The vulnerability of the Opcenter Quality production process management system, the SIMATIC PCS neo technological process management web system, the SINUMERIK Integrate RunMyHMI/Automotive production process automation and management software, and the Totally Integrated Automation Portal (Portal TIA) – related to copying buffers without checking input data size – allows a malicious actor to trigger service failures.

🗓️ 19 Dec 2023 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 3 Views

Unchecked buffer size in Opcenter Quality, SIMATIC PCS neo, SINUMERIK Integrate RunMyHMI/Automotive, and Portal TIA may cause service failures.

Reporter	Title	Published	Views	Family All 13
ATTACKERKB	CVE-2023-46284	12 Dec 202312:15	–	attackerkb
CNNVD	Siemens Opcenter Quality 缓冲区错误漏洞	12 Dec 202300:00	–	cnnvd
CNVD	Siemens User Management Component (UMC) Classic Buffer Overflow Vulnerability (CNVD-2023-97275)	13 Dec 202300:00	–	cnvd
CVE	CVE-2023-46284	12 Dec 202311:27	–	cve
Cvelist	CVE-2023-46284	12 Dec 202311:27	–	cvelist
EUVD	EUVD-2023-50509	3 Oct 202520:07	–	euvd
ICS	Siemens User Management Component (UMC)	12 Dec 202300:00	–	ics
NVD	CVE-2023-46284	12 Dec 202312:15	–	nvd
OSV	CVE-2023-46284	12 Dec 202312:15	–	osv
Prion	Design/Logic Flaw	12 Dec 202312:15	–	prion

Vulners

Node

siemens_ag tia_portalMatch14

OR

siemens_ag tia_portalMatch16

OR

siemens_ag tia_portalMatch15.1

OR

siemens_ag tia_portalMatch17

OR

siemens_ag simatic_pcs_neoRange<4.1

Source	Link
cert-portal	www.cert-portal.siemens.com/productcert/pdf/ssa-999588.pdf
safe-surf	www.safe-surf.ru/upload/VULN-new/VULN.2023-12-15.1.pdf
web	www.web.nvd.nist.gov/view/vuln/detail

19 Dec 2023 00:00Current

7.2High risk

Vulners AI Score7.2

CVSS 37.5

CVSS 27.8

EPSS0.00905

buffer size unchecked opcenter quality simatic pcs neo sinumerik integrate runmyhmi automotive portal tia