Vulnerability-Lookup

CVE-2023-30756 (GCVE-0-2023-30756)

Vulnerability from cvelistv5 – Published: 2024-09-10 09:33 – Updated: 2024-09-10 15:10

Summary

A vulnerability has been identified in SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-1 (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-7 LTE (All versions < V3.5.20), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions < V3.5.20), SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions), SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions), SIMATIC WinCC Runtime Advanced (All versions), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions < V2.4.8), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions < V2.4.8). The web server of the affected devices do not properly handle certain errors when using the Expect HTTP request header, resulting in NULL dereference. This could allow a remote attacker with no privileges to cause a denial of service condition in the system.

Severity ?

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

8.2 (High)


                        
                          CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

CWE

CWE-476 - NULL Pointer Dereference

Assigner

siemens

References

URL

Tags

https://cert-portal.siemens.com/productcert/html/…

Impacted products

Vendor

Product

Version

Siemens

SIMATIC CP 1242-7 V2 (incl. SIPLUS variants)

Affected: 0 , < V3.5.20 (custom)

Siemens	SIMATIC CP 1243-1 (incl. SIPLUS variants)	Affected: 0 , < V3.5.20 (custom)
Siemens	SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants)	Affected: 0 , < V3.5.20 (custom)
Siemens	SIMATIC CP 1243-1 IEC (incl. SIPLUS variants)	Affected: 0 , < V3.5.20 (custom)
Siemens	SIMATIC CP 1243-7 LTE	Affected: 0 , < V3.5.20 (custom)
Siemens	SIMATIC CP 1243-8 IRC	Affected: 0 , < V3.5.20 (custom)
Siemens	SIMATIC HMI Comfort Panels (incl. SIPLUS variants)	Affected: All versions
Siemens	SIMATIC IPC DiagBase	Affected: 0 , < * (custom)
Siemens	SIMATIC IPC DiagMonitor	Affected: All versions
Siemens	SIMATIC WinCC Runtime Advanced	Affected: All versions
Siemens	SIPLUS TIM 1531 IRC	Affected: 0 , < V2.4.8 (custom)
Siemens	TIM 1531 IRC	Affected: 0 , < V2.4.8 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-30756",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:09:52.396615Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-10T15:10:00.273Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 1242-7 V2 (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.5.20",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 1243-1 (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.5.20",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.5.20",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 1243-1 IEC (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.5.20",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 1243-7 LTE",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.5.20",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 1243-8 IRC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.5.20",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI Comfort Panels (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC IPC DiagBase",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC IPC DiagMonitor",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC WinCC Runtime Advanced",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS TIM 1531 IRC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.4.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "TIM 1531 IRC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.4.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) (All versions \u003c V3.5.20), SIMATIC CP 1243-1 (incl. SIPLUS variants) (All versions \u003c V3.5.20), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions \u003c V3.5.20), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions \u003c V3.5.20), SIMATIC CP 1243-7 LTE (All versions \u003c V3.5.20), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions \u003c V3.5.20), SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions), SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions), SIMATIC WinCC Runtime Advanced (All versions), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions \u003c V2.4.8), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions \u003c V2.4.8). The web server of the affected devices do not properly handle certain errors when using the Expect HTTP request header, resulting in NULL dereference.\r\n\r\nThis could allow a remote attacker with no privileges to cause a denial of service condition in the system."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        },
        {
          "cvssV4_0": {
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "CWE-476: NULL Pointer Dereference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-10T09:33:40.640Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-423808.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2023-30756",
    "datePublished": "2024-09-10T09:33:40.640Z",
    "dateReserved": "2023-04-14T11:16:56.497Z",
    "dateUpdated": "2024-09-10T15:10:00.273Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-30756\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-10T15:09:52.396615Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-10T15:09:56.867Z\"}}], \"cna\": {\"metrics\": [{\"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 5.9, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C\"}}, {\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 8.2, \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N\"}}], \"affected\": [{\"vendor\": \"Siemens\", \"product\": \"SIMATIC CP 1242-7 V2 (incl. SIPLUS variants)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.5.20\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC CP 1243-1 (incl. SIPLUS variants)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.5.20\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.5.20\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC CP 1243-1 IEC (incl. SIPLUS variants)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.5.20\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC CP 1243-7 LTE\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.5.20\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC CP 1243-8 IRC\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.5.20\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC HMI Comfort Panels (incl. SIPLUS variants)\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC IPC DiagBase\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC IPC DiagMonitor\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC WinCC Runtime Advanced\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS TIM 1531 IRC\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.4.8\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"TIM 1531 IRC\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.4.8\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"references\": [{\"url\": \"https://cert-portal.siemens.com/productcert/html/ssa-423808.html\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability has been identified in SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) (All versions \u003c V3.5.20), SIMATIC CP 1243-1 (incl. SIPLUS variants) (All versions \u003c V3.5.20), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions \u003c V3.5.20), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions \u003c V3.5.20), SIMATIC CP 1243-7 LTE (All versions \u003c V3.5.20), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions \u003c V3.5.20), SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions), SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions), SIMATIC WinCC Runtime Advanced (All versions), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions \u003c V2.4.8), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions \u003c V2.4.8). The web server of the affected devices do not properly handle certain errors when using the Expect HTTP request header, resulting in NULL dereference.\\r\\n\\r\\nThis could allow a remote attacker with no privileges to cause a denial of service condition in the system.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-476\", \"description\": \"CWE-476: NULL Pointer Dereference\"}]}], \"providerMetadata\": {\"orgId\": \"cec7a2ec-15b4-4faf-bd53-b40f371f3a77\", \"shortName\": \"siemens\", \"dateUpdated\": \"2024-09-10T09:33:40.640Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-30756\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-09-10T15:10:00.273Z\", \"dateReserved\": \"2023-04-14T11:16:56.497Z\", \"assignerOrgId\": \"cec7a2ec-15b4-4faf-bd53-b40f371f3a77\", \"datePublished\": \"2024-09-10T09:33:40.640Z\", \"assignerShortName\": \"siemens\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GHSA-4P43-GFMP-QJMM

