cvelistv5 - cve-2023-27464

CVE-2023-27464 (GCVE-0-2023-27464)

Vulnerability from cvelistv5

Published

2023-04-11 09:03

Modified

2025-02-07 16:50

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C

CWE

CWE-204 - Observable Response Discrepancy

Summary

A vulnerability has been identified in Mendix Forgot Password (Mendix 7 compatible) (All versions < V3.7.1), Mendix Forgot Password (Mendix 8 compatible) (All versions < V4.1.1), Mendix Forgot Password (Mendix 9 compatible) (All versions < V5.1.1). The affected versions of the module contain an observable response discrepancy issue that could allow an attacker to retrieve sensitive information.

References

URL

CERTFR-2023-AVI-0298

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Siemens	N/A	Solid Edge SE2023 avec KeyShot 11 versions antérieures à V2023.1
Siemens	N/A	TIA Portal V18 versions antérieures à V18 Update 1
Siemens	N/A	TeleControl Server Basic V3
Siemens	N/A	Polarion ALM versions antérieures à V2304.0
Siemens	N/A	CP-8031 MASTER MODULE (6MF2803-1AA00) et CP-8050 MASTER MODULE (6MF2805-0AA00) versions antérieures à CPCI85 V05
Siemens	N/A	TIA Portal V15, V16 et V17
Siemens	N/A	JT2Go versions antérieures à V14.2.0.2
Siemens	N/A	De nombreuses références SIPROTEC, SCALANCE, SIMATIC et SIPLUS, se référer aux bulletins de sécurité de l'éditeur pour la liste complète
Siemens	N/A	SIMATIC S7-400 PN/DP CPU family
Siemens	N/A	Teamcenter Visualization V13.2 versions antérieures à V13.2.0.13
Siemens	N/A	Mendix Forgot Password (Mendix 8 compatible) versions antérieures à V4.1.1
Siemens	N/A	Mendix Forgot Password (Mendix 9 compatible) versions antérieures à V5.1.1
Siemens	N/A	SIMATIC CP 443-1 Advanced versions antérieures à V3.2.17
Siemens	N/A	SIMATIC CP 343-1 Advanced versions antérieures à V3.0.53
Siemens	N/A	Teamcenter Visualization V14.0 versions antérieures à V14.0.0.5
Siemens	N/A	SCALANCE XCM332 (6GK5332-0GA01-2AC2) versions antérieures à V2.2
Siemens	N/A	JT Open versions antérieures à V11.3.2.0
Siemens	N/A	Teamcenter Visualization V14.2 versions antérieures à V14.2.0.2
Siemens	N/A	Mendix Forgot Password (Mendix 7 compatible) versions antérieures à V3.7.1
Siemens	N/A	JT Utilities versions antérieures à V13.3.0.0
Siemens	N/A	Teamcenter Visualization V13.3 versions antérieures à V13.3.0.9
Siemens	N/A	OpenPCS 7 V9.1
Siemens	N/A	SIMATIC S7-300 CPU family versions antérieures à V3.X.18
Siemens	N/A	Teamcenter Visualization V14.1 versions antérieures à V14.1.0.7

