CVE-2023-51440 - Vulnerability Details

A vulnerability has been identified in SIMATIC CP 343-1 (6GK7343-1EX30-0XE0) (All versions), SIMATIC CP 343-1 Lean (6GK7343-1CX10-0XE0) (All versions), SIPLUS NET CP 343-1 (6AG1343-1EX30-7XE0) (All versions), SIPLUS NET CP 343-1 Lean (6AG1343-1CX10-2XE0) (All versions). Affected products incorrectly validate TCP sequence numbers. This could allow an unauthenticated remote attacker to create a denial of service condition by injecting spoofed TCP RST packets.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00339.

Key SSVC decision points have not yet been added.

Vendors	Products
Siemens	Simatic Cp 343-1 Simatic Cp 343-1 Firmware Simatic Cp 343-1 Lean Simatic Cp 343-1 Lean Firmware Siplus Net Cp 343-1 Siplus Net Cp 343-1 Firmware Siplus Net Cp 343-1 Lean Siplus Net Cp 343-1 Lean Firmware

Configuration 1 [-]

AND

cpe:2.3:h:siemens:simatic_cp_343-1:-:*:*:*:*:*:*:*

cpe:2.3:o:siemens:simatic_cp_343-1_firmware:*:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:h:siemens:simatic_cp_343-1_lean:-:*:*:*:*:*:*:*

cpe:2.3:o:siemens:simatic_cp_343-1_lean_firmware:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:h:siemens:siplus_net_cp_343-1:-:*:*:*:*:*:*:*

cpe:2.3:o:siemens:siplus_net_cp_343-1_firmware:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:h:siemens:siplus_net_cp_343-1_lean:-:*:*:*:*:*:*:*

cpe:2.3:o:siemens:siplus_net_cp_343-1_lean_firmware:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://cert-portal.siemens.com/productcert/html/ssa-516818.html

History

Mon, 16 Dec 2024 15:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Siemens simatic Cp 343-1 Siemens simatic Cp 343-1 Firmware Siemens simatic Cp 343-1 Lean Siemens simatic Cp 343-1 Lean Firmware
CPEs	cpe:2.3:h:siemens:cp_343-1:-:::::::* cpe:2.3:h:siemens:cp_343-1_lean:-:::::::* cpe:2.3:o:siemens:cp_343-1_firmware:::::::: cpe:2.3:o:siemens:cp_343-1_lean_firmware:-:::::::*	cpe:2.3:h:siemens:simatic_cp_343-1:-:::::::* cpe:2.3:h:siemens:simatic_cp_343-1_lean:-:::::::* cpe:2.3:o:siemens:simatic_cp_343-1_firmware:::::::: cpe:2.3:o:siemens:simatic_cp_343-1_lean_firmware:-:::::::*
Vendors & Products	Siemens cp 343-1 Siemens cp 343-1 Firmware Siemens cp 343-1 Lean Siemens cp 343-1 Lean Firmware	Siemens simatic Cp 343-1 Siemens simatic Cp 343-1 Firmware Siemens simatic Cp 343-1 Lean Siemens simatic Cp 343-1 Lean Firmware

Fri, 18 Oct 2024 17:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Siemens Siemens cp 343-1 Siemens cp 343-1 Firmware Siemens cp 343-1 Lean Siemens cp 343-1 Lean Firmware Siemens siplus Net Cp 343-1 Siemens siplus Net Cp 343-1 Firmware Siemens siplus Net Cp 343-1 Lean Siemens siplus Net Cp 343-1 Lean Firmware
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:h:siemens:cp_343-1:-:::::::* cpe:2.3:h:siemens:cp_343-1_lean:-:::::::* cpe:2.3:h:siemens:siplus_net_cp_343-1:-:::::::* cpe:2.3:h:siemens:siplus_net_cp_343-1_lean:-:::::::* cpe:2.3:o:siemens:cp_343-1_firmware:::::::: cpe:2.3:o:siemens:cp_343-1_lean_firmware:-:::::::* cpe:2.3:o:siemens:siplus_net_cp_343-1_firmware:-:::::::* cpe:2.3:o:siemens:siplus_net_cp_343-1_lean_firmware:-:::::::*
Vendors & Products		Siemens Siemens cp 343-1 Siemens cp 343-1 Firmware Siemens cp 343-1 Lean Siemens cp 343-1 Lean Firmware Siemens siplus Net Cp 343-1 Siemens siplus Net Cp 343-1 Firmware Siemens siplus Net Cp 343-1 Lean Siemens siplus Net Cp 343-1 Lean Firmware

MITRE

Status: PUBLISHED

Assigner: siemens

Published: 2024-02-13T09:00:04.702Z

Updated: 2024-08-02T22:32:10.181Z

Reserved: 2023-12-19T12:49:24.031Z

Link: CVE-2023-51440

Vulnrichment

Updated: 2024-08-02T22:32:10.181Z

NVD

Status : Analyzed

Published: 2024-02-13T09:15:46.830

Modified: 2024-12-16T15:17:29.160

Link: CVE-2023-51440

Redhat

No data.

OpenCVE Enrichment

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object