CVE-2023-46285

🗓️ 12 Dec 2023 11:27:17Reported by siemensType

Vulnerability in Opcenter Quality, SIMATIC PCS neo, SINEC NMS, TIA Portal

Reporter	Title	Published	Views	Family All 11
BDU FSTEC	The vulnerability of the Opcenter Quality production process management system, the SIMATIC PCS neo technological process management web system, the SINUMERIK Integrate RunMyHMI/Automotive production process automation and management software, and the Totally Integrated Automation Portal (Portal TIA) – all of which are related to insufficient data validation – allow a malicious individual to trigger service failures.	19 Dec 202300:00	–	bdu_fstec
Circl	CVE-2023-46285	24 May 202510:45	–	circl
CNNVD	Siemens Opcenter Quality 输入验证错误漏洞	12 Dec 202300:00	–	cnnvd
CNVD	Siemens User Management Component (UMC) Input Validation Improperity Vulnerability	13 Dec 202300:00	–	cnvd
CVE	CVE-2023-46285	12 Dec 202311:27	–	cve
EUVD	EUVD-2023-50510	3 Oct 202520:07	–	euvd
ICS	Siemens User Management Component (UMC)	12 Dec 202300:00	–	ics
NVD	CVE-2023-46285	12 Dec 202312:15	–	nvd
Prion	Input validation	12 Dec 202312:15	–	prion
Positive Technologies	PT-2023-7778 · Siemens · Opcenter Quality +4	12 Dec 202300:00	–	ptsecurity

[
  {
    "vendor": "Siemens",
    "product": "Opcenter Execution Foundation",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V2407",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Opcenter Quality",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V2312",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMATIC PCS neo",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V4.1",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SINEC NMS",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V2.0 SP1",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Totally Integrated Automation Portal (TIA Portal) V14",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "*",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Totally Integrated Automation Portal (TIA Portal) V15.1",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "*",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Totally Integrated Automation Portal (TIA Portal) V16",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "*",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Totally Integrated Automation Portal (TIA Portal) V17",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V17 Update 8",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Totally Integrated Automation Portal (TIA Portal) V18",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V18 Update 3",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  }
]

Source	Link
cert-portal	www.cert-portal.siemens.com/productcert/html/ssa-999588.html
cert-portal	www.cert-portal.siemens.com/productcert/pdf/ssa-999588.pdf

14 Jan 2025 10:29Current

7.5High risk

Vulners AI Score7.5

CVSS 3.17.5

EPSS0.00213

CWE-20