CVE-2023-37482 - Vulnerability Details

Description

The login functionality of the web server in affected devices does not normalize the response times of login attempts. An unauthenticated remote attacker could exploit this side-channel information to distinguish between valid and invalid usernames.

Published: 2025-02-11

Score: 6.9 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Siemens

SIMATIC Drive Controller CPU 1504D TF

unknown

Version	Status	Constraints
`V3.1.0`	affected	< V3.1.2

Siemens

SIMATIC Drive Controller CPU 1507D TF

unknown

Version	Status	Constraints
`V3.1.0`	affected	< V3.1.2

Siemens

SIMATIC ET 200SP CPU 1510SP F-1 PN

unknown

Version	Status	Constraints
`V3.1.0`	affected	< V3.1.2

Siemens

SIMATIC ET 200SP CPU 1510SP-1 PN

unknown

Version	Status	Constraints
`V3.1.0`	affected	< V3.1.2

Siemens

SIMATIC ET 200SP CPU 1512SP F-1 PN

unknown

Version	Status	Constraints
`V3.1.0`	affected	< V3.1.2

Siemens

SIMATIC ET 200SP CPU 1512SP-1 PN

unknown

Version	Status	Constraints
`V3.1.0`	affected	< V3.1.2

Siemens

SIMATIC ET 200SP CPU 1514SP F-2 PN

unknown

Version	Status	Constraints
`V3.1.0`	affected	< V3.1.2

Siemens

SIMATIC ET 200SP CPU 1514SP-2 PN

unknown

Version	Status	Constraints
`V3.1.0`	affected	< V3.1.2

Siemens

SIMATIC ET 200SP CPU 1514SPT F-2 PN

unknown

Version	Status	Constraints
`V3.1.0`	affected	< V3.1.2

Siemens

SIMATIC ET 200SP CPU 1514SPT-2 PN

unknown

Version	Status	Constraints
`V3.1.0`	affected	< V3.1.2

Siemens

SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)