Vulnerability from github – Published: 2024-09-10 12:30 – Updated: 2024-09-10 12:30

Details

This could allow a remote attacker with no privileges to cause a denial of service condition in the system.

Severity ?

5.9 (Medium)


                  
                    CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

8.2 (High)


                  
                    CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-30756"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-09-10T10:15:06Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability has been identified in SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) (All versions \u003c V3.5.20), SIMATIC CP 1243-1 (incl. SIPLUS variants) (All versions \u003c V3.5.20), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions \u003c V3.5.20), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions \u003c V3.5.20), SIMATIC CP 1243-7 LTE (All versions \u003c V3.5.20), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions \u003c V3.5.20), SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions), SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions), SIMATIC WinCC Runtime Advanced (All versions), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions \u003c V2.4.8), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions \u003c V2.4.8). The web server of the affected devices do not properly handle certain errors when using the Expect HTTP request header, resulting in NULL dereference.\n\nThis could allow a remote attacker with no privileges to cause a denial of service condition in the system.",
  "id": "GHSA-4p43-gfmp-qjmm",
  "modified": "2024-09-10T12:30:37Z",
  "published": "2024-09-10T12:30:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30756"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-423808.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

FKIE_CVE-2023-30756

Vulnerability from fkie_nvd - Published: 2024-09-10 10:15 - Updated: 2024-09-10 12:09

Severity ?

5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

References

	URL	Tags
	productcert@siemens.com	https://cert-portal.siemens.com/productcert/html/ssa-423808.html

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability has been identified in SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) (All versions \u003c V3.5.20), SIMATIC CP 1243-1 (incl. SIPLUS variants) (All versions \u003c V3.5.20), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions \u003c V3.5.20), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions \u003c V3.5.20), SIMATIC CP 1243-7 LTE (All versions \u003c V3.5.20), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions \u003c V3.5.20), SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions), SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions), SIMATIC WinCC Runtime Advanced (All versions), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions \u003c V2.4.8), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions \u003c V2.4.8). The web server of the affected devices do not properly handle certain errors when using the Expect HTTP request header, resulting in NULL dereference.\r\n\r\nThis could allow a remote attacker with no privileges to cause a denial of service condition in the system."
    },
    {
      "lang": "es",
      "value": "Se ha identificado una vulnerabilidad en SIMATIC CP 1242-7 V2 (incl. variantes SIPLUS) (Todas las versiones \u0026lt; V3.5.20), SIMATIC CP 1243-1 (incl. variantes SIPLUS) (Todas las versiones \u0026lt; V3.5.20), SIMATIC CP 1243-1 DNP3 (incl. variantes SIPLUS) (Todas las versiones \u0026lt; V3.5.20), SIMATIC CP 1243-1 IEC (incl. variantes SIPLUS) (Todas las versiones \u0026lt; V3.5.20), SIMATIC CP 1243-7 LTE (Todas las versiones \u0026lt; V3.5.20), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (Todas las versiones \u0026lt; V3.5.20), SIMATIC HMI Comfort Panels (incl. variantes SIPLUS) (Todas las versiones), SIMATIC IPC DiagBase (Todas las versiones), SIMATIC IPC DiagMonitor (todas las versiones), SIMATIC WinCC Runtime Advanced (todas las versiones), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (todas las versiones \u0026lt; V2.4.8), TIM 1531 IRC (6GK7543-1MX00-0XE0) (todas las versiones \u0026lt; V2.4.8). El servidor web de los dispositivos afectados no gestiona correctamente determinados errores al utilizar el encabezado de solicitud HTTP Expect, lo que da lugar a una desreferencia NULL. Esto podr\u00eda permitir que un atacante remoto sin privilegios provoque una condici\u00f3n de denegaci\u00f3n de servicio en el sistema."
    }
  ],
  "id": "CVE-2023-30756",
  "lastModified": "2024-09-10T12:09:50.377",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "productcert@siemens.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "HIGH",
          "attackRequirements": "NONE",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 8.2,
          "baseSeverity": "HIGH",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "HIGH",
          "vulnConfidentialityImpact": "NONE",
          "vulnIntegrityImpact": "NONE",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "productcert@siemens.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-09-10T10:15:06.197",
  "references": [
    {
      "source": "productcert@siemens.com",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-423808.html"
    }
  ],
  "sourceIdentifier": "productcert@siemens.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-476"
        }
      ],
      "source": "productcert@siemens.com",
      "type": "Secondary"
    }
  ]
}

