Vulnerability-Lookup

CVE-2024-41905 (GCVE-0-2024-41905)

Vulnerability from cvelistv5 – Published: 2024-08-13 07:54 – Updated: 2024-08-13 13:25

Summary

A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). The affected application do not have access control for accessing the files. This could allow an authenticated attacker with low privilege's to get access to sensitive information.

Severity ?

6.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

7.6 (High)


                        
                          CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

CWE

CWE-284 - Improper Access Control

Assigner

siemens

References

URL

	Vendor	Product	Version
	Siemens	SINEC Traffic Analyzer	Affected: 0 , < V2.0 (custom)

CNVD-2024-35432

Vulnerability from cnvd - Published: 2024-08-14

Title

Siemens SINEC Traffic Analyzer访问控制错误漏洞

Description

SINEC Traffic Analyzer是一个内部部署的应用程序，监控控制器和IO设备之间的PNIO (PROFINET IO)通信。 Siemens SINEC Traffic Analyzer存在访问控制错误漏洞，低权限的经过身份验证的攻击者可利用该漏洞访问敏感信息。

Severity

中

Patch Name

Siemens SINEC Traffic Analyzer访问控制错误漏洞的补丁

Patch Description

SINEC Traffic Analyzer是一个内部部署的应用程序，监控控制器和IO设备之间的PNIO (PROFINET IO)通信。 Siemens SINEC Traffic Analyzer存在访问控制错误漏洞，低权限的经过身份验证的攻击者可利用该漏洞访问敏感信息。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://support.industry.siemens.com/cs/ww/en/view/109972409/

Reference

https://cert-portal.siemens.com/productcert/html/ssa-716317.html

Impacted products

Name
Siemens SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) <2.0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2024-41905"
    }
  },
  "description": "SINEC Traffic Analyzer\u662f\u4e00\u4e2a\u5185\u90e8\u90e8\u7f72\u7684\u5e94\u7528\u7a0b\u5e8f\uff0c\u76d1\u63a7\u63a7\u5236\u5668\u548cIO\u8bbe\u5907\u4e4b\u95f4\u7684PNIO (PROFINET IO)\u901a\u4fe1\u3002\n\nSiemens SINEC Traffic Analyzer\u5b58\u5728\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\uff0c\u4f4e\u6743\u9650\u7684\u7ecf\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u7684\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bbf\u95ee\u654f\u611f\u4fe1\u606f\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://support.industry.siemens.com/cs/ww/en/view/109972409/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2024-35432",
  "openTime": "2024-08-14",
  "patchDescription": "SINEC Traffic Analyzer\u662f\u4e00\u4e2a\u5185\u90e8\u90e8\u7f72\u7684\u5e94\u7528\u7a0b\u5e8f\uff0c\u76d1\u63a7\u63a7\u5236\u5668\u548cIO\u8bbe\u5907\u4e4b\u95f4\u7684PNIO (PROFINET IO)\u901a\u4fe1\u3002\r\n\r\nSiemens SINEC Traffic Analyzer\u5b58\u5728\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\uff0c\u4f4e\u6743\u9650\u7684\u7ecf\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u7684\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bbf\u95ee\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Siemens SINEC Traffic Analyzer\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Siemens SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) \u003c2.0"
  },
  "referenceLink": "https://cert-portal.siemens.com/productcert/html/ssa-716317.html",
  "serverity": "\u4e2d",
  "submitTime": "2024-08-14",
  "title": "Siemens SINEC Traffic Analyzer\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e"
}

FKIE_CVE-2024-41905

Vulnerability from fkie_nvd - Published: 2024-08-13 08:15 - Updated: 2024-08-14 18:03

Severity ?

6.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

References

	URL	Tags
	productcert@siemens.com	https://cert-portal.siemens.com/productcert/html/ssa-716317.html	Vendor Advisory

Impacted products

	Vendor	Product	Version
	siemens	sinec_traffic_analyzer	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:siemens:sinec_traffic_analyzer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B8318FF-CCF9-4240-AAE3-7D220039EF32",
              "versionEndExcluding": "2.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions \u003c V2.0). The affected application do not have access control for accessing the files. This could allow an authenticated attacker with low privilege\u0027s to get access to sensitive information."
    },
    {
      "lang": "es",
      "value": "Se ha identificado una vulnerabilidad en SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (Todas las versiones \u0026lt; V2.0). La aplicaci\u00f3n afectada no tiene control de acceso para acceder a los archivos. Esto podr\u00eda permitir que un atacante autenticado con privilegios bajos obtenga acceso a informaci\u00f3n confidencial."
    }
  ],
  "id": "CVE-2024-41905",
  "lastModified": "2024-08-14T18:03:07.660",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 5.2,
        "source": "productcert@siemens.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "HIGH",
          "attackRequirements": "NONE",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 7.6,
          "baseSeverity": "HIGH",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "LOW",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "NONE",
          "vulnConfidentialityImpact": "HIGH",
          "vulnIntegrityImpact": "HIGH",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "productcert@siemens.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-08-13T08:15:13.250",
  "references": [
    {
      "source": "productcert@siemens.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-716317.html"
    }
  ],
  "sourceIdentifier": "productcert@siemens.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "productcert@siemens.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-7JF9-XQJC-725F

