cvelistv5 - cve-2023-35796

CVE-2023-35796 (GCVE-0-2023-35796)

Vulnerability from cvelistv5

Published

2023-10-10 10:21

Modified

2024-09-19 14:28

Severity ?

8.3 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C

CWE

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Summary

A vulnerability has been identified in SINEMA Server V14 (All versions). The affected application improperly sanitizes certain SNMP configuration data retrieved from monitored devices. An attacker with access to a monitored device could perform a stored cross-site scripting (XSS) attack that may lead to arbitrary code execution with `SYSTEM` privileges on the application server. (ZDI-CAN-19823)

References

URL

	Vendor	Product	Version
	Siemens	SINEMA Server V14	Version: All versions

CERTFR-2023-AVI-0819

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Siemens	N/A	SINEC NMS versions antérieures à V2.0
Siemens	N/A	SCALANCE W1750D (JP) (6GK5750-2HX01-1AD0) versions antérieures à V8.10.0.6
Siemens	N/A	Simcenter Amesim versions antérieures à V2021.1
Siemens	N/A	Mendix Forgot Password (Mendix 8 compatible) versions antérieures à V4.1.3
Siemens	N/A	Mendix Forgot Password (Mendix 10 compatible) versions antérieures à V5.4.0
Siemens	N/A	SCALANCE W1750D (ROW) (6GK5750-2HX01-1AA0) versions antérieures à V8.10.0.6
Siemens	N/A	Tecnomatix Plant Simulation V2201 versions antérieures à V2201.0009
Siemens	N/A	Mendix Forgot Password (Mendix 9 compatible) versions antérieures à V5.4.0
Siemens	N/A	Parasolid V35.1 versions antérieures à V35.1.250
Siemens	N/A	SIMATIC WinCC OA V3.19 versions antérieures à V3.19 P005
Siemens	N/A	CP-8050 MASTER MODULE (6MF2805-0AA00) versions antérieures à CPCI85 V05.11
Siemens	N/A	CP-8050 MASTER MODULE (6MF2805-0AA00) versions antérieures à CPCI85 V05.11 (uniquement avec le support debug activé)
Siemens	N/A	Parasolid V36.0 versions antérieures à V36.0.169
Siemens	N/A	SIMATIC WinCC OA V3.17 versions antérieures à V3.17 P029
Siemens	N/A	CP-8031 MASTER MODULE (6MF2803-1AA00) versions antérieures à CPCI85 V05.11
Siemens	N/A	Mendix Forgot Password (Mendix 7 compatible) versions antérieures à V3.7.3
Siemens	N/A	CP-8031 MASTER MODULE (6MF2803-1AA00) versions antérieures à CPCI85 V05.11 (uniquement avec le support debug activé)
Siemens	N/A	SICAM PAS/PQS versions supérieures ou égales à V8.00 versions antérieures à V8.22
Siemens	N/A	SIMATIC WinCC OA V3.18 versions antérieures à V3.18 P019
Siemens	N/A	Parasolid V35.0 versions antérieures à V35.0.262
Siemens	N/A	Tecnomatix Plant Simulation V2302 versions antérieures à V2302.0003
Siemens	N/A	SCALANCE W1750D (USA) (6GK5750-2HX01-1AB0) versions antérieures à V8.10.0.6
Siemens	N/A	Xpedition Layout Browser versions antérieures à VX.2.14