CNVD-2024-38015

Vulnerability from cnvd - Published: 2024-09-12

Title

Siemens Industrial产品空指针解引用漏洞（CNVD-2024-38015）

Description

SIMATIC CP 1242和CP 1243相关处理器将SIMATIC S7-1200控制器连接到广域网（WAN）。它们提供集成的安全功能，如防火墙、虚拟专用网络（VPN）和支持其他数据加密协议。SIMATIC HMI Panels用于操作员控制和监控机器和设备。SIMATIC IPC DiagBase diagnostics software允许及早识别SIMATIC工控机上的任何潜在故障，并有助于避免或减少系统停机时间。SIMATIC IPC DiagMonitor监控、报告、可视化和记录SIMATIC IPCs的系统状态。它与其他系统通信，并在事件发生时做出反应。Communication processor (CP) modules SIMATIC TIM 3V-IE和TIM 4R-IE设计使SIMATIC S7-300/S7-400 CPU能够进行以太网或遥控通信。SIMATIC WinCC Runtime Advanced是一个可视化运行时平台，用于操作员控制和监控机器和工厂。SIPLUS extreme产品专为在极端条件下可靠运行而设计，基于SIMATIC, LOGO!, SITOP, SINAMICS, SIMOTION, SCALANCE或其他设备。SIPLUS设备使用与其所基于的产品相同的固件。 Siemens Industrial产品存在空指针解引用漏洞，该漏洞源于受影响设备的web服务器未能正确处理关闭或重新启动请求，这可能会导致某些资源被清理。攻击者可利用该漏洞在系统中造成拒绝服务。

Severity

中

Patch Name

Siemens Industrial产品空指针解引用漏洞（CNVD-2024-38015）的补丁

Patch Description

Formal description

用户可参考如下供应商提供的安全公告获得补丁信息： https://cert-portal.siemens.com/productcert/html/ssa-423808.html

Reference

https://cert-portal.siemens.com/productcert/html/ssa-423808.html

Impacted products

Name
['Siemens SIMATIC IPC DiagMonitor', 'Siemens SIMATIC WinCC Runtime Advanced', 'SIEMENS SIMATIC IPC DiagBase null', 'Siemens SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) <V2.4.8', 'Siemens TIM 1531 IRC (6GK7543-1MX00-0XE0) <V2.4.8', 'Siemens SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) < V3.5.20', 'Siemens SIMATIC CP 1243-1 (incl. SIPLUS variants) < V3.5.20', 'SIEMENS SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) < V3.5.20', 'SIEMENS SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) < V3.5.20', 'Siemens SIMATIC CP 1243-7 LTE < V3.5.20', 'Siemens SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) < V3.5.20', 'Siemens SIMATIC HMI Comfort Panels (incl. SIPLUS variants)']

