cvelistv5 - cve-2023-29054

CVE-2023-29054 (GCVE-0-2023-29054)

Vulnerability from cvelistv5

Published

2023-04-11 09:03

Modified

2025-02-07 16:49

Severity ?

6.7 (Medium) - CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H/E:P/RL:U/RC:C

CWE

CWE-326 - Inadequate Encryption Strength

Summary

A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2P IRT (All versions < V5.5.2), SCALANCE X202-2P IRT PRO (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT PRO (All versions < V5.5.2), SCALANCE XF201-3P IRT (All versions < V5.5.2), SCALANCE XF202-2P IRT (All versions < V5.5.2), SCALANCE XF204-2BA IRT (All versions < V5.5.2), SCALANCE XF204IRT (All versions < V5.5.2), SIPLUS NET SCALANCE X202-2P IRT (All versions < V5.5.2). The SSH server on affected devices is configured to offer weak ciphers by default. This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data passed over the connection between legitimate clients and the affected device.

References

URL

Tags

https://cert-portal.siemens.com/productcert/pdf/ssa-479249.pdf

Impacted products

Vendor

Product

Version

Siemens

SCALANCE X200-4P IRT

Version: All versions < V5.5.2

Siemens	SCALANCE X201-3P IRT	Version: All versions < V5.5.2
Siemens	SCALANCE X201-3P IRT PRO	Version: All versions < V5.5.2
Siemens	SCALANCE X202-2IRT	Version: All versions < V5.5.2
Siemens	SCALANCE X202-2IRT	Version: All versions < V5.5.2
Siemens	SCALANCE X202-2P IRT	Version: All versions < V5.5.2
Siemens	SCALANCE X202-2P IRT PRO	Version: All versions < V5.5.2
Siemens	SCALANCE X204IRT	Version: All versions < V5.5.2
Siemens	SCALANCE X204IRT	Version: All versions < V5.5.2
Siemens	SCALANCE X204IRT PRO	Version: All versions < V5.5.2
Siemens	SCALANCE XF201-3P IRT	Version: All versions < V5.5.2
Siemens	SCALANCE XF202-2P IRT	Version: All versions < V5.5.2
Siemens	SCALANCE XF204-2BA IRT	Version: All versions < V5.5.2
Siemens	SCALANCE XF204IRT	Version: All versions < V5.5.2
Siemens	SIPLUS NET SCALANCE X202-2P IRT	Version: All versions < V5.5.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T14:00:14.631Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479249.pdf"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-29054",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-07T16:49:12.465183Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-07T16:49:26.184Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X200-4P IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X201-3P IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X201-3P IRT PRO",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X202-2IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X202-2IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X202-2P IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X202-2P IRT PRO",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X204IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X204IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X204IRT PRO",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XF201-3P IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XF202-2P IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XF204-2BA IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XF204IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS NET SCALANCE X202-2P IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.5.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in SCALANCE X200-4P IRT (All versions \u003c V5.5.2), SCALANCE X201-3P IRT (All versions \u003c V5.5.2), SCALANCE X201-3P IRT PRO (All versions \u003c V5.5.2), SCALANCE X202-2IRT (All versions \u003c V5.5.2), SCALANCE X202-2IRT (All versions \u003c V5.5.2), SCALANCE X202-2P IRT (All versions \u003c V5.5.2), SCALANCE X202-2P IRT PRO (All versions \u003c V5.5.2), SCALANCE X204IRT (All versions \u003c V5.5.2), SCALANCE X204IRT (All versions \u003c V5.5.2), SCALANCE X204IRT PRO (All versions \u003c V5.5.2), SCALANCE XF201-3P IRT (All versions \u003c V5.5.2), SCALANCE XF202-2P IRT (All versions \u003c V5.5.2), SCALANCE XF204-2BA IRT (All versions \u003c V5.5.2), SCALANCE XF204IRT (All versions \u003c V5.5.2), SIPLUS NET SCALANCE X202-2P IRT (All versions \u003c V5.5.2). The SSH server on affected devices is configured to offer weak ciphers by default.\r\n\r\nThis could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data\r\npassed over the connection between legitimate clients and the affected device."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H/E:P/RL:U/RC:C",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-326",
              "description": "CWE-326: Inadequate Encryption Strength",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-04-11T09:03:08.813Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479249.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2023-29054",
    "datePublished": "2023-04-11T09:03:08.813Z",
    "dateReserved": "2023-03-30T12:04:26.539Z",
    "dateUpdated": "2025-02-07T16:49:26.184Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTFR-2023-AVI-0298