References

Title

Publication Time

Tags

Bulletin de sécurité Siemens ssa-699404 du 11 avril 2023	None	vendor-advisory
Bulletin de sécurité Siemens ssa-479249 du 11 avril 2023	None	vendor-advisory
Bulletin de sécurité Siemens ssa-572164 du 11 avril 2023	None	vendor-advisory
Bulletin de sécurité Siemens ssa-691715 du 11 avril 2023	None	vendor-advisory
Bulletin de sécurité Siemens ssa-511182 du 11 avril 2023	None	vendor-advisory
Bulletin de sécurité Siemens ssa-566905 du 11 avril 2023	None	vendor-advisory
Bulletin de sécurité Siemens ssa-642810 du 11 avril 2023	None	vendor-advisory
Bulletin de sécurité Siemens ssa-603476 du 11 avril 2023	None	vendor-advisory
Bulletin de sécurité Siemens ssa-813746 du 11 avril 2023	None	vendor-advisory
Bulletin de sécurité Siemens ssa-629917 du 11 avril 2023	None	vendor-advisory
Bulletin de sécurité Siemens ssa-558014 du 11 avril 2023	None	vendor-advisory
Bulletin de sécurité Siemens ssa-322980 du 11 avril 2023	None	vendor-advisory
Bulletin de sécurité Siemens ssa-116924 du 11 avril 2023	None	vendor-advisory
Bulletin de sécurité Siemens ssa-632164 du 11 avril 2023	None	vendor-advisory
Bulletin de sécurité Siemens ssa-472454 du 11 avril 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Solid Edge SE2023 avec KeyShot 11 versions ant\u00e9rieures \u00e0 V2023.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "TIA Portal V18 versions ant\u00e9rieures \u00e0 V18 Update 1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "TeleControl Server Basic V3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Polarion ALM versions ant\u00e9rieures \u00e0 V2304.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "CP-8031 MASTER MODULE (6MF2803-1AA00) et CP-8050 MASTER MODULE (6MF2805-0AA00) versions ant\u00e9rieures \u00e0 CPCI85 V05",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "TIA Portal V15, V16 et V17",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "JT2Go versions ant\u00e9rieures \u00e0 V14.2.0.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "De nombreuses r\u00e9f\u00e9rences SIPROTEC, SCALANCE, SIMATIC et SIPLUS, se r\u00e9f\u00e9rer aux bulletins de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour la liste compl\u00e8te",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-400 PN/DP CPU family",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Teamcenter Visualization V13.2 versions ant\u00e9rieures \u00e0 V13.2.0.13",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Mendix Forgot Password (Mendix 8 compatible) versions ant\u00e9rieures \u00e0 V4.1.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Mendix Forgot Password (Mendix 9 compatible) versions ant\u00e9rieures \u00e0 V5.1.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 443-1 Advanced versions ant\u00e9rieures \u00e0 V3.2.17",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 343-1 Advanced versions ant\u00e9rieures \u00e0 V3.0.53",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Teamcenter Visualization V14.0 versions ant\u00e9rieures \u00e0 V14.0.0.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XCM332 (6GK5332-0GA01-2AC2) versions ant\u00e9rieures \u00e0 V2.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "JT Open versions ant\u00e9rieures \u00e0 V11.3.2.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Teamcenter Visualization V14.2 versions ant\u00e9rieures \u00e0 V14.2.0.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Mendix Forgot Password (Mendix 7 compatible) versions ant\u00e9rieures \u00e0 V3.7.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "JT Utilities versions ant\u00e9rieures \u00e0 V13.3.0.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Teamcenter Visualization V13.3 versions ant\u00e9rieures \u00e0 V13.3.0.9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "OpenPCS 7 V9.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-300 CPU family versions ant\u00e9rieures \u00e0 V3.X.18",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Teamcenter Visualization V14.1 versions ant\u00e9rieures \u00e0 V14.1.0.7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-35252",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-35252"
    },
    {
      "name": "CVE-2023-28828",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28828"
    },
    {
      "name": "CVE-2016-8673",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8673"
    },
    {
      "name": "CVE-2020-35198",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35198"
    },
    {
      "name": "CVE-2022-32208",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32208"
    },
    {
      "name": "CVE-2023-28766",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28766"
    },
    {
      "name": "CVE-2021-27044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27044"
    },
    {
      "name": "CVE-2022-1652",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1652"
    },
    {
      "name": "CVE-2022-32207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32207"
    },
    {
      "name": "CVE-2023-29053",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29053"
    },
    {
      "name": "CVE-2023-28489",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28489"
    },
    {
      "name": "CVE-2022-43767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43767"
    },
    {
      "name": "CVE-2022-44725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-44725"
    },
    {
      "name": "CVE-2023-29054",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29054"
    },
    {
      "name": "CVE-2023-23588",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23588"
    },
    {
      "name": "CVE-2021-46828",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-46828"
    },
    {
      "name": "CVE-2016-8672",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8672"
    },
    {
      "name": "CVE-2023-26293",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26293"
    },
    {
      "name": "CVE-2022-40674",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40674"
    },
    {
      "name": "CVE-2022-43716",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43716"
    },
    {
      "name": "CVE-2022-32205",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32205"
    },
    {
      "name": "CVE-2022-32206",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32206"
    },
    {
      "name": "CVE-2022-1729",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1729"
    },
    {
      "name": "CVE-2022-43768",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43768"
    },
    {
      "name": "CVE-2023-27464",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27464"
    },
    {
      "name": "CVE-2020-28895",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28895"
    },
    {
      "name": "CVE-2023-1709",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1709"
    },
    {
      "name": "CVE-2022-30065",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30065"
    }
  ],
  "initial_release_date": "2023-04-11T00:00:00",
  "last_revision_date": "2023-04-11T00:00:00",
  "links": [],
  "reference": "CERTFR-2023-AVI-0298",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-04-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-699404 du 11 avril 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-699404.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-479249 du 11 avril 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-479249.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-572164 du 11 avril 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-572164.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-691715 du 11 avril 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-691715.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-511182 du 11 avril 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-511182.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-566905 du 11 avril 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-566905.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-642810 du 11 avril 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-642810.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-603476 du 11 avril 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-603476.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-813746 du 11 avril 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-813746.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-629917 du 11 avril 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-629917.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-558014 du 11 avril 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-558014.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-322980 du 11 avril 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-322980.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-116924 du 11 avril 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-116924.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-632164 du 11 avril 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-632164.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-472454 du 11 avril 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-472454.html"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted