\n\r\n\u591a\u6b3eSiemens\u4ea7\u54c1\u5b58\u5728\u7a7a\u6307\u9488\u89e3\u5f15\u7528\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728RPC\u670d\u52a1\u5668\u4e2d\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u72b6\u6001\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eSiemens\u4ea7\u54c1\u7a7a\u6307\u9488\u89e3\u5f15\u7528\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "SIEMENS SIMATIC WinCC V7.4",
      "SIEMENS SIMATIC PCS 7 V9.1",
      "Siemens OpenPCS 7 9.1",
      "Siemens SIMATIC BATCH 9.1",
      "Siemens SIMATIC Route Control 9.1",
      "Siemens SIMATIC WinCC Runtime Professional V18",
      "Siemens SIMATIC WinCC Runtime Professional V19",
      "Siemens SIMATIC WinCC \u003c7.5 SP2 Update 15",
      "Siemens SIMATIC WinCC \u003c8.0 SP4"
    ]
  },
  "referenceLink": "https://cert-portal.siemens.com/productcert/html/ssa-753746.html",
  "serverity": "\u4e2d",
  "submitTime": "2024-02-21",
  "title": "\u591a\u6b3eSiemens\u4ea7\u54c1\u7a7a\u6307\u9488\u89e3\u5f15\u7528\u6f0f\u6d1e"
}

CVE-2023-48363 (GCVE-0-2023-48363)

Vulnerability from cvelistv5 – Published: 2024-02-13 08:59 – Updated: 2024-09-10 09:36

Summary

A vulnerability has been identified in OpenPCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC BATCH V9.1 (All versions < V9.1 SP2 UC05), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC Route Control V9.1 (All versions < V9.1 SP2 UC05), SIMATIC WinCC Runtime Professional V18 (All versions < V18 Update 4), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 2), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 15), SIMATIC WinCC V8.0 (All versions < V8.0 Update 4). The implementation of the RPC (Remote Procedure call) communication protocol in the affected products do not properly handle certain unorganized RPC messages. An attacker could use this vulnerability to cause a denial of service condition in the RPC server.

Severity ?

6.5 (Medium)


                        
                          CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

7.1 (High)


                        
                          CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

CWE

CWE-476 - NULL Pointer Dereference

Assigner

siemens

References

URL

Tags

https://cert-portal.siemens.com/productcert/html/…

Impacted products

Vendor

Product

Version

Siemens

OpenPCS 7 V9.1

Affected: All versions < V9.1 SP2 UC05

Siemens	SIMATIC BATCH V9.1	Affected: All versions < V9.1 SP2 UC05
Siemens	SIMATIC PCS 7 V9.1	Affected: 0 , < V9.1 SP2 UC05 (custom)
Siemens	SIMATIC Route Control V9.1	Affected: All versions < V9.1 SP2 UC05
Siemens	SIMATIC WinCC Runtime Professional V18	Affected: 0 , < V18 Update 4 (custom)
Siemens	SIMATIC WinCC Runtime Professional V19	Affected: 0 , < V19 Update 2 (custom)
Siemens	SIMATIC WinCC V7.4	Affected: 0 , < * (custom)
Siemens	SIMATIC WinCC V7.5	Affected: 0 , < V7.5 SP2 Update 15 (custom)
Siemens	SIMATIC WinCC V8.0	Affected: 0 , < V8.0 Update 4 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-48363",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-13T16:37:22.994141Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T17:21:43.194Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T21:30:34.556Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-753746.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "OpenPCS 7 V9.1",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V9.1 SP2 UC05"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC BATCH V9.1",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V9.1 SP2 UC05"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC PCS 7 V9.1",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V9.1 SP2 UC05",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC Route Control V9.1",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V9.1 SP2 UC05"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC WinCC Runtime Professional V18",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V18 Update 4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC WinCC Runtime Professional V19",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V19 Update 2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC WinCC V7.4",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC WinCC V7.5",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V7.5 SP2 Update 15",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC WinCC V8.0",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V8.0 Update 4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in OpenPCS 7 V9.1 (All versions \u003c V9.1 SP2 UC05), SIMATIC BATCH V9.1 (All versions \u003c V9.1 SP2 UC05), SIMATIC PCS 7 V9.1 (All versions \u003c V9.1 SP2 UC05), SIMATIC Route Control V9.1 (All versions \u003c V9.1 SP2 UC05), SIMATIC WinCC Runtime Professional V18 (All versions \u003c V18 Update 4), SIMATIC WinCC Runtime Professional V19 (All versions \u003c V19 Update 2), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions \u003c V7.5 SP2 Update 15), SIMATIC WinCC V8.0 (All versions \u003c V8.0 Update 4). The implementation of the RPC (Remote Procedure call) \r\ncommunication protocol in the affected products do not \r\nproperly handle certain unorganized RPC messages. An \r\nattacker could use this vulnerability to cause a denial of service \r\ncondition in the RPC server."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        },
        {
          "cvssV4_0": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "CWE-476: NULL Pointer Dereference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-10T09:36:22.958Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-753746.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2023-48363",
    "datePublished": "2024-02-13T08:59:55.432Z",
    "dateReserved": "2023-11-15T17:20:32.751Z",
    "dateUpdated": "2024-09-10T09:36:22.958Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2024-09315

CVE-2023-48363 (GCVE-0-2023-48363)

Tags

Sightings

Nomenclature