Name

['Siemens SIMATIC IPC DiagMonitor', 'Siemens SIMATIC WinCC Runtime Advanced', 'SIEMENS SIMATIC IPC DiagBase null', 'Siemens SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) <V2.4.8', 'Siemens TIM 1531 IRC (6GK7543-1MX00-0XE0) <V2.4.8', 'Siemens SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) < V3.5.20', 'Siemens SIMATIC CP 1243-1 (incl. SIPLUS variants) < V3.5.20', 'SIEMENS SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) < V3.5.20', 'SIEMENS SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) < V3.5.20', 'Siemens SIMATIC CP 1243-7 LTE < V3.5.20', 'Siemens SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) < V3.5.20', 'Siemens SIMATIC HMI Comfort Panels (incl. SIPLUS variants)']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2023-30756"
    }
  },
  "description": "SIMATIC CP 1242\u548cCP 1243\u76f8\u5173\u5904\u7406\u5668\u5c06SIMATIC S7-1200\u63a7\u5236\u5668\u8fde\u63a5\u5230\u5e7f\u57df\u7f51\uff08WAN\uff09\u3002\u5b83\u4eec\u63d0\u4f9b\u96c6\u6210\u7684\u5b89\u5168\u529f\u80fd\uff0c\u5982\u9632\u706b\u5899\u3001\u865a\u62df\u4e13\u7528\u7f51\u7edc\uff08VPN\uff09\u548c\u652f\u6301\u5176\u4ed6\u6570\u636e\u52a0\u5bc6\u534f\u8bae\u3002SIMATIC HMI Panels\u7528\u4e8e\u64cd\u4f5c\u5458\u63a7\u5236\u548c\u76d1\u63a7\u673a\u5668\u548c\u8bbe\u5907\u3002SIMATIC IPC DiagBase diagnostics software\u5141\u8bb8\u53ca\u65e9\u8bc6\u522bSIMATIC\u5de5\u63a7\u673a\u4e0a\u7684\u4efb\u4f55\u6f5c\u5728\u6545\u969c\uff0c\u5e76\u6709\u52a9\u4e8e\u907f\u514d\u6216\u51cf\u5c11\u7cfb\u7edf\u505c\u673a\u65f6\u95f4\u3002SIMATIC IPC DiagMonitor\u76d1\u63a7\u3001\u62a5\u544a\u3001\u53ef\u89c6\u5316\u548c\u8bb0\u5f55SIMATIC IPCs\u7684\u7cfb\u7edf\u72b6\u6001\u3002\u5b83\u4e0e\u5176\u4ed6\u7cfb\u7edf\u901a\u4fe1\uff0c\u5e76\u5728\u4e8b\u4ef6\u53d1\u751f\u65f6\u505a\u51fa\u53cd\u5e94\u3002Communication processor (CP) modules SIMATIC TIM 3V-IE\u548cTIM 4R-IE\u8bbe\u8ba1\u4f7fSIMATIC S7-300/S7-400 CPU\u80fd\u591f\u8fdb\u884c\u4ee5\u592a\u7f51\u6216\u9065\u63a7\u901a\u4fe1\u3002SIMATIC WinCC Runtime Advanced\u662f\u4e00\u4e2a\u53ef\u89c6\u5316\u8fd0\u884c\u65f6\u5e73\u53f0\uff0c\u7528\u4e8e\u64cd\u4f5c\u5458\u63a7\u5236\u548c\u76d1\u63a7\u673a\u5668\u548c\u5de5\u5382\u3002SIPLUS extreme\u4ea7\u54c1\u4e13\u4e3a\u5728\u6781\u7aef\u6761\u4ef6\u4e0b\u53ef\u9760\u8fd0\u884c\u800c\u8bbe\u8ba1\uff0c\u57fa\u4e8eSIMATIC, LOGO!, SITOP, SINAMICS, SIMOTION, SCALANCE\u6216\u5176\u4ed6\u8bbe\u5907\u3002SIPLUS\u8bbe\u5907\u4f7f\u7528\u4e0e\u5176\u6240\u57fa\u4e8e\u7684\u4ea7\u54c1\u76f8\u540c\u7684\u56fa\u4ef6\u3002\n\nSiemens Industrial\u4ea7\u54c1\u5b58\u5728\u7a7a\u6307\u9488\u89e3\u5f15\u7528\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u53d7\u5f71\u54cd\u8bbe\u5907\u7684web\u670d\u52a1\u5668\u672a\u80fd\u6b63\u786e\u5904\u7406\u5173\u95ed\u6216\u91cd\u65b0\u542f\u52a8\u8bf7\u6c42\uff0c\u8fd9\u53ef\u80fd\u4f1a\u5bfc\u81f4\u67d0\u4e9b\u8d44\u6e90\u88ab\u6e05\u7406\u3002 \u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u7cfb\u7edf\u4e2d\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://cert-portal.siemens.com/productcert/html/ssa-423808.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2024-38015",
  "openTime": "2024-09-12",
