{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-46280","assignerOrgId":"cec7a2ec-15b4-4faf-bd53-b40f371f3a77","state":"PUBLISHED","assignerShortName":"siemens","dateReserved":"2023-10-20T08:02:52.794Z","datePublished":"2024-05-14T10:01:52.069Z","dateUpdated":"2024-12-10T13:53:28.579Z"},"containers":{"cna":{"providerMetadata":{"orgId":"cec7a2ec-15b4-4faf-bd53-b40f371f3a77","shortName":"siemens","dateUpdated":"2024-12-10T13:53:28.579Z"},"descriptions":[{"lang":"en","value":"A vulnerability has been identified in Security Configuration Tool (SCT) (All versions), SIMATIC Automation Tool (All versions < V5.0 SP2), SIMATIC BATCH V9.1 (All versions < V9.1 SP2 Upd5), SIMATIC NET PC Software V16 (All versions < V16 Update 8), SIMATIC NET PC Software V17 (All versions), SIMATIC NET PC Software V18 (All versions < V18 SP1), SIMATIC NET PC Software V19 (All versions < V19 Update 2), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC PDM V9.2 (All versions < V9.2 SP2 Upd3), SIMATIC Route Control V9.1 (All versions < V9.1 SP2 Upd3), SIMATIC S7-PCT (All versions < V3.5 SP3 Update 6), SIMATIC STEP 7 V5 (All versions < V5.7 SP3), SIMATIC WinCC OA V3.17 (All versions), SIMATIC WinCC OA V3.18 (All versions < V3.18 P025), SIMATIC WinCC OA V3.19 (All versions < V3.19 P010), SIMATIC WinCC Runtime Advanced (All versions < V17 Update 8), SIMATIC WinCC Runtime Professional V16 (All versions < V16 Update 6), SIMATIC WinCC Runtime Professional V17 (All versions < V17 Update 8), SIMATIC WinCC Runtime Professional V18 (All versions < V18 Update 4), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 2), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 17), SIMATIC WinCC V8.0 (All versions < V8.0 Update 5), SINAMICS Startdrive (All versions < V19 SP1), SINEC NMS (All versions < V3.0), SINEC NMS (All versions < V3.0 SP1), SINUMERIK ONE virtual (All versions < V6.23), SINUMERIK PLC Programming Tool (All versions < V3.3.12), TIA Portal Cloud Connector (All versions < V2.0), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 4), Totally Integrated Automation Portal (TIA Portal) V19 (All versions < V19 Update 2). The affected applications contain an out of bounds read vulnerability. This could allow an attacker to cause a Blue Screen of Death (BSOD) crash of the underlying Windows kernel."}],"affected":[{"vendor":"Siemens","product":"Security Configuration Tool (SCT)","versions":[{"status":"affected","version":"0","lessThan":"*","versionType":"custom"}],"defaultStatus":"unknown"},{"vendor":"Siemens","product":"SIMATIC Automation Tool","versions":[{"status":"affected","version":"0","lessThan":"V5.0 SP2","versionType":"custom"}],"defaultStatus":"unknown"},{"vendor":"Siemens","product":"SIMATIC BATCH V9.1","versions":[{"status":"affected","version":"0","lessThan":"V9.1 SP2 Upd5","versionType":"custom"}],"defaultStatus":"unknown"},{"vendor":"Siemens","product":"SIMATIC NET PC Software V16","versions":[{"status":"affected","version":"0","lessThan":"V16 Update 8","versionType":"custom"}],"defaultStatus":"unknown"},{"vendor":"Siemens","product":"SIMATIC NET PC Software V17","versions":[{"status":"affected","version":"0","lessThan":"*","versionType":"custom"}],"defaultStatus":"unknown"},{"vendor":"Siemens","product":"SIMATIC NET PC Software V18","versions":[{"status":"affected","version":"0","lessThan":"V18 SP1","versionType":"custom"}],"defaultStatus":"unknown"},{"vendor":"Siemens","product":"SIMATIC NET PC Software V19","versions":[{"status":"affected","version":"0","lessThan":"V19 Update 2","versionType":"custom"}],"defaultStatus":"unknown"},{"vendor":"Siemens","product":"SIMATIC PCS 7 V9.1","versions":[{"status":"affected","version":"0","lessThan":"V9.1 SP2 UC05","versionType":"custom"}],"defaultStatus":"unknown"},{"vendor":"Siemens","product":"SIMATIC PDM V9.2","versions":[{"status":"affected","version":"0","lessThan":"V9.2 SP2 Upd3","versionType":"custom"}],"defaultStatus":"unknown"},{"vendor":"Siemens","product":"SIMATIC Route Control V9.1","versions":[{"status":"affected","version":"0","lessThan":"V9.1 SP2 Upd3","versionType":"custom"}],"defaultStatus":"unknown"},{"vendor":"Siemens","product":"SIMATIC S7-PCT","versions":[{"status":"affected","version":"0","lessThan":"V3.5 SP3 Update 6","versionType":"custom"}],"defaultStatus":"unknown"},{"vendor":"Siemens","product":"SIMATIC STEP 7 V5","versions":[{"status":"affected","version":"0","lessThan":"V5.7 SP3","versionType":"custom"}],"defaultStatus":"unknown"},{"vendor":"Siemens","product":"SIMATIC WinCC OA V3.17","versions":[{"status":"affected","version":"0","lessThan":"*","versionType":"custom"}],"defaultStatus":"unknown"},{"vendor":"Siemens","product":"SIMATIC WinCC OA V3.18","versions":[{"status":"affected","version":"0","lessThan":"V3.18 