CVE-2023-52891

A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.5), SIMATIC Energy Manager PRO (All versions < V7.5), SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions), SIMIT V10 (All versions), SIMIT V11 (All versions < V11.1). Unified Automation .NET based OPC UA Server SDK before 3.2.2 used in Siemens products are affected by a similar vulnerability as documented in CVE-2023-27321 for the OPC Foundation UA .NET Standard implementation. A successful attack may lead to high load situation and memory exhaustion, and may block the server.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://cert-portal.siemens.com/productcert/html/ssa-088132.html
https://cert-portal.siemens.com/productcert/html/ssa-088132.html

Configurations

No configuration.

History

No history.

Information

Published : 2024-07-09 12:15

Updated : 2024-11-21 08:40

NVD link : CVE-2023-52891

Mitre link : CVE-2023-52891

CVE.ORG link : CVE-2023-52891

JSON object : View

Products Affected

No product.

CWE

CWE-1325

Improperly Controlled Sequential Memory Allocation

{"id": "CVE-2023-52891", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "productcert@siemens.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2024-07-09T12:15:11.263", "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-088132.html", "source": "productcert@siemens.com"}, {"url": "https://cert-portal.siemens.com/productcert/html/ssa-088132.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "productcert@siemens.com", "description": [{"lang": "en", "value": "CWE-1325"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.5), SIMATIC Energy Manager PRO (All versions < V7.5), SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions), SIMIT V10 (All versions), SIMIT V11 (All versions < V11.1). Unified Automation .NET based OPC UA Server SDK before 3.2.2 used in Siemens products are affected by a similar vulnerability as documented in CVE-2023-27321 for the OPC Foundation UA .NET Standard implementation. A successful attack may lead to high load situation and memory exhaustion, and may block the server."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en SIMATIC Energy Manager Basic (todas las versiones < V7.5), SIMATIC Energy Manager PRO (todas las versiones < V7.5), SIMATIC IPC DiagBase (todas las versiones), SIMATIC IPC DiagMonitor (todas las versiones), SIMIT V10 (Todas las versiones), SIMIT V11 (Todas las versiones < V11.1). El SDK del servidor OPC UA basado en Unified Automation .NET anterior a 3.2.2 utilizado en productos Siemens se ve afectado por una vulnerabilidad similar a la documentada en CVE-2023-27321 para la implementaci\u00f3n del est\u00e1ndar OPC Foundation UA .NET. Un ataque exitoso puede provocar una situaci\u00f3n de carga elevada y agotamiento de la memoria, y puede bloquear el servidor."}], "lastModified": "2024-11-21T08:40:48.800", "sourceIdentifier": "productcert@siemens.com"}