Today > | 3 Medium vulnerabilities   -   You can now download lists of IOCs here!

CVE-2023-52891

July 9, 2024, 6:19 p.m.

CVSS Score

5.3 / 10

Product(s) Impacted

SIMATIC Energy Manager Basic

  • < V7.5

SIMATIC Energy Manager PRO

  • < V7.5

SIMATIC IPC DiagBase

SIMATIC IPC DiagMonitor

SIMIT V10

SIMIT V11

  • < V11.1

Unified Automation .NET based OPC UA Server SDK

  • before 3.2.2

Description

A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.5), SIMATIC Energy Manager PRO (All versions < V7.5), SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions), SIMIT V10 (All versions), SIMIT V11 (All versions < V11.1). Unified Automation .NET based OPC UA Server SDK before 3.2.2 used in Siemens products are affected by a similar vulnerability as documented in CVE-2023-27321 for the OPC Foundation UA .NET Standard implementation. A successful attack may lead to high load situation and memory exhaustion, and may block the server.

Weaknesses

CWE-1325
Improperly Controlled Sequential Memory Allocation

The product manages a group of objects or resources and performs a separate memory allocation for each object, but it does not properly limit the total amount of memory that is consumed by all of the combined objects.

CWE ID: 1325

Date

Published: July 9, 2024, 12:15 p.m.

Last Modified: July 9, 2024, 6:19 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

productcert@siemens.com

CVSS Data

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

Base Score
5.3
Exploitability Score
3.9
Impact Score
1.4
Base Severity
MEDIUM
CVSS Vector String

The CVSS vector string provides an in-depth view of the vulnerability metrics.

View Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

References

https://cert-portal.siemens.com/ productcert@siemens.com