CVE-2023-52891 - OpenCVE

A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.5), SIMATIC Energy Manager PRO (All versions < V7.5), SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions), SIMIT V10 (All versions), SIMIT V11 (All versions < V11.1). Unified Automation .NET based OPC UA Server SDK before 3.2.2 used in Siemens products are affected by a similar vulnerability as documented in CVE-2023-27321 for the OPC Foundation UA .NET Standard implementation. A successful attack may lead to high load situation and memory exhaustion, and may block the server.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

References

Link	Providers
https://cert-portal.siemens.com/productcert/html/ssa-088132.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: siemens

Published: 2024-07-09T12:04:42.619Z

Updated: 2024-08-02T23:18:41.378Z

Reserved: 2024-06-21T15:06:40.772Z

Link: CVE-2023-52891

Vulnrichment

Updated: 2024-08-02T23:18:41.378Z

NVD

Status : Awaiting Analysis

Published: 2024-07-09T12:15:11.263

Modified: 2024-07-09T18:19:14.047

Link: CVE-2023-52891

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-52891", "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "state": "PUBLISHED", "assignerShortName": "siemens", "dateReserved": "2024-06-21T15:06:40.772Z", "datePublished": "2024-07-09T12:04:42.619Z", "dateUpdated": "2024-08-02T23:18:41.378Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens", "dateUpdated": "2024-07-09T12:04:42.619Z"}, "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.5), SIMATIC Energy Manager PRO (All versions < V7.5), SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions), SIMIT V10 (All versions), SIMIT V11 (All versions < V11.1). Unified Automation .NET based OPC UA Server SDK before 3.2.2 used in Siemens products are affected by a similar vulnerability as documented in CVE-2023-27321 for the OPC Foundation UA .NET Standard implementation. A successful attack may lead to high load situation and memory exhaustion, and may block the server."}], "affected": [{"vendor": "Siemens", "product": "SIMATIC Energy Manager Basic", "versions": [{"status": "affected", "version": "0", "lessThan": "V7.5", "versionType": "custom"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "SIMATIC Energy Manager PRO", "versions": [{"status": "affected", "version": "0", "lessThan": "V7.5", "versionType": "custom"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "SIMATIC IPC DiagBase", "versions": [{"status": "affected", "version": "0", "lessThan": "*", "versionType": "custom"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "SIMATIC IPC DiagMonitor", "versions": [{"status": "affected", "version": "0", "lessThan": "*", "versionType": "custom"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "SIMIT V10", "versions": [{"status": "affected", "version": "0", "lessThan": "*", "versionType": "custom"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "SIMIT V11", "versions": [{"status": "affected", "version": "0", "lessThan": "V11.1", "versionType": "custom"}], "defaultStatus": "unknown"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "baseScore": 5.3, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-1325", "description": "CWE-1325: Improperly Controlled Sequential Memory Allocation", "type": "CWE"}]}], "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-088132.html"}]}, "adp": [{"affected": [{"vendor": "siemens", "product": "simatic_energy_manager_basic", "cpes": ["cpe:2.3:a:siemens:simatic_energy_manager_basic:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "V7.5", "versionType": "custom"}]}, {"vendor": "siemens", "product": "simatic_energy_manager_pro", "cpes": ["cpe:2.3:a:siemens:simatic_energy_manager_pro:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "V7.5", "versionType": "custom"}]}, {"vendor": "siemens", "product": "simatic_ipc_diagbase", "cpes": ["cpe:2.3:h:siemens:simatic_ipc_diagbase:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "*", "versionType": "custom"}]}, {"vendor": "siemens", "product": "simatic_ipc_diagmonitor", "cpes": ["cpe:2.3:h:siemens:simatic_ipc_diagmonitor:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "*", "versionType": "custom"}]}, {"vendor": "siemens", "product": "simit_v10", "cpes": ["cpe:2.3:a:siemens:simit_v10:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "*", "versionType": "custom"}]}, {"vendor": "siemens", "product": "simit_v11", "cpes": ["cpe:2.3:a:siemens:simit_v11:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "V11.1", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-09T13:26:14.481281Z", "id": "CVE-2023-52891", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-09T13:41:12.246Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:18:41.378Z"}, "title": "CVE Program Container", "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-088132.html", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-088132.