  "patchDescription": "SIMATIC CP 1242\u548cCP 1243\u76f8\u5173\u5904\u7406\u5668\u5c06SIMATIC S7-1200\u63a7\u5236\u5668\u8fde\u63a5\u5230\u5e7f\u57df\u7f51\uff08WAN\uff09\u3002\u5b83\u4eec\u63d0\u4f9b\u96c6\u6210\u7684\u5b89\u5168\u529f\u80fd\uff0c\u5982\u9632\u706b\u5899\u3001\u865a\u62df\u4e13\u7528\u7f51\u7edc\uff08VPN\uff09\u548c\u652f\u6301\u5176\u4ed6\u6570\u636e\u52a0\u5bc6\u534f\u8bae\u3002SIMATIC HMI Panels\u7528\u4e8e\u64cd\u4f5c\u5458\u63a7\u5236\u548c\u76d1\u63a7\u673a\u5668\u548c\u8bbe\u5907\u3002SIMATIC IPC DiagBase diagnostics software\u5141\u8bb8\u53ca\u65e9\u8bc6\u522bSIMATIC\u5de5\u63a7\u673a\u4e0a\u7684\u4efb\u4f55\u6f5c\u5728\u6545\u969c\uff0c\u5e76\u6709\u52a9\u4e8e\u907f\u514d\u6216\u51cf\u5c11\u7cfb\u7edf\u505c\u673a\u65f6\u95f4\u3002SIMATIC IPC DiagMonitor\u76d1\u63a7\u3001\u62a5\u544a\u3001\u53ef\u89c6\u5316\u548c\u8bb0\u5f55SIMATIC IPCs\u7684\u7cfb\u7edf\u72b6\u6001\u3002\u5b83\u4e0e\u5176\u4ed6\u7cfb\u7edf\u901a\u4fe1\uff0c\u5e76\u5728\u4e8b\u4ef6\u53d1\u751f\u65f6\u505a\u51fa\u53cd\u5e94\u3002Communication processor (CP) modules SIMATIC TIM 3V-IE\u548cTIM 4R-IE\u8bbe\u8ba1\u4f7fSIMATIC S7-300/S7-400 CPU\u80fd\u591f\u8fdb\u884c\u4ee5\u592a\u7f51\u6216\u9065\u63a7\u901a\u4fe1\u3002SIMATIC WinCC Runtime Advanced\u662f\u4e00\u4e2a\u53ef\u89c6\u5316\u8fd0\u884c\u65f6\u5e73\u53f0\uff0c\u7528\u4e8e\u64cd\u4f5c\u5458\u63a7\u5236\u548c\u76d1\u63a7\u673a\u5668\u548c\u5de5\u5382\u3002SIPLUS extreme\u4ea7\u54c1\u4e13\u4e3a\u5728\u6781\u7aef\u6761\u4ef6\u4e0b\u53ef\u9760\u8fd0\u884c\u800c\u8bbe\u8ba1\uff0c\u57fa\u4e8eSIMATIC, LOGO!, SITOP, SINAMICS, SIMOTION, SCALANCE\u6216\u5176\u4ed6\u8bbe\u5907\u3002SIPLUS\u8bbe\u5907\u4f7f\u7528\u4e0e\u5176\u6240\u57fa\u4e8e\u7684\u4ea7\u54c1\u76f8\u540c\u7684\u56fa\u4ef6\u3002\r\n\r\nSiemens Industrial\u4ea7\u54c1\u5b58\u5728\u7a7a\u6307\u9488\u89e3\u5f15\u7528\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u53d7\u5f71\u54cd\u8bbe\u5907\u7684web\u670d\u52a1\u5668\u672a\u80fd\u6b63\u786e\u5904\u7406\u5173\u95ed\u6216\u91cd\u65b0\u542f\u52a8\u8bf7\u6c42\uff0c\u8fd9\u53ef\u80fd\u4f1a\u5bfc\u81f4\u67d0\u4e9b\u8d44\u6e90\u88ab\u6e05\u7406\u3002 \u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u7cfb\u7edf\u4e2d\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Siemens Industrial\u4ea7\u54c1\u7a7a\u6307\u9488\u89e3\u5f15\u7528\u6f0f\u6d1e\uff08CNVD-2024-38015\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Siemens SIMATIC IPC DiagMonitor",
      "Siemens SIMATIC WinCC Runtime Advanced",
      "SIEMENS SIMATIC IPC DiagBase null",
      "Siemens SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) \u003cV2.4.8",
      "Siemens TIM 1531 IRC (6GK7543-1MX00-0XE0) \u003cV2.4.8",
      "Siemens SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) \u003c V3.5.20",
      "Siemens SIMATIC CP 1243-1 (incl. SIPLUS variants) \u003c V3.5.20",
      "SIEMENS SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) \u003c V3.5.20",
      "SIEMENS SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) \u003c V3.5.20",
      "Siemens SIMATIC CP 1243-7 LTE \u003c V3.5.20",
      "Siemens SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) \u003c V3.5.20",
      "Siemens SIMATIC HMI Comfort Panels (incl. SIPLUS variants)"
    ]
  },
  "referenceLink": "https://cert-portal.siemens.com/productcert/html/ssa-423808.html",
  "serverity": "\u4e2d",
  "submitTime": "2024-09-12",
  "title": "Siemens Industrial\u4ea7\u54c1\u7a7a\u6307\u9488\u89e3\u5f15\u7528\u6f0f\u6d1e\uff08CNVD-2024-38015\uff09"
}

CERTFR-2024-AVI-0757

Vulnerability from certfr_avis - Published: 2024-09-10 - Updated: 2024-09-10

De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Siemens	N/A	SIMATIC WinCC Runtime Professional V18 toutes versions pour la vulnérabilité CVE-2024-38355
Siemens	N/A	SIMATIC WinCC V7.4 toutes versionswith installed WebRH. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2024-38355.
Siemens	N/A	SIMATIC WinCC Runtime Advanced toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour les vulnérabilités CVE-2023-28827, CVE-2023-30755 et CVE-2023-30756.
Siemens	N/A	SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) versions antérieures à V4.2
Siemens	N/A	SIMATIC WinCC V8.0 versions antérieures à V8.0 Update 5
Siemens	N/A	SIMATIC WinCC Runtime Professional V19 toutes versions pour la vulnérabilité CVE-2024-35783
Siemens	N/A	SIMATIC IPC DiagMonitor toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour les vulnérabilités CVE-2023-28827, CVE-2023-30755 et CVE-2023-30756.
Siemens	N/A	SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) versions antérieures à V4.2
Siemens	N/A	SIMATIC PCS neo V5.0 toutes versions pour la vulnérabilité CVE-2024-38355
Siemens	N/A	SIMATIC HMI Comfort Panels (incl. SIPLUS variants) toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour les vulnérabilités CVE-2023-28827, CVE-2023-30755 et CVE-2023-30756.
Siemens	N/A	SCALANCE W700 802.11 AX versions antérieures à V2.4.0
Siemens	N/A	SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) versions antérieures à V4.2
Siemens	N/A	SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) versions antérieures à V4.2
Siemens	N/A	SIMATIC WinCC V8.0 toutes versions pour la vulnérabilité CVE-2024-38355
Siemens	N/A	SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) versions antérieures à V4.2
Siemens	N/A	SIMATIC Information Server 2024 toutes versions pour la vulnérabilité CVE-2024-33698
Siemens	N/A	SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) versions antérieures à V4.2
Siemens	N/A	SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) versions antérieures à V4.2
Siemens	N/A	SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) versions antérieures à V4.2
Siemens	N/A	Totally Integrated Automation Portal (TIA Portal) V18 toutes versions
Siemens	N/A	SIMATIC RF188C (6GT2002-0JE40) versions antérieures à V2.2
Siemens	N/A	SIMATIC PCS neo V4.1 versions antérieures à V4.1 Update 2
Siemens	N/A	SIMATIC S7-200 SMART toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2024-43647.
Siemens	N/A	SIMATIC PCS neo V4.0 toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2024-33698.
Siemens	N/A	SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) versions antérieures à V4.2
Siemens	N/A	SIMATIC WinCC V7.5 toutes versions pour la vulnérabilité CVE-2024-38355
Siemens	N/A	SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) versions antérieures à V4.2
Siemens	N/A	SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) versions antérieures à V3.5.20
Siemens	N/A	SIMATIC RF1140R (6GT2831-6CB00) versions antérieures à V1.1
Siemens	N/A	SIMATIC PCS 7 V9.1 toutes versions
Siemens	N/A	SIMATIC WinCC Runtime Professional V20 toutes versions pour la vulnérabilité CVE-2024-38355
Siemens	N/A	SIMATIC RF1170R (6GT2831-6BB00) versions antérieures à V1.1
Siemens	N/A	SIMATIC Information Server 2022 toutes versions pour la vulnérabilité CVE-2024-35783
Siemens	N/A	SIMATIC RF166C (6GT2002-0EE20) versions antérieures à V2.2
Siemens	N/A	Totally Integrated Automation Portal (TIA Portal) V19 toutes versions
Siemens	N/A	SIMATIC Information Server 2022 toutes versions pour la vulnérabilité CVE-2024-33698
Siemens	N/A	SIMATIC WinCC Runtime Professional V17 toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2024-38355.
Siemens	N/A	SIMATIC RF186CI (6GT2002-0JE50) versions antérieures à V2.2
Siemens	N/A	SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) versions antérieures à V3.5.20
Siemens	N/A	Totally Integrated Automation Portal (TIA Portal) V17 versions antérieures à V17 Update 8
Siemens	N/A	SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) versions antérieures à V4.2
Siemens	N/A	SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) versions antérieures à V4.2
Siemens	N/A	SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) versions antérieures à V4.2
Siemens	N/A	SIMATIC Information Server 2020 toutes versions pour la vulnérabilité CVE-2024-35783
Siemens	N/A	SIMATIC Process Historian 2020 toutes versions pour la vulnérabilité CVE-2024-35783
Siemens	N/A	SIMATIC RF185C (6GT2002-0JE10) versions antérieures à V2.2
Siemens	N/A	SIMATIC WinCC V7.5 versions antérieures à V7.5 SP2 Update 18
Siemens	N/A	SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) versions antérieures à V4.2
Siemens	N/A	SICAM SCC versions antérieures à V10.0
Siemens	N/A	Totally Integrated Automation Portal (TIA Portal) V16 toutes versions pour la vulnérabilité CVE-2024-33698
Siemens	N/A	SIMATIC WinCC Runtime Professional V18 toutes versions pour la vulnérabilité CVE-2024-35783
Siemens	N/A	SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) versions antérieures à V3.5.20
Siemens	N/A	SIMATIC WinCC Runtime Professional V19 toutes versions pour la vulnérabilité CVE-2024-38355
Siemens	N/A	SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) versions antérieures à V4.2
Siemens	N/A	SIMATIC WinCC V7.4 toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2024-35783.
Siemens	N/A	SIMATIC RF360R (6GT2801-5BA30) versions antérieures à V2.2
Siemens	N/A	SIMATIC RF188CI (6GT2002-0JE60) versions antérieures à V2.2
Siemens	N/A	SIMATIC IPC DiagBase toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour les vulnérabilités CVE-2023-28827, CVE-2023-30755 et CVE-2023-30756.
Siemens	N/A	SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) versions antérieures à V3.5.20
Siemens	N/A	SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) versions antérieures à V4.2
Siemens	N/A	SIMATIC Process Historian 2022 toutes versions pour la vulnérabilité CVE-2024-35783
Siemens	N/A	SIMATIC RF186C (6GT2002-0JE20) versions antérieures à V2.2
Siemens	N/A	SIMATIC CP 1243-7 LTE versions antérieures à V3.5.20
Siemens	N/A	SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) versions antérieures à V4.2
Siemens	N/A	SIMATIC PCS neo V5.0 toutes versions pour la vulnérabilité CVE-2024-33698
Siemens	N/A	SIMATIC CP 1243-1 (incl. SIPLUS variants) versions antérieures à V3.5.20
Siemens	N/A	SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) versions antérieures à V4.2
Siemens	N/A	SIMATIC BATCH V9.1 toutes versions pour la vulnérabilité CVE-2024-35783