Vulnerability from github – Published: 2024-08-13 09:30 – Updated: 2024-08-13 09:30

Details

Severity ?

6.8 (Medium)


                  
                    CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

7.6 (High)


                  
                    CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-41905"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-284"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-13T08:15:13Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions \u003c V2.0). The affected application do not have access control for accessing the files. This could allow an authenticated attacker with low privilege\u0027s to get access to sensitive information.",
  "id": "GHSA-7jf9-xqjc-725f",
  "modified": "2024-08-13T09:30:52Z",
  "published": "2024-08-13T09:30:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41905"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-716317.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

CERTFR-2024-AVI-0672

Vulnerability from certfr_avis - Published: 2024-08-13 - Updated: 2024-08-16

De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Siemens	N/A	SCALANCE M-800 versions antérieures à V8.1
Siemens	N/A	Teamcenter Visualization versions V14.2 antérieures à V14.2.0.12
Siemens	N/A	JT2Go versions antérieures à V2312.0005
Siemens	N/A	Teamcenter Visualization versions V2312 antérieures à V2312.0005
Siemens	N/A	INTRALOG WMS versions antérieures à V4
Siemens	N/A	LOGO! V8.3 BM (aucun correctif n'est prévu)
Siemens	N/A	SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) versions antérieures à V8.1
Siemens	N/A	SIPLUS LOGO! V8.3 BM (aucun correctif n'est prévu)
Siemens	N/A	SINEC NMS versions antérieures à V3.0
Siemens	N/A	Teamcenter Visualization versions V14.3 antérieures à V14.3.0.10
Siemens	N/A	COMOS versions antérieures à V10.5
Siemens	N/A	Location Intelligence family versions antérieures à V4.4
Siemens	N/A	SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) versions antérieures à V8.1
Siemens	N/A	SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) versions antérieures à V7.2.2
Siemens	N/A	NX versions antérieures à V2406.3000
Siemens	N/A	SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) versions antérieures à V7.2.2
Siemens	N/A	SCALANCE M-800 versions antérieures à V7.2.2
Siemens	N/A	SINEC Traffic Analyzer versions antérieures à V2.0

