CVE-2023-27465 - OpenCVE

A vulnerability has been identified in SIMOTION C240 (All versions >= V5.4 < V5.5 SP1), SIMOTION C240 PN (All versions >= V5.4 < V5.5 SP1), SIMOTION D410-2 DP (All versions >= V5.4 < V5.5 SP1), SIMOTION D410-2 DP/PN (All versions >= V5.4 < V5.5 SP1), SIMOTION D425-2 DP (All versions >= V5.4 < V5.5 SP1), SIMOTION D425-2 DP/PN (All versions >= V5.4 < V5.5 SP1), SIMOTION D435-2 DP (All versions >= V5.4 < V5.5 SP1), SIMOTION D435-2 DP/PN (All versions >= V5.4 < V5.5 SP1), SIMOTION D445-2 DP/PN (All versions >= V5.4), SIMOTION D445-2 DP/PN (All versions >= V5.4 < V5.5 SP1), SIMOTION D455-2 DP/PN (All versions >= V5.4 < V5.5 SP1), SIMOTION P320-4 E (All versions >= V5.4), SIMOTION P320-4 S (All versions >= V5.4). When operated with Security Level Low the device does not protect access to certain services relevant for debugging. This could allow an unauthenticated attacker to extract confidential technology object (TO) configuration from the device.

No CVSS v4.0

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Siemens	Simotion C240 Simotion C240 Firmware Simotion C240 Pn Simotion C240 Pn Firmware Simotion D410-2 Dp Simotion D410-2 Dp\/pn Simotion D410-2 Dp\/pn Firmware Simotion D410-2 Dp Firmware Simotion D425-2 Dp Simotion D425-2 Dp\/pn Simotion D425-2 Dp\/pn Firmware Simotion D425-2 Dp Firmware Simotion D435-2 Dp Simotion D435-2 Dp\/pn Simotion D435-2 Dp\/pn Firmware Simotion D435-2 Dp Firmware Simotion D445-2 Dp\/pn \(0aa0\) Simotion D445-2 Dp\/pn \(0aa0\) Firmware Simotion D445-2 Dp\/pn \(0aa1\) Simotion D445-2 Dp\/pn \(0aa1\) Firmware Simotion D455-2 Dp\/pn Simotion D455-2 Dp\/pn Firmware Simotion P320-4 E Simotion P320-4 E Firmware Simotion P320-4 S Simotion P320-4 S Firmware

Configuration 1 [-]

AND

cpe:2.3:h:siemens:simotion_d425-2_dp:-:*:*:*:*:*:*:*

OR	cpe:2.3:o:siemens:simotion_d425-2_dp_firmware::::::::
	cpe:2.3:o:siemens:simotion_d425-2_dp_firmware:5.5:-::::::

Configuration 2 [-]

AND

cpe:2.3:h:siemens:simotion_d425-2_dp\/pn:-:*:*:*:*:*:*:*

OR	cpe:2.3:o:siemens:simotion_d425-2_dp\/pn_firmware::::::::
	cpe:2.3:o:siemens:simotion_d425-2_dp\/pn_firmware:5.5:-::::::

Configuration 3 [-]

AND

OR	cpe:2.3:o:siemens:simotion_d435-2_dp_firmware::::::::
	cpe:2.3:o:siemens:simotion_d435-2_dp_firmware:5.5:-::::::

cpe:2.3:h:siemens:simotion_d435-2_dp:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

OR	cpe:2.3:o:siemens:simotion_d435-2_dp\/pn_firmware::::::::
	cpe:2.3:o:siemens:simotion_d435-2_dp\/pn_firmware:5.5:-::::::

cpe:2.3:h:siemens:simotion_d435-2_dp\/pn:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

OR	cpe:2.3:o:siemens:simotion_d445-2_dp\/pn_\(0aa1\)_firmware::::::::
	cpe:2.3:o:siemens:simotion_d445-2_dp\/pn_\(0aa1\)_firmware:5.5:-::::::

cpe:2.3:h:siemens:simotion_d445-2_dp\/pn_\(0aa1\):-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:siemens:simotion_d445-2_dp\/pn_\(0aa0\)_firmware:5.4:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simotion_d445-2_dp\/pn_\(0aa0\):-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

OR	cpe:2.3:o:siemens:simotion_d455-2_dp\/pn_firmware::::::::
	cpe:2.3:o:siemens:simotion_d455-2_dp\/pn_firmware:5.5:-::::::

cpe:2.3:h:siemens:simotion_d455-2_dp\/pn:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:h:siemens:simotion_p320-4_e:-:*:*:*:*:*:*:*

cpe:2.3:o:siemens:simotion_p320-4_e_firmware:5.4:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:h:siemens:simotion_p320-4_s:-:*:*:*:*:*:*:*

cpe:2.3:o:siemens:simotion_p320-4_s_firmware:5.4:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:h:siemens:simotion_d410-2_dp:-:*:*:*:*:*:*:*

OR	cpe:2.3:o:siemens:simotion_d410-2_dp_firmware::::::::
	cpe:2.3:o:siemens:simotion_d410-2_dp_firmware:5.5:-::::::

Configuration 11 [-]

AND

cpe:2.3:h:siemens:simotion_d410-2_dp\/pn:-:*:*:*:*:*:*:*

OR	cpe:2.3:o:siemens:simotion_d410-2_dp\/pn_firmware::::::::
	cpe:2.3:o:siemens:simotion_d410-2_dp\/pn_firmware:5.5:-::::::

Configuration 12 [-]

AND

cpe:2.3:h:siemens:simotion_c240_pn:-:*:*:*:*:*:*:*

OR	cpe:2.3:o:siemens:simotion_c240_pn_firmware::::::::
	cpe:2.3:o:siemens:simotion_c240_pn_firmware:5.5:-::::::

Configuration 13 [-]

AND

cpe:2.3:h:siemens:simotion_c240:-:*:*:*:*:*:*:*

OR	cpe:2.3:o:siemens:simotion_c240_firmware::::::::
	cpe:2.3:o:siemens:simotion_c240_firmware:5.5:-::::::

No data.

References

Link	Providers
https://cert-portal.siemens.com/productcert/pdf/ssa-482956.pdf

History

No history.

MITRE

Status: PUBLISHED

Assigner: siemens

Published: 2023-06-13T08:17:06.765Z

Updated: 2024-08-02T12:09:43.410Z

Reserved: 2023-03-01T17:29:31.289Z

Link: CVE-2023-27465

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-06-13T09:15:16.557

Modified: 2023-07-05T17:48:25.550

Link: CVE-2023-27465

Redhat

No data.

Metrics

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object