References

Title

Publication Time

Tags

Bulletin de sécurité Siemens SSA-721642	2024-09-10	vendor-advisory
Bulletin de sécurité Siemens SSA-969738	2024-09-10	vendor-advisory
Bulletin de sécurité Siemens SSA-673996	2024-09-10	vendor-advisory
Bulletin de sécurité Siemens SSA-773256	2024-09-10	vendor-advisory
Bulletin de sécurité Siemens SSA-423808	2024-09-10	vendor-advisory
Bulletin de sécurité Siemens SSA-039007	2024-09-10	vendor-advisory
Bulletin de sécurité Siemens SSA-629254	2024-09-10	vendor-advisory
Bulletin de sécurité Siemens SSA-765405	2024-09-10	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SIMATIC WinCC Runtime Professional V18 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-38355",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC V7.4 toutes versionswith installed WebRH. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2024-38355.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC Runtime Advanced toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour les vuln\u00e9rabilit\u00e9s CVE-2023-28827, CVE-2023-30755 et CVE-2023-30756.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) versions ant\u00e9rieures \u00e0 V4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC V8.0 versions ant\u00e9rieures \u00e0 V8.0 Update 5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC Runtime Professional V19 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-35783",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC DiagMonitor toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour les vuln\u00e9rabilit\u00e9s CVE-2023-28827, CVE-2023-30755 et CVE-2023-30756.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) versions ant\u00e9rieures \u00e0 V4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC PCS neo V5.0 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-38355",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC HMI Comfort Panels (incl. SIPLUS variants) toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour les vuln\u00e9rabilit\u00e9s CVE-2023-28827, CVE-2023-30755 et CVE-2023-30756.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE W700 802.11 AX versions ant\u00e9rieures \u00e0 V2.4.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) versions ant\u00e9rieures \u00e0 V4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) versions ant\u00e9rieures \u00e0 V4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC V8.0 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-38355",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) versions ant\u00e9rieures \u00e0 V4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Information Server 2024 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-33698",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) versions ant\u00e9rieures \u00e0 V4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) versions ant\u00e9rieures \u00e0 V4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) versions ant\u00e9rieures \u00e0 V4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Totally Integrated Automation Portal (TIA Portal) V18 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC RF188C (6GT2002-0JE40) versions ant\u00e9rieures \u00e0 V2.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC PCS neo V4.1 versions ant\u00e9rieures \u00e0 V4.1 Update 2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-200 SMART toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2024-43647.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC PCS neo V4.0 toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2024-33698.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) versions ant\u00e9rieures \u00e0 V4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC V7.5 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-38355",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) versions ant\u00e9rieures \u00e0 V4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) versions ant\u00e9rieures \u00e0 V3.5.20",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC RF1140R (6GT2831-6CB00) versions ant\u00e9rieures \u00e0 V1.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC PCS 7 V9.1 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC Runtime Professional V20 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-38355",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC RF1170R (6GT2831-6BB00) versions ant\u00e9rieures \u00e0 V1.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Information Server 2022 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-35783",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC RF166C (6GT2002-0EE20) versions ant\u00e9rieures \u00e0 V2.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Totally Integrated Automation Portal (TIA Portal) V19 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Information Server 2022 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-33698",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC Runtime Professional V17 toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2024-38355.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC RF186CI (6GT2002-0JE50) versions ant\u00e9rieures \u00e0 V2.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) versions ant\u00e9rieures \u00e0 V3.5.20",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Totally Integrated Automation Portal (TIA Portal) V17 versions ant\u00e9rieures \u00e0 V17 Update 8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) versions ant\u00e9rieures \u00e0 V4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) versions ant\u00e9rieures \u00e0 V4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) versions ant\u00e9rieures \u00e0 V4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Information Server 2020 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-35783",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Process Historian 2020 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-35783",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC RF185C (6GT2002-0JE10) versions ant\u00e9rieures \u00e0 V2.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC V7.5 versions ant\u00e9rieures \u00e0 V7.5 SP2 Update 18",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) versions ant\u00e9rieures \u00e0 V4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SICAM SCC versions ant\u00e9rieures \u00e0 V10.