Lucene search

K
cve[email protected]CVE-2023-27465
HistoryJun 13, 2023 - 9:15 a.m.

CVE-2023-27465

2023-06-1309:15:16
CWE-213
CWE-200
web.nvd.nist.gov
13
cve-2023-27465
simotion
vulnerability
unauthenticated access
debugging services
nvd
technology object configuration
security level low

4.6 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

4.6 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.2%

A vulnerability has been identified in SIMOTION C240 (All versions >= V5.4 < V5.5 SP1), SIMOTION C240 PN (All versions >= V5.4 < V5.5 SP1), SIMOTION D410-2 DP (All versions >= V5.4 < V5.5 SP1), SIMOTION D410-2 DP/PN (All versions >= V5.4 < V5.5 SP1), SIMOTION D425-2 DP (All versions >= V5.4 < V5.5 SP1), SIMOTION D425-2 DP/PN (All versions >= V5.4 < V5.5 SP1), SIMOTION D435-2 DP (All versions >= V5.4 < V5.5 SP1), SIMOTION D435-2 DP/PN (All versions >= V5.4 < V5.5 SP1), SIMOTION D445-2 DP/PN (All versions >= V5.4), SIMOTION D445-2 DP/PN (All versions >= V5.4 < V5.5 SP1), SIMOTION D455-2 DP/PN (All versions >= V5.4 < V5.5 SP1), SIMOTION P320-4 E (All versions >= V5.4), SIMOTION P320-4 S (All versions >= V5.4). When operated with Security Level Low the device does not protect access to certain services relevant for debugging. This could allow an unauthenticated attacker to extract confidential technology object (TO) configuration from the device.

Affected configurations

NVD
Node
siemenssimotion_d425-2_dpMatch-
AND
siemenssimotion_d425-2_dp_firmwareRange5.45.5
OR
siemenssimotion_d425-2_dp_firmwareMatch5.5-
Node
siemenssimotion_d425-2_dp\/pnMatch-
AND
siemenssimotion_d425-2_dp\/pn_firmwareRange5.45.5
OR
siemenssimotion_d425-2_dp\/pn_firmwareMatch5.5-
Node
siemenssimotion_d435-2_dp_firmwareRange5.45.5
OR
siemenssimotion_d435-2_dp_firmwareMatch5.5-
AND
siemenssimotion_d435-2_dpMatch-
Node
siemenssimotion_d435-2_dp\/pn_firmwareRange5.45.5
OR
siemenssimotion_d435-2_dp\/pn_firmwareMatch5.5-
AND
siemenssimotion_d435-2_dp\/pnMatch-
Node
siemenssimotion_d445-2_dp\/pn_\(0aa1\)_firmwareRange5.45.5
OR
siemenssimotion_d445-2_dp\/pn_\(0aa1\)_firmwareMatch5.5-
AND
siemenssimotion_d445-2_dp\/pn_\(0aa1\)Match-
Node
siemenssimotion_d445-2_dp\/pn_\(0aa0\)_firmwareMatch5.4
AND
siemenssimotion_d445-2_dp\/pn_\(0aa0\)Match-
Node
siemenssimotion_d455-2_dp\/pn_firmwareRange5.45.5
OR
siemenssimotion_d455-2_dp\/pn_firmwareMatch5.5-
AND
siemenssimotion_d455-2_dp\/pnMatch-
Node
siemenssimotion_p320-4_eMatch-
AND
siemenssimotion_p320-4_e_firmwareMatch5.4
Node
siemenssimotion_p320-4_sMatch-
AND
siemenssimotion_p320-4_s_firmwareMatch5.4
Node
siemenssimotion_d410-2_dpMatch-
AND
siemenssimotion_d410-2_dp_firmwareRange5.45.5
OR
siemenssimotion_d410-2_dp_firmwareMatch5.5-
Node
siemenssimotion_d410-2_dp\/pnMatch-
AND
siemenssimotion_d410-2_dp\/pn_firmwareRange5.45.5
OR
siemenssimotion_d410-2_dp\/pn_firmwareMatch5.5-
Node
siemenssimotion_c240_pnMatch-
AND
siemenssimotion_c240_pn_firmwareRange5.45.5
OR
siemenssimotion_c240_pn_firmwareMatch5.5-
Node
siemenssimotion_c240Match-
AND
siemenssimotion_c240_firmwareRange5.45.5
OR
siemenssimotion_c240_firmwareMatch5.5-

CNA Affected

[
  {
    "vendor": "Siemens",
    "product": "SIMOTION C240",
    "versions": [
      {
        "version": "All versions >= V5.4 < V5.5 SP1",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMOTION C240 PN",
    "versions": [
      {
        "version": "All versions >= V5.4 < V5.5 SP1",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMOTION D410-2 DP",
    "versions": [
      {
        "version": "All versions >= V5.4 < V5.5 SP1",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMOTION D410-2 DP/PN",
    "versions": [
      {
        "version": "All versions >= V5.4 < V5.5 SP1",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMOTION D425-2 DP",
    "versions": [
      {
        "version": "All versions >= V5.4 < V5.5 SP1",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMOTION D425-2 DP/PN",
    "versions": [
      {
        "version": "All versions >= V5.4 < V5.5 SP1",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMOTION D435-2 DP",
    "versions": [
      {
        "version": "All versions >= V5.4 < V5.5 SP1",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMOTION D435-2 DP/PN",
    "versions": [
      {
        "version": "All versions >= V5.4 < V5.5 SP1",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMOTION D445-2 DP/PN",
    "versions": [
      {
        "version": "All versions >= V5.4",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMOTION D445-2 DP/PN",
    "versions": [
      {
        "version": "All versions >= V5.4 < V5.5 SP1",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMOTION D455-2 DP/PN",
    "versions": [
      {
        "version": "All versions >= V5.4 < V5.5 SP1",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMOTION P320-4 E",
    "versions": [
      {
        "version": "All versions >= V5.4",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMOTION P320-4 S",
    "versions": [
      {
        "version": "All versions >= V5.4",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  }
]

4.6 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

4.6 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.2%

Related for CVE-2023-27465