P025","versionType":"custom"}],"defaultStatus":"unknown"},{"vendor":"Siemens","product":"SIMATIC WinCC OA V3.19","versions":[{"status":"affected","version":"0","lessThan":"V3.19 P010","versionType":"custom"}],"defaultStatus":"unknown"},{"vendor":"Siemens","product":"SIMATIC WinCC Runtime Advanced","versions":[{"status":"affected","version":"0","lessThan":"V17 Update 8","versionType":"custom"}],"defaultStatus":"unknown"},{"vendor":"Siemens","product":"SIMATIC WinCC Runtime Professional V16","versions":[{"status":"affected","version":"0","lessThan":"V16 Update 6","versionType":"custom"}],"defaultStatus":"unknown"},{"vendor":"Siemens","product":"SIMATIC WinCC Runtime Professional V17","versions":[{"status":"affected","version":"0","lessThan":"V17 Update 8","versionType":"custom"}],"defaultStatus":"unknown"},{"vendor":"Siemens","product":"SIMATIC WinCC Runtime Professional V18","versions":[{"status":"affected","version":"0","lessThan":"V18 Update 4","versionType":"custom"}],"defaultStatus":"unknown"},{"vendor":"Siemens","product":"SIMATIC WinCC Runtime Professional V19","versions":[{"status":"affected","version":"0","lessThan":"V19 Update 2","versionType":"custom"}],"defaultStatus":"unknown"},{"vendor":"Siemens","product":"SIMATIC WinCC V7.4","versions":[{"status":"affected","version":"0","lessThan":"*","versionType":"custom"}],"defaultStatus":"unknown"},{"vendor":"Siemens","product":"SIMATIC WinCC V7.5","versions":[{"status":"affected","version":"0","lessThan":"V7.5 SP2 Update 17","versionType":"custom"}],"defaultStatus":"unknown"},{"vendor":"Siemens","product":"SIMATIC WinCC V8.0","versions":[{"status":"affected","version":"0","lessThan":"V8.0 Update 5","versionType":"custom"}],"defaultStatus":"unknown"},{"vendor":"Siemens","product":"SINAMICS Startdrive","versions":[{"status":"affected","version":"0","lessThan":"V19 SP1","versionType":"custom"}],"defaultStatus":"unknown"},{"vendor":"Siemens","product":"SINEC NMS","versions":[{"status":"affected","version":"0","lessThan":"V3.0","versionType":"custom"}],"defaultStatus":"unknown"},{"vendor":"Siemens","product":"SINEC NMS","versions":[{"status":"affected","version":"0","lessThan":"V3.0 SP1","versionType":"custom"}],"defaultStatus":"unknown"},{"vendor":"Siemens","product":"SINUMERIK ONE virtual","versions":[{"status":"affected","version":"0","lessThan":"V6.23","versionType":"custom"}],"defaultStatus":"unknown"},{"vendor":"Siemens","product":"SINUMERIK PLC Programming Tool","versions":[{"status":"affected","version":"0","lessThan":"V3.3.12","versionType":"custom"}],"defaultStatus":"unknown"},{"vendor":"Siemens","product":"TIA Portal Cloud Connector","versions":[{"status":"affected","version":"0","lessThan":"V2.0","versionType":"custom"}],"defaultStatus":"unknown"},{"vendor":"Siemens","product":"Totally Integrated Automation Portal (TIA Portal) V15.1","versions":[{"status":"affected","version":"0","lessThan":"*","versionType":"custom"}],"defaultStatus":"unknown"},{"vendor":"Siemens","product":"Totally Integrated Automation Portal (TIA Portal) V16","versions":[{"status":"affected","version":"0","lessThan":"*","versionType":"custom"}],"defaultStatus":"unknown"},{"vendor":"Siemens","product":"Totally Integrated Automation Portal (TIA Portal) V17","versions":[{"status":"affected","version":"0","lessThan":"V17 Update 8","versionType":"custom"}],"defaultStatus":"unknown"},{"vendor":"Siemens","product":"Totally Integrated Automation Portal (TIA Portal) V18","versions":[{"status":"affected","version":"0","lessThan":"V18 Update 4","versionType":"custom"}],"defaultStatus":"unknown"},{"vendor":"Siemens","product":"Totally Integrated Automation Portal (TIA Portal) V19","versions":[{"status":"affected","version":"0","lessThan":"V19 Update 2","versionType":"custom"}],"defaultStatus":"unknown"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C","baseScore":6.5,"baseSeverity":"MEDIUM"}},{"cvssV4_0":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H","baseScore":8.2,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-125","description":"CWE-125: Out-of-bounds Read","type":"CWE"}]}],"references":[{"url":"https://cert-portal.siemens.com/productcert/html/ssa-962515.html"},{"url":"https://cert-portal.siemens.com/productcert/html/ssa-784301.html"},{"url":"https://cert-portal.siemens.com/productcert/html/ssa-331112.html"}]},"adp":[{"title":"CISA ADP Vulnrichment","metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2023-46280","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-05-29T14:20:28.448026Z"}}}],"providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-06-04T17:22:08.819Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T20:37:40.324Z"},"title":"CVE Program Container","references":[{"url":"https://cert-portal.siemens.com/productcert/html/ssa-962515.html","tags":["x_transferred"]}]}]}}