unknown

Version	Status	Constraints
`V30.1.0`	affected	< V31.1.4

Siemens

SIMATIC S7-1200 CPU 1211C AC/DC/Rly

unknown

Version	Status	Constraints
`0`	affected	< V4.7

Siemens

SIMATIC S7-1200 CPU 1211C DC/DC/DC

unknown

Version	Status	Constraints
`0`	affected	< V4.7

Siemens

SIMATIC S7-1200 CPU 1211C DC/DC/Rly

unknown

Version	Status	Constraints
`0`	affected	< V4.7

Siemens

SIMATIC S7-1200 CPU 1212C AC/DC/Rly

unknown

Version	Status	Constraints
`0`	affected	< V4.7

Siemens

SIMATIC S7-1200 CPU 1212C DC/DC/DC

unknown

Version	Status	Constraints
`0`	affected	< V4.7

Siemens

SIMATIC S7-1200 CPU 1212C DC/DC/Rly

unknown

Version	Status	Constraints
`0`	affected	< V4.7

Siemens

SIMATIC S7-1200 CPU 1212FC DC/DC/DC

unknown

Version	Status	Constraints
`0`	affected	< V4.7

Siemens

SIMATIC S7-1200 CPU 1212FC DC/DC/Rly

unknown

Version	Status	Constraints
`0`	affected	< V4.7

Siemens

SIMATIC S7-1200 CPU 1214C AC/DC/Rly

unknown

Version	Status	Constraints
`0`	affected	< V4.7

Siemens

SIMATIC S7-1200 CPU 1214C DC/DC/DC

unknown

Version	Status	Constraints
`0`	affected	< V4.7

Siemens

SIMATIC S7-1200 CPU 1214C DC/DC/Rly

unknown

Version	Status	Constraints
`0`	affected	< V4.7

Siemens

SIMATIC S7-1200 CPU 1214FC DC/DC/DC

unknown

Version	Status	Constraints
`0`	affected	< V4.7

Siemens

SIMATIC S7-1200 CPU 1214FC DC/DC/Rly

unknown

Version	Status	Constraints
`0`	affected	< V4.7

Siemens

SIMATIC S7-1200 CPU 1215C AC/DC/Rly

unknown

Version	Status	Constraints
`0`	affected	< V4.7

Siemens

SIMATIC S7-1200 CPU 1215C DC/DC/DC

unknown

Version	Status	Constraints
`0`	affected	< V4.7

Siemens

SIMATIC S7-1200 CPU 1215C DC/DC/Rly

unknown

Version	Status	Constraints
`0`	affected	< V4.7

Siemens

SIMATIC S7-1200 CPU 1215FC DC/DC/DC

unknown

Version	Status	Constraints
`0`	affected	< V4.7

Siemens

SIMATIC S7-1200 CPU 1215FC DC/DC/Rly

unknown

Version	Status	Constraints
`0`	affected	< V4.7

Siemens

SIMATIC S7-1200 CPU 1217C DC/DC/DC

unknown

Version	Status	Constraints
`0`	affected	< V4.7

Siemens

SIMATIC S7-1500 CPU 1511-1 PN

unknown

Version	Status	Constraints
`V3.1.0`	affected	< V3.1.2

Siemens

SIMATIC S7-1500 CPU 1511C-1 PN

unknown

Version	Status	Constraints
`V3.1.0`	affected	< V3.1.2

Siemens

SIMATIC S7-1500 CPU 1511F-1 PN

unknown

Version	Status	Constraints
`V3.1.0`	affected	< V3.1.2

Siemens

SIMATIC S7-1500 CPU 1511T-1 PN

unknown

Version	Status	Constraints
`V3.1.0`	affected	< V3.1.2

Siemens

SIMATIC S7-1500 CPU 1511TF-1 PN

unknown

Version	Status	Constraints
`V3.1.0`	affected	< V3.1.2

Siemens

SIMATIC S7-1500 CPU 1512C-1 PN

unknown

Version	Status	Constraints
`V3.1.0`	affected	< V3.1.2

Siemens

SIMATIC S7-1500 CPU 1513-1 PN

unknown

Version	Status	Constraints
`V3.1.0`	affected	< V3.1.2

Siemens

SIMATIC S7-1500 CPU 1513F-1 PN

unknown

Version	Status	Constraints
`V3.1.0`	affected	< V3.1.2

Siemens

SIMATIC S7-1500 CPU 1513pro F-2 PN

unknown

Version	Status	Constraints
`V3.1.0`	affected	< V3.1.2

Siemens

SIMATIC S7-1500 CPU 1513pro-2 PN

unknown

Version	Status	Constraints
`V3.1.0`	affected	< V3.1.2

Siemens

SIMATIC S7-1500 CPU 1513R-1 PN

unknown

Version	Status	Constraints
`V3.1.0`	affected	< V3.1.2

Siemens

SIMATIC S7-1500 CPU 1515-2 PN

unknown

Version	Status	Constraints
`V3.1.0`	affected	< V3.1.2

Siemens

SIMATIC S7-1500 CPU 1515F-2 PN

unknown

Version	Status	Constraints
`V3.1.0`	affected	< V3.1.2

Siemens

SIMATIC S7-1500 CPU 1515R-2 PN

unknown

Version	Status	Constraints
`V3.1.0`	affected	< V3.1.2

Siemens

SIMATIC S7-1500 CPU 1515T-2 PN

unknown

Version	Status	Constraints
`V3.1.0`	affected	< V3.1.2

Siemens

SIMATIC S7-1500 CPU 1515TF-2 PN

unknown

Version	Status	Constraints
`V3.1.0`	affected	< V3.1.2

Siemens

SIMATIC S7-1500 CPU 1516-3 PN/DP

unknown

Version	Status	Constraints
`V3.1.0`	affected	< V3.1.2

Siemens

SIMATIC S7-1500 CPU 1516F-3 PN/DP

unknown

Version	Status	Constraints
`V3.1.0`	affected	< V3.1.2

Siemens

SIMATIC S7-1500 CPU 1516pro F-2 PN

unknown

Version	Status	Constraints
`V3.1.0`	affected	< V3.1.2

Siemens

SIMATIC S7-1500 CPU 1516pro-2 PN

unknown

Version	Status	Constraints
`V3.1.0`	affected	< V3.1.2

Siemens

SIMATIC S7-1500 CPU 1516T-3 PN/DP

unknown

Version	Status	Constraints
`V3.1.0`	affected	< V3.1.2

Siemens

SIMATIC S7-1500 CPU 1516TF-3 PN/DP

unknown

Version	Status	Constraints
`V3.1.0`	affected	< V3.1.2

Siemens

SIMATIC S7-1500 CPU 1517-3 PN/DP

unknown

Version	Status	Constraints
`V3.1.0`	affected	< V3.1.2

Siemens

SIMATIC S7-1500 CPU 1517F-3 PN/DP

unknown

Version	Status	Constraints
`V3.1.0`	affected	< V3.1.2

Siemens

SIMATIC S7-1500 CPU 1517F-3 PN/DP

unknown

Version	Status	Constraints
`V3.1.0`	affected	< V3.1.2

Siemens

SIMATIC S7-1500 CPU 1517H-3 PN

unknown

Version	Status	Constraints
`V3.1.0`	affected	< V3.1.2

Siemens

SIMATIC S7-1500 CPU 1517T-3 PN/DP

unknown

Version	Status	Constraints
`V3.1.0`	affected	< V3.1.2

Siemens

SIMATIC S7-1500 CPU 1517TF-3 PN/DP

unknown

Version	Status	Constraints
`V3.1.0`	affected	< V3.1.2

Siemens

SIMATIC S7-1500 CPU 1518-4 PN/DP

unknown

Version	Status	Constraints
`V3.1.0`	affected	< V3.1.2

Siemens

SIMATIC S7-1500 CPU 1518-4 PN/DP MFP

unknown

Version	Status	Constraints
`V3.1.0`	affected	< V3.1.2

Siemens

SIMATIC S7-1500 CPU 1518-4 PN/DP MFP

unknown

Version	Status	Constraints
`V3.1.0`	affected	< V3.1.2

Siemens

SIMATIC S7-1500 CPU 1518F-4 PN/DP

unknown

Version	Status	Constraints
`V3.1.0`	affected	< V3.1.2

Siemens

SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP

unknown

Version	Status	Constraints
`V3.1.0`	affected	< V3.1.2

Siemens

SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP

unknown

Version	Status	Constraints
`V3.1.0`	affected	< V3.1.2

Siemens

SIMATIC S7-1500 CPU 1518HF-4 PN

unknown

Version	Status	Constraints
`V3.1.0`	affected	< V3.1.2

Siemens

SIMATIC S7-1500 CPU 1518T-4 PN/DP

unknown

Version	Status	Constraints
`V3.1.0`	affected	< V3.1.2

Siemens

SIMATIC S7-1500 CPU 1518TF-4 PN/DP

unknown

Version	Status	Constraints
`V3.1.0`	affected	< V3.1.2

Siemens

SIMATIC S7-1500 Software Controller CPU 1507S F V3

unknown

Version	Status	Constraints
`V30.1.0`	affected	< V31.1.4

Siemens

SIMATIC S7-1500 Software Controller CPU 1507S V3

unknown

Version	Status	Constraints
`V30.1.0`	affected	< V31.1.4

Siemens

SIMATIC S7-1500 Software Controller CPU 1508S F V3

unknown

Version	Status	Constraints
`V30.1.0`	affected	< V31.1.4

Siemens

SIMATIC S7-1500 Software Controller CPU 1508S T V3

unknown

Version	Status	Constraints
`V30.1.0`	affected	< V31.1.4

Siemens

SIMATIC S7-1500 Software Controller CPU 1508S TF V3

unknown

Version	Status	Constraints
`V30.1.0`	affected	< V31.1.4

Siemens

SIMATIC S7-1500 Software Controller CPU 1508S V3

unknown

Version	Status	Constraints
`V30.1.0`	affected	< V31.1.4

Siemens

SIMATIC S7-1500 Software Controller Linux V3

unknown

Version	Status	Constraints
`V30.1.0`	affected	< V31.1.4

Siemens

SIMATIC S7-PLCSIM Advanced

unknown

Version	Status	Constraints
`V6.0`	affected	< V7.0

Siemens

SIPLUS S7-1200 CPU 1212 AC/DC/RLY

unknown

Version	Status	Constraints
`0`	affected	< V4.7

Siemens

SIPLUS S7-1200 CPU 1212 AC/DC/RLY

unknown

Version	Status	Constraints
`0`	affected	< V4.7

Siemens

SIPLUS S7-1200 CPU 1212 DC/DC/RLY

unknown

Version	Status	Constraints
`0`	affected	< V4.7

Siemens

SIPLUS S7-1200 CPU 1212 DC/DC/RLY

unknown

Version	Status	Constraints
`0`	affected	< V4.7

Siemens

SIPLUS S7-1200 CPU 1212C DC/DC/DC

unknown

Version	Status	Constraints
`0`	affected	< V4.7

Siemens

SIPLUS S7-1200 CPU 1212C DC/DC/DC

unknown

Version	Status	Constraints
`0`	affected	< V4.7

Siemens

SIPLUS S7-1200 CPU 1212C DC/DC/DC RAIL

unknown

Version	Status	Constraints
`0`	affected	< V4.7

Siemens

SIPLUS S7-1200 CPU 1214 AC/DC/RLY

unknown

Version	Status	Constraints
`0`	affected	< V4.7

Siemens

SIPLUS S7-1200 CPU 1214 AC/DC/RLY

unknown

Version	Status	Constraints
`0`	affected	< V4.7

Siemens

SIPLUS S7-1200 CPU 1214 AC/DC/RLY

unknown

Version	Status	Constraints
`0`	affected	< V4.7

Siemens

SIPLUS S7-1200 CPU 1214 DC/DC/DC

unknown

Version	Status	Constraints
`0`	affected	< V4.7

Siemens

SIPLUS S7-1200 CPU 1214 DC/DC/DC

unknown

Version	Status	Constraints
`0`	affected	< V4.7

Siemens

SIPLUS S7-1200 CPU 1214 DC/DC/DC

unknown

Version	Status	Constraints
`0`	affected	< V4.7

Siemens

SIPLUS S7-1200 CPU 1214 DC/DC/RLY

unknown

Version	Status	Constraints
`0`	affected	< V4.7

Siemens

SIPLUS S7-1200 CPU 1214 DC/DC/RLY

unknown

Version	Status	Constraints
`0`	affected	< V4.7

Siemens

SIPLUS S7-1200 CPU 1214 DC/DC/RLY

unknown

Version	Status	Constraints
`0`	affected	< V4.7

Siemens

SIPLUS S7-1200 CPU 1214C DC/DC/DC RAIL

unknown

Version	Status	Constraints
`0`	affected	< V4.7

Siemens

SIPLUS S7-1200 CPU 1214FC DC/DC/DC

unknown

Version	Status	Constraints
`0`	affected	< V4.7

Siemens

SIPLUS S7-1200 CPU 1214FC DC/DC/RLY

unknown

Version	Status	Constraints
`0`	affected	< V4.7

Siemens

SIPLUS S7-1200 CPU 1215 AC/DC/RLY

unknown

Version	Status	Constraints
`0`	affected	< V4.7

Siemens

SIPLUS S7-1200 CPU 1215 AC/DC/RLY

unknown

Version	Status	Constraints
`0`	affected	< V4.7

Siemens

SIPLUS S7-1200 CPU 1215 AC/DC/RLY

unknown

Version	Status	Constraints
`0`	affected	< V4.7

Siemens

SIPLUS S7-1200 CPU 1215 DC/DC/DC

unknown

Version	Status	Constraints
`0`	affected	< V4.7

Siemens

SIPLUS S7-1200 CPU 1215 DC/DC/DC

unknown

Version	Status	Constraints
`0`	affected	< V4.7

Siemens

SIPLUS S7-1200 CPU 1215 DC/DC/RLY

unknown

Version	Status	Constraints
`0`	affected	< V4.7

Siemens

SIPLUS S7-1200 CPU 1215 DC/DC/RLY

unknown

Version	Status	Constraints
`0`	affected	< V4.7

Siemens

SIPLUS S7-1200 CPU 1215 DC/DC/RLY

unknown

Version	Status	Constraints
`0`	affected	< V4.7

Siemens

SIPLUS S7-1200 CPU 1215C DC/DC/DC

unknown

Version	Status	Constraints
`0`	affected	< V4.7

Siemens

SIPLUS S7-1200 CPU 1215FC DC/DC/DC

unknown

Version	Status	Constraints
`0`	affected	< V4.7

Siemens

SIPLUS S7-1500 CPU 1517H-3 PN

unknown

Version	Status	Constraints
`V3.1.0`	affected	< V3.1.2

Siemens

SIPLUS S7-1500 CPU 1518-4 PN/DP

unknown

Version	Status	Constraints
`V3.1.0`	affected	< V3.1.2

Siemens

SIPLUS S7-1500 CPU 1518-4 PN/DP MFP

unknown

Version	Status	Constraints
`V3.1.0`	affected	< V3.1.2

Siemens

SIPLUS S7-1500 CPU 1518F-4 PN/DP

unknown

Version	Status	Constraints
`V3.1.0`	affected	< V3.1.2

Siemens

SIPLUS S7-1500 CPU 1518HF-4 PN

unknown

Version	Status	Constraints
`V3.1.0`	affected	< V3.1.2

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2023-41369	The login functionality of the web server in affected devices does not normalize the response times of login attempts. An unauthenticated remote attacker could exploit this side-channel information to distinguish between valid and invalid usernames.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00133.

Exploitation none

Automatable yes

Technical Impact partial

References

Link	Providers
https://cert-portal.siemens.com/productcert/html/ssa-195895.html

History

Fri, 11 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00035}`	epss `{'score': 0.00034}`

Tue, 11 Feb 2025 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 11 Feb 2025 10:30:00 +0000

Type	Values Removed	Values Added
Description		The login functionality of the web server in affected devices does not normalize the response times of login attempts. An unauthenticated remote attacker could exploit this side-channel information to distinguish between valid and invalid usernames.
Weaknesses		CWE-203
References		https://cert-portal.siemens.com/productcert/html/ssa-195895.html
Metrics		cvssV3_1 `{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}` cvssV4_0 `{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N'}`

Subscriptions

No data.

MITRE

Status: PUBLISHED

Assigner: siemens

Published: 2025-02-11T10:26:27.720Z

Updated: 2025-04-08T08:19:41.567Z

Reserved: 2023-07-06T14:15:23.961Z

Link: CVE-2023-37482

Vulnrichment

Updated: 2025-02-11T14:58:51.866Z

NVD

Status : Deferred

Published: 2025-02-11T11:15:11.427

Modified: 2026-04-15T00:35:42.020

Link: CVE-2023-37482

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-203

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation none

Automatable yes

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object