{ "id": "CVE-2023-50821", "sourceIdentifier": "productcert@siemens.com", "published": "2024-04-09T09:15:21.270", "lastModified": "2025-01-14T11:15:14.980", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC04), SIMATIC WinCC Runtime Professional V17 (All versions < V17 Update 8), SIMATIC WinCC Runtime Professional V18 (All versions < V18 Update 4), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 1), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 16), SIMATIC WinCC V8.0 (All versions < V8.0 Update 5). The affected products do not properly validate the input provided in the login dialog box. An attacker could leverage this vulnerability to cause a persistent denial of service condition." }, { "lang": "es", "value": "Se ha identificado una vulnerabilidad en SIMATIC PCS 7 V9.1 (todas las versiones < V9.1 SP2 UC04), SIMATIC WinCC Runtime Professional V17 (todas las versiones), SIMATIC WinCC Runtime Professional V18 (todas las versiones < V18 Update 4), SIMATIC WinCC Runtime Professional V19 (todas las versiones < V19 Update 1), SIMATIC WinCC V7.5 (todas las versiones < V7.5 SP2 Update 16), SIMATIC WinCC V8.0 (todas las versiones < V8.0 Update 5). Los productos afectados no validan correctamente la entrada proporcionada en el cuadro de di\u00e1logo de inicio de sesi\u00f3n. Un atacante podr\u00eda aprovechar esta vulnerabilidad para provocar una condici\u00f3n de denegaci\u00f3n de servicio persistente." } ], "metrics": { "cvssMetricV40": [ { "source": "productcert@siemens.com", "type": "Secondary", "cvssData": { "version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 6.9, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnerableSystemConfidentiality": "NONE", "vulnerableSystemIntegrity": "NONE", "vulnerableSystemAvailability": "HIGH", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "subsequentSystemAvailability": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirements": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "safety": "NOT_DEFINED", "automatable": "NOT_DEFINED", "recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED" } } ], "cvssMetricV31": [ { "source": "productcert@siemens.com", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 6.2, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH" }, "exploitabilityScore": 2.5, "impactScore": 3.6 } ] }, "weaknesses": [ { "source": "productcert@siemens.com", "type": "Secondary", "description": [ { "lang": "en", "value": "CWE-120" } ] } ], "references": [ { "url": "https://cert-portal.siemens.com/productcert/html/ssa-730482.html", "source": "productcert@siemens.com" }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-730482.html", "source": "af854a3a-2127-422b-91ae-364da2661108" } ] }