References

Title

Publication Time

Tags

Bulletin de sécurité Siemens SSA-856475	2024-08-13	vendor-advisory
Bulletin de sécurité Siemens SSA-357412	2024-08-13	vendor-advisory
Bulletin de sécurité Siemens SSA-720392	2024-08-13	vendor-advisory
Bulletin de sécurité Siemens SSA-921449	2024-08-13	vendor-advisory
Bulletin de sécurité Siemens SSA-068047	2024-08-13	vendor-advisory
Bulletin de sécurité Siemens SSA-784301	2024-08-13	vendor-advisory
Bulletin de sécurité Siemens SSA-716317	2024-08-13	vendor-advisory
Bulletin de sécurité Siemens SSA-659443	2024-08-13	vendor-advisory
Bulletin de sécurité Siemens SSA-087301	2024-08-13	vendor-advisory
Bulletin de sécurité Siemens SSA-417547	2024-08-13	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SCALANCE M-800 versions ant\u00e9rieures \u00e0 V8.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Teamcenter Visualization versions V14.2 ant\u00e9rieures \u00e0 V14.2.0.12",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "JT2Go versions ant\u00e9rieures \u00e0 V2312.0005",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Teamcenter Visualization versions V2312 ant\u00e9rieures \u00e0 V2312.0005",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "INTRALOG WMS versions ant\u00e9rieures \u00e0 V4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "LOGO! V8.3 BM (aucun correctif n\u0027est pr\u00e9vu)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) versions ant\u00e9rieures \u00e0 V8.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIPLUS LOGO! V8.3 BM (aucun correctif n\u0027est pr\u00e9vu)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINEC NMS versions ant\u00e9rieures \u00e0 V3.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Teamcenter Visualization versions V14.3 ant\u00e9rieures \u00e0 V14.3.0.10",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": " COMOS versions ant\u00e9rieures \u00e0 V10.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Location Intelligence family versions ant\u00e9rieures \u00e0 V4.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) versions ant\u00e9rieures \u00e0 V8.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) versions ant\u00e9rieures \u00e0 V7.2.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "NX versions ant\u00e9rieures \u00e0 V2406.3000",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) versions ant\u00e9rieures \u00e0 V7.2.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE M-800 versions ant\u00e9rieures \u00e0 V7.2.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINEC Traffic Analyzer versions ant\u00e9rieures \u00e0 V2.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-41976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41976"
    },
    {
      "name": "CVE-2024-32635",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-32635"
    },
    {
      "name": "CVE-2024-41682",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41682"
    },
    {
      "name": "CVE-2024-41906",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41906"
    },
    {
      "name": "CVE-2023-44321",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44321"
    },
    {
      "name": "CVE-2023-52425",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52425"
    },
    {
      "name": "CVE-2024-32636",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-32636"
    },
    {
      "name": "CVE-2023-44317",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44317"
    },
    {
      "name": "CVE-2024-28757",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28757"
    },
    {
      "name": "CVE-2024-41908",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41908"
    },
    {
      "name": "CVE-2023-52426",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52426"
    },
    {
      "name": "CVE-2024-41683",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41683"
    },
    {
      "name": "CVE-2023-5868",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5868"
    },
    {
      "name": "CVE-2024-41938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41938"
    },
    {
      "name": "CVE-2024-41978",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41978"
    },
    {
      "name": "CVE-2023-44487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
    },
    {
      "name": "CVE-2023-45802",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45802"
    },
    {
      "name": "CVE-2024-0056",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-0056"
    },
    {
      "name": "CVE-2023-5180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5180"
    },
    {
      "name": "CVE-2023-26495",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26495"
    },
    {
      "name": "CVE-2024-41681",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41681"
    },
    {
      "name": "CVE-2023-5870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5870"
    },
    {
      "name": "CVE-2024-30045",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30045"
    },
    {
      "name": "CVE-2023-44320",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44320"
    },
    {
      "name": "CVE-2023-42795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42795"
    },
    {
      "name": "CVE-2024-41905",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41905"
    },
    {
      "name": "CVE-2023-5869",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5869"
    },
    {
      "name": "CVE-2024-36398",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36398"
    },
    {
      "name": "CVE-2023-4611",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4611"
    },
    {
      "name": "CVE-2023-43622",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-43622"
    },
    {
      "name": "CVE-2023-45648",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45648"
    },
    {
      "name": "CVE-2024-41907",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41907"
    },
    {
      "name": "CVE-2024-39922",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39922"
    },
    {
      "name": "CVE-2024-41977",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41977"
    },
    {
      "name": "CVE-2023-31122",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-31122"
    },
    {
      "name": "CVE-2024-41904",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41904"
    },
    {
      "name": "CVE-2023-46120",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-46120"
    },
    {
      "name": "CVE-2024-25062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25062"
    },
    {
      "name": "CVE-2023-6481",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6481"
    },
    {
      "name": "CVE-2023-6378",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6378"
    },
    {
      "name": "CVE-2024-41940",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41940"
    },
    {
      "name": "CVE-2023-42794",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42794"
    },
    {
      "name": "CVE-2024-32637",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-32637"
    },
    {
      "name": "CVE-2023-46280",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-46280"
    },
    {
      "name": "CVE-2024-0985",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-0985"
    },
    {
      "name": "CVE-2023-49692",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-49692"
    },
    {
      "name": "CVE-2023-34050",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34050"
    },
    {
      "name": "CVE-2023-46589",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-46589"
    },
    {
      "name": "CVE-2023-39615",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39615"
    },
    {
      "name": "CVE-2024-28182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28182"
    },
    {
      "name": "CVE-2024-41939",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41939"
    },
    {
      "name": "CVE-2024-41941",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41941"
    }
  ],
  "initial_release_date": "2024-08-13T00:00:00",
  "last_revision_date": "2024-08-16T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0672",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-08-13T00:00:00.000000"
    },
    {
      "description": "Ajout des identifiants CVE manquants.",
      "revision_date": "2024-08-16T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Siemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
  "vendor_advisories": [
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-856475",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-856475.html"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-357412",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-357412.html"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-720392",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-720392.html"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-921449",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-921449.html"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-068047",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-068047.html"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-784301",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-784301.html"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-716317",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-716317.html"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-659443",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-659443.html"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-087301",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-087301.html"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-417547",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-417547.html"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-41905 (GCVE-0-2024-41905)

CNVD-2024-35432

FKIE_CVE-2024-41905

GHSA-7JF9-XQJC-725F

CERTFR-2024-AVI-0672

Solutions

Tags

Sightings

Nomenclature