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:18:41.378Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-52891", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-09T13:26:14.481281Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:siemens:simatic_energy_manager_basic:*:*:*:*:*:*:*:*"], "vendor": "siemens", "product": "simatic_energy_manager_basic", "versions": [{"status": "affected", "version": "0", "lessThan": "V7.5", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:siemens:simatic_energy_manager_pro:*:*:*:*:*:*:*:*"], "vendor": "siemens", "product": "simatic_energy_manager_pro", "versions": [{"status": "affected", "version": "0", "lessThan": "V7.5", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:siemens:simatic_ipc_diagbase:-:*:*:*:*:*:*:*"], "vendor": "siemens", "product": "simatic_ipc_diagbase", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "*"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:siemens:simatic_ipc_diagmonitor:-:*:*:*:*:*:*:*"], "vendor": "siemens", "product": "simatic_ipc_diagmonitor", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "*"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:siemens:simit_v10:*:*:*:*:*:*:*:*"], "vendor": "siemens", "product": "simit_v10", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "*"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:siemens:simit_v11:*:*:*:*:*:*:*:*"], "vendor": "siemens", "product": "simit_v11", "versions": [{"status": "affected", "version": "0", "lessThan": "V11.1", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-09T13:28:22.147Z"}}], "cna": {"metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}}], "affected": [{"vendor": "Siemens", "product": "SIMATIC Energy Manager Basic", "versions": [{"status": "affected", "version": "0", "lessThan": "V7.5", "versionType": "custom"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "SIMATIC Energy Manager PRO", "versions": [{"status": "affected", "version": "0", "lessThan": "V7.5", "versionType": "custom"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "SIMATIC IPC DiagBase", "versions": [{"status": "affected", "version": "0", "lessThan": "*", "versionType": "custom"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "SIMATIC IPC DiagMonitor", "versions": [{"status": "affected", "version": "0", "lessThan": "*", "versionType": "custom"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "SIMIT V10", "versions": [{"status": "affected", "version": "0", "lessThan": "*", "versionType": "custom"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "SIMIT V11", "versions": [{"status": "affected", "version": "0", "lessThan": "V11.1", "versionType": "custom"}], "defaultStatus": "unknown"}], "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-088132.html"}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.5), SIMATIC Energy Manager PRO (All versions < V7.5), SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions), SIMIT V10 (All versions), SIMIT V11 (All versions < V11.1). Unified Automation .NET based OPC UA Server SDK before 3.2.2 used in Siemens products are affected by a similar vulnerability as documented in CVE-2023-27321 for the OPC Foundation UA .NET Standard implementation. A successful attack may lead to high load situation and memory exhaustion, and may block the server."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1325", "description": "CWE-1325: Improperly Controlled Sequential Memory Allocation"}]}], "providerMetadata": {"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens", "dateUpdated": "2024-07-09T12:04:42.619Z"}}}, "cveMetadata": {"cveId": "CVE-2023-52891", "state": "PUBLISHED", "dateUpdated": "2024-08-02T23:18:41.378Z", "dateReserved": "2024-06-21T15:06:40.772Z", "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "datePublished": "2024-07-09T12:04:42.619Z", "assignerShortName": "siemens"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.5), SIMATIC Energy Manager PRO (All versions < V7.5), SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions), SIMIT V10 (All versions), SIMIT V11 (All versions < V11.1). Unified Automation .NET based OPC UA Server SDK before 3.2.2 used in Siemens products are affected by a similar vulnerability as documented in CVE-2023-27321 for the OPC Foundation UA .NET Standard implementation. A successful attack may lead to high load situation and memory exhaustion, and may block the server."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en SIMATIC Energy Manager Basic (todas las versiones < V7.5), SIMATIC Energy Manager PRO (todas las versiones < V7.5), SIMATIC IPC DiagBase (todas las versiones), SIMATIC IPC DiagMonitor (todas las versiones), SIMIT V10 (Todas las versiones), SIMIT V11 (Todas las versiones < V11.1). El SDK del servidor OPC UA basado en Unified Automation .NET anterior a 3.2.2 utilizado en productos Siemens se ve afectado por una vulnerabilidad similar a la documentada en CVE-2023-27321 para la implementaci\u00f3n del est\u00e1ndar OPC Foundation UA .NET. Un ataque exitoso puede provocar una situaci\u00f3n de carga elevada y agotamiento de la memoria, y puede bloquear el servidor."}], "id": "CVE-2023-52891", "lastModified": "2024-07-09T18:19:14.047", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "productcert@siemens.com", "type": "Secondary"}]}, "published": "2024-07-09T12:15:11.263", "references": [{"source": "productcert@siemens.com", "url": "https://cert-portal.siemens.com/productcert/html/ssa-088132.html"}], "sourceIdentifier": "productcert@siemens.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1325"}], "source": "productcert@siemens.com", "type": "Secondary"}]}