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Totally Integrated Automation Portal (TIA Portal) V16 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-33698",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC Runtime Professional V18 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-35783",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) versions ant\u00e9rieures \u00e0 V3.5.20",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC Runtime Professional V19 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-38355",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) versions ant\u00e9rieures \u00e0 V4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC V7.4 toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2024-35783.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC RF360R (6GT2801-5BA30) versions ant\u00e9rieures \u00e0 V2.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC RF188CI (6GT2002-0JE60) versions ant\u00e9rieures \u00e0 V2.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC DiagBase toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour les vuln\u00e9rabilit\u00e9s CVE-2023-28827, CVE-2023-30755 et CVE-2023-30756.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) versions ant\u00e9rieures \u00e0 V3.5.20",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) versions ant\u00e9rieures \u00e0 V4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Process Historian 2022 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-35783",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC RF186C (6GT2002-0JE20) versions ant\u00e9rieures \u00e0 V2.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 1243-7 LTE versions ant\u00e9rieures \u00e0 V3.5.20",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) versions ant\u00e9rieures \u00e0 V4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC PCS neo V5.0 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-33698",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 1243-1 (incl. SIPLUS variants) versions ant\u00e9rieures \u00e0 V3.5.20",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) versions ant\u00e9rieures \u00e0 V4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC BATCH V9.1 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-35783",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-43647",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43647"
    },
    {
      "name": "CVE-2024-37995",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37995"
    },
    {
      "name": "CVE-2024-37990",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37990"
    },
    {
      "name": "CVE-2024-37993",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37993"
    },
    {
      "name": "CVE-2024-37991",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37991"
    },
    {
      "name": "CVE-2023-30756",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30756"
    },
    {
      "name": "CVE-2024-33698",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33698"
    },
    {
      "name": "CVE-2024-37992",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37992"
    },
    {
      "name": "CVE-2024-34057",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34057"
    },
    {
      "name": "CVE-2023-30755",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30755"
    },
    {
      "name": "CVE-2023-28827",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28827"
    },
    {
      "name": "CVE-2023-44373",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44373"
    },
    {
      "name": "CVE-2024-35783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35783"
    },
    {
      "name": "CVE-2024-38355",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38355"
    },
    {
      "name": "CVE-2024-37994",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37994"
    }
  ],
  "initial_release_date": "2024-09-10T00:00:00",
  "last_revision_date": "2024-09-10T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0757",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-09-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Siemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
  "vendor_advisories": [
    {
      "published_at": "2024-09-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-721642",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-721642.html"
    },
    {
      "published_at": "2024-09-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-969738",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-969738.html"
    },
    {
      "published_at": "2024-09-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-673996",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-673996.html"
    },
    {
      "published_at": "2024-09-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-773256",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-773256.html"
    },
    {
      "published_at": "2024-09-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-423808",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-423808.html"
    },
    {
      "published_at": "2024-09-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-039007",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-039007.html"
    },
    {
      "published_at": "2024-09-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-629254",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-629254.html"
    },
    {
      "published_at": "2024-09-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-765405",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-765405.html"
    }
  ]
}

GSD-2023-30756

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Aliases

CVE-2023-30756

Aliases

CVE-2023-30756

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-30756",
    "id": "GSD-2023-30756"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-30756"
      ],
      "id": "GSD-2023-30756",
      "modified": "2023-12-13T01:20:52.464448Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2023-30756",
        "STATE": "RESERVED"
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
          }
        ]
      }
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-30756 (GCVE-0-2023-30756)

GHSA-4P43-GFMP-QJMM

FKIE_CVE-2023-30756

CNVD-2024-38015

CERTFR-2024-AVI-0757

Solutions

GSD-2023-30756

Tags

Sightings

Nomenclature