References

Title

Publication Time

Tags

Bulletin de sécurité Siemens SSA-160243 du 10 octobre 2023	None	vendor-advisory
Bulletin de sécurité Siemens SSA-386812 du 10 octobre 2023	None	vendor-advisory
Bulletin de sécurité Siemens SSA-843070 du 10 octobre 2023	None	vendor-advisory
Bulletin de sécurité Siemens SSA-829656 du 10 octobre 2023	None	vendor-advisory
Bulletin de sécurité Siemens SSA-647455 du 10 octobre 2023	None	vendor-advisory
Bulletin de sécurité Siemens SSA-295483 du 10 octobre 2023	None	vendor-advisory
Bulletin de sécurité Siemens SSA-711309 du 12 septembre 2023	None	vendor-advisory
Bulletin de sécurité Siemens SSA-524778 du 10 octobre 2023	None	vendor-advisory
Bulletin de sécurité Siemens SSA-784849 du 10 octobre 2023	None	vendor-advisory
Bulletin de sécurité Siemens SSA-134651 du 10 octobre 2023	None	vendor-advisory
Bulletin de sécurité Siemens SSA-770890 du 10 octobre 2023	None	vendor-advisory
Bulletin de sécurité Siemens SSA-035466 du 10 octobre 2023	None	vendor-advisory
Bulletin de sécurité Siemens SSA-594373 du 10 octobre 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SINEC NMS versions ant\u00e9rieures \u00e0 V2.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE W1750D (JP) (6GK5750-2HX01-1AD0) versions ant\u00e9rieures \u00e0 V8.10.0.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Simcenter Amesim versions ant\u00e9rieures \u00e0 V2021.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Mendix Forgot Password (Mendix 8 compatible) versions ant\u00e9rieures \u00e0 V4.1.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Mendix Forgot Password (Mendix 10 compatible) versions ant\u00e9rieures \u00e0 V5.4.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE W1750D (ROW) (6GK5750-2HX01-1AA0) versions ant\u00e9rieures \u00e0 V8.10.0.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Tecnomatix Plant Simulation V2201 versions ant\u00e9rieures \u00e0 V2201.0009",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Mendix Forgot Password (Mendix 9 compatible) versions ant\u00e9rieures \u00e0 V5.4.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Parasolid V35.1 versions ant\u00e9rieures \u00e0 V35.1.250",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC OA V3.19 versions ant\u00e9rieures \u00e0 V3.19 P005",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "CP-8050 MASTER MODULE (6MF2805-0AA00) versions ant\u00e9rieures \u00e0 CPCI85 V05.11",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "CP-8050 MASTER MODULE (6MF2805-0AA00) versions ant\u00e9rieures \u00e0 CPCI85 V05.11 (uniquement avec le support debug activ\u00e9)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Parasolid V36.0 versions ant\u00e9rieures \u00e0 V36.0.169",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC OA V3.17 versions ant\u00e9rieures \u00e0 V3.17 P029",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "CP-8031 MASTER MODULE (6MF2803-1AA00) versions ant\u00e9rieures \u00e0 CPCI85 V05.11",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Mendix Forgot Password (Mendix 7 compatible) versions ant\u00e9rieures \u00e0 V3.7.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "CP-8031 MASTER MODULE (6MF2803-1AA00) versions ant\u00e9rieures \u00e0 CPCI85 V05.11 (uniquement avec le support debug activ\u00e9)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SICAM PAS/PQS versions sup\u00e9rieures ou \u00e9gales \u00e0 V8.00 versions ant\u00e9rieures \u00e0 V8.22",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC OA V3.18 versions ant\u00e9rieures \u00e0 V3.18 P019",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Parasolid V35.0 versions ant\u00e9rieures \u00e0 V35.0.262",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Tecnomatix Plant Simulation V2302 versions ant\u00e9rieures \u00e0 V2302.0003",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE W1750D (USA) (6GK5750-2HX01-1AB0) versions ant\u00e9rieures \u00e0 V8.10.0.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Xpedition Layout Browser versions ant\u00e9rieures \u00e0 VX.2.14",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-44081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44081"
    },
    {
      "name": "CVE-2023-22788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22788"
    },
    {
      "name": "CVE-2023-30900",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30900"
    },
    {
      "name": "CVE-2023-22783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22783"
    },
    {
      "name": "CVE-2022-30527",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30527"
    },
    {
      "name": "CVE-2023-44083",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44083"
    },
    {
      "name": "CVE-2023-22785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22785"
    },
    {
      "name": "CVE-2023-45204",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45204"
    },
    {
      "name": "CVE-2023-44315",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44315"
    },
    {
      "name": "CVE-2023-44086",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44086"
    },
    {
      "name": "CVE-2023-45205",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45205"
    },
    {
      "name": "CVE-2023-44082",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44082"
    },
    {
      "name": "CVE-2023-44084",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44084"
    },
    {
      "name": "CVE-2023-37195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37195"
    },
    {
      "name": "CVE-2023-35796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-35796"
    },
    {
      "name": "CVE-2023-44085",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44085"
    },
    {
      "name": "CVE-2023-22784",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22784"
    },
    {
      "name": "CVE-2023-23903",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23903"
    },
    {
      "name": "CVE-2023-22378",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22378"
    },
    {
      "name": "CVE-2023-22781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22781"
    },
    {
      "name": "CVE-2023-22789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22789"
    },
    {
      "name": "CVE-2023-22790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22790"
    },
    {
      "name": "CVE-2023-22843",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22843"
    },
    {
      "name": "CVE-2023-24471",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24471"
    },
    {
      "name": "CVE-2023-38640",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38640"
    },
    {
      "name": "CVE-2023-24477",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24477"
    },
    {
      "name": "CVE-2023-22787",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22787"
    },
    {
      "name": "CVE-2023-36380",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36380"
    },
    {
      "name": "CVE-2023-42796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42796"
    },
    {
      "name": "CVE-2023-22791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22791"
    },
    {
      "name": "CVE-2023-43625",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-43625"
    },
    {
      "name": "CVE-2023-22780",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22780"
    },
    {
      "name": "CVE-2023-22786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22786"
    },
    {
      "name": "CVE-2023-43623",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-43623"
    },
    {
      "name": "CVE-2023-24015",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24015"
    },
    {
      "name": "CVE-2023-23574",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23574"
    },
    {
      "name": "CVE-2023-22779",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22779"
    },
    {
      "name": "CVE-2023-44087",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44087"
    },
    {
      "name": "CVE-2023-37194",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37194"
    },
    {
      "name": "CVE-2023-22782",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22782"
    },
    {
      "name": "CVE-2023-45601",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45601"
    }
  ],
  "initial_release_date": "2023-10-11T00:00:00",
  "last_revision_date": "2023-10-11T00:00:00",
  "links": [],
  "reference": "CERTFR-2023-AVI-0819",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-10-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Siemens\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et une \u00e9l\u00e9vation de\nprivil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-160243 du 10 octobre 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-035466.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-386812 du 10 octobre 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-386812.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-843070 du 10 octobre 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-843070.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-829656 du 10 octobre 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-594373.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-647455 du 10 octobre 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-134651.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-295483 du 10 octobre 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-647455.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-711309 du 12 septembre 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-711309.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-524778 du 10 octobre 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-160243.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-784849 du 10 octobre 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-295483.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-134651 du 10 octobre 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-524778.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-770890 du 10 octobre 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-829656.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-035466 du 10 octobre 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-770890.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-594373 du 10 octobre 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-784849.html"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted