The vulnerability of the Opcenter Quality production process management system, the SIMATIC PCS neo technological process management web system, the SINUMERIK Integrate RunMyHMI/Automotive production process automation and management software, and the Totally Integrated Automation Portal (Portal TIA) – related to copying buffers without checking input data size – allows a malicious actor to trigger service failures.

🗓️ 19 Dec 2023 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

Buffer size check bypass in Opcenter Quality, SIMATIC PCS neo, SINUMERIK Integrate RunMyHMI Automotive, and Portal Totally Integrated Automation causes service failures.

Reporter	Title	Published	Views	Family All 10
CNNVD	Siemens Opcenter Quality 安全漏洞	12 Dec 202300:00	–	cnnvd
CNVD	Siemens User Management Component (UMC) Classic Buffer Overflow Vulnerability	13 Dec 202300:00	–	cnvd
CVE	CVE-2023-46283	12 Dec 202311:27	–	cve
Cvelist	CVE-2023-46283	12 Dec 202311:27	–	cvelist
EUVD	EUVD-2023-50508	3 Oct 202520:07	–	euvd
ICS	Siemens User Management Component (UMC)	12 Dec 202300:00	–	ics
NVD	CVE-2023-46283	12 Dec 202312:15	–	nvd
OSV	CVE-2023-46283	12 Dec 202312:15	–	osv
Prion	Design/Logic Flaw	12 Dec 202312:15	–	prion
Positive Technologies	PT-2023-7779 · Siemens · Opcenter Quality +4	12 Dec 202300:00	–	ptsecurity

Vulners

Node

siemens_ag tia_portalMatch14

siemens_ag tia_portalMatch16

siemens_ag tia_portalMatch15.1

siemens_ag tia_portalMatch17

siemens_ag simatic_pcs_neoRange<4.1

Source	Link
cert-portal	www.cert-portal.siemens.com/productcert/pdf/ssa-999588.pdf
safe-surf	www.safe-surf.ru/upload/VULN-new/VULN.2023-12-15.1.pdf
web	www.web.nvd.nist.gov/view/vuln/detail

19 Dec 2023 00:00Current

7.2High risk

Vulners AI Score7.2

CVSS 37.5

CVSS 27.8

EPSS0.00905