Siemens User Management Component (UMC)

🗓️ 12 Dec 2023 00:00:00Reported by Industrial Control Systems Cyber Emergency Response TeamType

ics🔗 www.cisa.gov👁 50 Views

Siemens UMC product vulnerabilities, including permissive cross-domain policy, XSS, buffer overflow. CISA will no longer update ICS security advisories after Jan 10, 202

Reporter	Title	Published	Views	Family All 57
ATTACKERKB	CVE-2023-46284	12 Dec 202312:15	–	attackerkb
BDU FSTEC	The vulnerability of the Opcenter Quality production process management system, the SIMATIC PCS neo technological process management web system, the SINUMERIK Integrate RunMyHMI/Automotive production process automation and management software, and the Totally Integrated Automation Portal (Portal TIA) – all of which are related to the failure to take measures to protect the website structure – allow attackers to execute arbitrary codes.	19 Dec 202300:00	–	bdu_fstec
BDU FSTEC	The vulnerability of the Opcenter Quality production process management system, the SIMATIC PCS neo technological process management web system, the SINUMERIK Integrate RunMyHMI/Automotive production process automation and management software, and the Totally Integrated Automation Portal (Portal TIA) – all of which are related to insufficient data validation – allow a malicious individual to trigger service failures.	19 Dec 202300:00	–	bdu_fstec
BDU FSTEC	The vulnerability of the Opcenter Quality production process management system, the SIMATIC PCS neo technological process management web system, the SINUMERIK Integrate RunMyHMI/Automotive production process automation and management software, and the Totally Integrated Automation Portal (Portal TIA) – related to copying buffers without checking input data size – allows a malicious actor to trigger service failures.	19 Dec 202300:00	–	bdu_fstec
BDU FSTEC	The vulnerability of the Opcenter Quality production process management system, the SIMATIC PCS neo technological process management web system, the SINUMERIK Integrate RunMyHMI/Automotive production process automation and management software, and the Totally Integrated Automation Portal (Portal TIA) – related to copying buffers without checking input data size – allows a malicious actor to trigger service failures.	19 Dec 202300:00	–	bdu_fstec
BDU FSTEC	The vulnerability of the UMC software product management components, including Opcenter Quality, SIMATIC PCS neo, SINUMERIK Integrate RunMyHMI/Automotive, Totally Integrated Automation Portal (TIA Portal), allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.	5 Jan 202400:00	–	bdu_fstec
Circl	CVE-2023-46281	2 Jan 202412:11	–	circl
Circl	CVE-2023-46282	2 Jan 202412:41	–	circl
Circl	CVE-2023-46285	24 May 202510:45	–	circl
CNNVD	Siemens Opcenter Quality 安全漏洞	12 Dec 202300:00	–	cnnvd

Source	Link
cert-portal	www.cert-portal.siemens.com/productcert/csaf/ssa-999588.json
cert-portal	www.cert-portal.siemens.com/productcert/html/ssa-999588.html
raw	www.raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2023/icsa-23-348-03.json
cisa	www.cisa.gov/news-events/ics-advisories/icsa-23-348-03
cisa	www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01
cisa	www.cisa.gov/resources-tools/resources/ics-recommended-practices
cisa	www.cisa.gov/topics/industrial-control-systems
us-cert	www.us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf
cisa	www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf
cisa	www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B

12 Dec 2023 00:00Current

8High risk

Vulners AI Score8

CVSS 3.17.5 - 8.8

EPSS0.00216

SSVC