Products
SIMATIC Energy Manager Basic
- < V7.5
SIMATIC Energy Manager PRO
- < V7.5
SIMATIC IPC DiagBase
SIMATIC IPC DiagMonitor
SIMIT V10
SIMIT V11
- < V11.1
Unified Automation .NET based OPC UA Server SDK
- before 3.2.2
Source
productcert@siemens.com
Tags
CVE-2023-52891 details
Last Modified : July 9, 2024, 6:19 p.m.
Description
A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.5), SIMATIC Energy Manager PRO (All versions < V7.5), SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions), SIMIT V10 (All versions), SIMIT V11 (All versions < V11.1). Unified Automation .NET based OPC UA Server SDK before 3.2.2 used in Siemens products are affected by a similar vulnerability as documented in CVE-2023-27321 for the OPC Foundation UA .NET Standard implementation. A successful attack may lead to high load situation and memory exhaustion, and may block the server.
CVSS Score
| 1 | 2 | 3 | 4 | 5.3 | 6 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|---|---|
| CWE-1325 | Improperly Controlled Sequential Memory Allocation | The product manages a group of objects or resources and performs a separate memory allocation for each object, but it does not properly limit the total amount of memory that is consumed by all of the combined objects. |
CVSS Data
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
Base Score
5.3
Exploitability Score
3.9
Impact Score
1.4
Base Severity
MEDIUM
Vector String : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
References
| URL | Source |
|---|---|
| https://cert-portal.siemens.com/productcert/html/ssa-088132.html | productcert@siemens.com |