CVE-2023-48363

🗓️ 13 Feb 2024 08:59:55Reported by siemensType

Vulnerability in OpenPCS 7, SIMATIC Batch, SIMATIC PCS 7, SIMATIC Route Control, SIMATIC WinCC in multiple versions. RPC protocol implementation allows denial of service

Reporter	Title	Published	Views	Family All 12
Circl	CVE-2023-48363	13 Feb 202410:21	–	circl
CNNVD	Siemens SIMATIC WinCC和Siemens SIMATIC PCS 代码问题漏洞	13 Feb 202400:00	–	cnnvd
CNVD	Multiple Siemens Products Null Pointer Dereference Vulnerability	21 Feb 202400:00	–	cnvd
Cvelist	CVE-2023-48363	13 Feb 202408:59	–	cvelist
EUVD	EUVD-2023-52417	3 Oct 202520:07	–	euvd
ICS	Siemens SIMATIC WinCC, OpenPCS	13 Feb 202400:00	–	ics
NCSC	Vulnerabilities fixed in Siemens products	13 Feb 202400:00	–	ncsc
NVD	CVE-2023-48363	13 Feb 202409:15	–	nvd
OSV	CVE-2023-48363	13 Feb 202409:15	–	osv
Prion	Design/Logic Flaw	13 Feb 202409:15	–	prion

NVD

Node

siemens openpcs_7Range≤9.1

siemens simatic_batchRange≤9.1

siemens simatic_pcs_7Range≤9.1

siemens simatic_route_controlRange≤9.1

siemens simatic_winccMatch7.4

siemens simatic_winccMatch7.5

siemens simatic_winccMatch8.0

siemens simatic_wincc_runtime_professionalRange≤18

siemens simatic_wincc_runtime_professionalMatch19

[
  {
    "vendor": "Siemens",
    "product": "OpenPCS 7 V9.1",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V9.1 SP2 UC05"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMATIC BATCH V9.1",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V9.1 SP2 UC05"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMATIC PCS 7 V9.1",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V9.1 SP2 UC05",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMATIC Route Control V9.1",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V9.1 SP2 UC05"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMATIC WinCC Runtime Professional V18",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V18 Update 4",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMATIC WinCC Runtime Professional V19",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V19 Update 2",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMATIC WinCC V7.4",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "*",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMATIC WinCC V7.5",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V7.5 SP2 Update 15",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMATIC WinCC V8.0",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V8.0 Update 4",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  }
]

Source	Link
cert-portal	www.cert-portal.siemens.com/productcert/html/ssa-753746.html

21 Nov 2024 08:31Current

6.2Medium risk

Vulners AI Score6.2

CVSS 3.16.5

CVSS 47.1

EPSS0.00094

SSVC

CWE-476

cve-2023-48363 vulnerability openpcs 7 simatic batch simatic pcs 7 simatic route control simatic wincc rpc protocol denial of service