CVE-2023-28829
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
25.4%
A vulnerability has been identified in SIMATIC NET PC Software V14 (All versions), SIMATIC NET PC Software V15 (All versions), SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC WinCC (All versions < V8.0), SINAUT Software ST7sc (All versions). Before SIMATIC WinCC V8, legacy OPC services (OPC DA (Data Access), OPC HDA (Historical Data Access), and OPC AE (Alarms & Events)) were used per default. These
services were designed on top of the Windows ActiveX and DCOM mechanisms and do not implement state-of-the-art security mechanisms for authentication and encryption of contents.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| siemens | simatic_net_pc_software | 14.0 | cpe:2.3:a:siemens:simatic_net_pc_software:14.0:*:*:*:*:*:*:* |
| siemens | simatic_net_pc_software | 15.0 | cpe:2.3:a:siemens:simatic_net_pc_software:15.0:*:*:*:*:*:*:* |
| siemens | simatic_pcs_7 | 8.2 | cpe:2.3:a:siemens:simatic_pcs_7:8.2:-:*:*:*:*:*:* |
| siemens | simatic_pcs_7 | 9.0 | cpe:2.3:a:siemens:simatic_pcs_7:9.0:-:*:*:*:*:*:* |
| siemens | simatic_pcs_7 | 9.1 | cpe:2.3:a:siemens:simatic_pcs_7:9.1:-:*:*:*:*:*:* |
| siemens | simatic_wincc | * | cpe:2.3:a:siemens:simatic_wincc:*:*:*:*:*:*:*:* |
| siemens | sinaut_st7sc | * | cpe:2.3:a:siemens:sinaut_st7sc:*:*:*:*:*:*:*:* |
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
25.4%