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Siemens	N/A	Solid Edge SE2023 avec KeyShot 11 versions antérieures à V2023.1
Siemens	N/A	TIA Portal V18 versions antérieures à V18 Update 1
Siemens	N/A	TeleControl Server Basic V3
Siemens	N/A	Polarion ALM versions antérieures à V2304.0
Siemens	N/A	CP-8031 MASTER MODULE (6MF2803-1AA00) et CP-8050 MASTER MODULE (6MF2805-0AA00) versions antérieures à CPCI85 V05
Siemens	N/A	TIA Portal V15, V16 et V17
Siemens	N/A	JT2Go versions antérieures à V14.2.0.2
Siemens	N/A	De nombreuses références SIPROTEC, SCALANCE, SIMATIC et SIPLUS, se référer aux bulletins de sécurité de l'éditeur pour la liste complète
Siemens	N/A	SIMATIC S7-400 PN/DP CPU family
Siemens	N/A	Teamcenter Visualization V13.2 versions antérieures à V13.2.0.13
Siemens	N/A	Mendix Forgot Password (Mendix 8 compatible) versions antérieures à V4.1.1
Siemens	N/A	Mendix Forgot Password (Mendix 9 compatible) versions antérieures à V5.1.1
Siemens	N/A	SIMATIC CP 443-1 Advanced versions antérieures à V3.2.17
Siemens	N/A	SIMATIC CP 343-1 Advanced versions antérieures à V3.0.53
Siemens	N/A	Teamcenter Visualization V14.0 versions antérieures à V14.0.0.5
Siemens	N/A	SCALANCE XCM332 (6GK5332-0GA01-2AC2) versions antérieures à V2.2
Siemens	N/A	JT Open versions antérieures à V11.3.2.0
Siemens	N/A	Teamcenter Visualization V14.2 versions antérieures à V14.2.0.2
Siemens	N/A	Mendix Forgot Password (Mendix 7 compatible) versions antérieures à V3.7.1
Siemens	N/A	JT Utilities versions antérieures à V13.3.0.0
Siemens	N/A	Teamcenter Visualization V13.3 versions antérieures à V13.3.0.9
Siemens	N/A	OpenPCS 7 V9.1
Siemens	N/A	SIMATIC S7-300 CPU family versions antérieures à V3.X.18
Siemens	N/A	Teamcenter Visualization V14.1 versions antérieures à V14.1.0.7

References

Title

Publication Time

Tags

Bulletin de sécurité Siemens ssa-699404 du 11 avril 2023	None	vendor-advisory
Bulletin de sécurité Siemens ssa-479249 du 11 avril 2023	None	vendor-advisory
Bulletin de sécurité Siemens ssa-572164 du 11 avril 2023	None	vendor-advisory
Bulletin de sécurité Siemens ssa-691715 du 11 avril 2023	None	vendor-advisory
Bulletin de sécurité Siemens ssa-511182 du 11 avril 2023	None	vendor-advisory
Bulletin de sécurité Siemens ssa-566905 du 11 avril 2023	None	vendor-advisory
Bulletin de sécurité Siemens ssa-642810 du 11 avril 2023	None	vendor-advisory
Bulletin de sécurité Siemens ssa-603476 du 11 avril 2023	None	vendor-advisory
Bulletin de sécurité Siemens ssa-813746 du 11 avril 2023	None	vendor-advisory
Bulletin de sécurité Siemens ssa-629917 du 11 avril 2023	None	vendor-advisory
Bulletin de sécurité Siemens ssa-558014 du 11 avril 2023	None	vendor-advisory
Bulletin de sécurité Siemens ssa-322980 du 11 avril 2023	None	vendor-advisory
Bulletin de sécurité Siemens ssa-116924 du 11 avril 2023	None	vendor-advisory
Bulletin de sécurité Siemens ssa-632164 du 11 avril 2023	None	vendor-advisory
Bulletin de sécurité Siemens ssa-472454 du 11 avril 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Solid Edge SE2023 avec KeyShot 11 versions ant\u00e9rieures \u00e0 V2023.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "TIA Portal V18 versions ant\u00e9rieures \u00e0 V18 Update 1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "TeleControl Server Basic V3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Polarion ALM versions ant\u00e9rieures \u00e0 V2304.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "CP-8031 MASTER MODULE (6MF2803-1AA00) et CP-8050 MASTER MODULE (6MF2805-0AA00) versions ant\u00e9rieures \u00e0 CPCI85 V05",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "TIA Portal V15, V16 et V17",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "JT2Go versions ant\u00e9rieures \u00e0 V14.2.0.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "De nombreuses r\u00e9f\u00e9rences SIPROTEC, SCALANCE, SIMATIC et SIPLUS, se r\u00e9f\u00e9rer aux bulletins de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour la liste compl\u00e8te",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-400 PN/DP CPU family",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Teamcenter Visualization V13.2 versions ant\u00e9rieures \u00e0 V13.2.0.13",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Mendix Forgot Password (Mendix 8 compatible) versions ant\u00e9rieures \u00e0 V4.1.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Mendix Forgot Password (Mendix 9 compatible) versions ant\u00e9rieures \u00e0 V5.1.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 443-1 Advanced versions ant\u00e9rieures \u00e0 V3.2.17",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 343-1 Advanced versions ant\u00e9rieures \u00e0 V3.0.53",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Teamcenter Visualization V14.0 versions ant\u00e9rieures \u00e0 V14.0.0.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XCM332 (6GK5332-0GA01-2AC2) versions ant\u00e9rieures \u00e0 V2.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "JT Open versions ant\u00e9rieures \u00e0 V11.3.2.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Teamcenter Visualization V14.2 versions ant\u00e9rieures \u00e0 V14.2.0.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Mendix Forgot Password (Mendix 7 compatible) versions ant\u00e9rieures \u00e0 V3.7.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "JT Utilities versions ant\u00e9rieures \u00e0 V13.3.0.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Teamcenter Visualization V13.3 versions ant\u00e9rieures \u00e0 V13.3.0.9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "OpenPCS 7 V9.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-300 CPU family versions ant\u00e9rieures \u00e0 V3.X.18",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Teamcenter Visualization V14.1 versions ant\u00e9rieures \u00e0 V14.1.0.7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-35252",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-35252"
    },
    {
      "name": "CVE-2023-28828",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28828"
    },
    {
      "name": "CVE-2016-8673",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8673"
    },
    {
      "name": "CVE-2020-35198",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35198"
    },
    {
      "name": "CVE-2022-32208",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32208"
    },
    {
      "name": "CVE-2023-28766",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28766"
    },
    {
      "name": "CVE-2021-27044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27044"
    },
    {
      "name": "CVE-2022-1652",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1652"
    },
    {
      "name": "CVE-2022-32207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32207"
    },
    {
      "name": "CVE-2023-29053",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29053"
    },
    {
      "name": "CVE-2023-28489",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28489"
    },
    {
      "name": "CVE-2022-43767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43767"
    },
    {
      "name": "CVE-2022-44725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-44725"
    },
    {
      "name": "CVE-2023-29054",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29054"
    },
    {
      "name": "CVE-2023-23588",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23588"
    },
    {
      "name": "CVE-2021-46828",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-46828"
    },
    {
      "name": "CVE-2016-8672",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8672"
    },
    {
      "name": "CVE-2023-26293",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26293"
    },
    {
      "name": "CVE-2022-40674",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40674"
    },
    {
      "name": "CVE-2022-43716",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43716"
    },
    {
      "name": "CVE-2022-32205",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32205"
    },
    {
      "name": "CVE-2022-32206",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32206"
    },
    {
      "name": "CVE-2022-1729",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1729"
    },
    {
      "name": "CVE-2022-43768",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43768"
    },
    {
      "name": "CVE-2023-27464",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27464"
    },
    {
      "name": "CVE-2020-28895",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28895"
    },
    {
      "name": "CVE-2023-1709",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1709"
    },
    {
      "name": "CVE-2022-30065",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30065"
    }
  ],
  "initial_release_date": "2023-04-11T00:00:00",
  "last_revision_date": "2023-04-11T00:00:00",
  "links": [],
  "reference": "CERTFR-2023-AVI-0298",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-04-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-699404 du 11 avril 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-699404.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-479249 du 11 avril 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-479249.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-572164 du 11 avril 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-572164.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-691715 du 11 avril 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-691715.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-511182 du 11 avril 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-511182.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-566905 du 11 avril 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-566905.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-642810 du 11 avril 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-642810.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-603476 du 11 avril 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-603476.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-813746 du 11 avril 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-813746.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-629917 du 11 avril 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-629917.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-558014 du 11 avril 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-558014.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-322980 du 11 avril 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-322980.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-116924 du 11 avril 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-116924.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-632164 du 11 avril 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-632164.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-472454 du 11 avril 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-472454.html"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2023-29054 (GCVE-0-2023-29054)

Vulnerability from cvelistv5

CERTFR-2023-AVI-0298

Vulnerability from certfr_avis

Solution

Tags

Sightings

Nomenclature