{ "id": "CVE-2023-27465", "sourceIdentifier": "productcert@siemens.com", "published": "2023-06-13T09:15:16.557", "lastModified": "2023-07-05T17:48:25.550", "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in SIMOTION C240 (All versions >= V5.4 < V5.5 SP1), SIMOTION C240 PN (All versions >= V5.4 < V5.5 SP1), SIMOTION D410-2 DP (All versions >= V5.4 < V5.5 SP1), SIMOTION D410-2 DP/PN (All versions >= V5.4 < V5.5 SP1), SIMOTION D425-2 DP (All versions >= V5.4 < V5.5 SP1), SIMOTION D425-2 DP/PN (All versions >= V5.4 < V5.5 SP1), SIMOTION D435-2 DP (All versions >= V5.4 < V5.5 SP1), SIMOTION D435-2 DP/PN (All versions >= V5.4 < V5.5 SP1), SIMOTION D445-2 DP/PN (All versions >= V5.4), SIMOTION D445-2 DP/PN (All versions >= V5.4 < V5.5 SP1), SIMOTION D455-2 DP/PN (All versions >= V5.4 < V5.5 SP1), SIMOTION P320-4 E (All versions >= V5.4), SIMOTION P320-4 S (All versions >= V5.4). When operated with Security Level Low the device does not protect access to certain services relevant for debugging. This could allow an unauthenticated attacker to extract confidential technology object (TO) configuration from the device." } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector": "PHYSICAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 4.6, "baseSeverity": "MEDIUM" }, "exploitabilityScore": 0.9, "impactScore": 3.6 }, { "source": "productcert@siemens.com", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector": "PHYSICAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 4.6, "baseSeverity": "MEDIUM" }, "exploitabilityScore": 0.9, "impactScore": 3.6 } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-200" } ] }, { "source": "productcert@siemens.com", "type": "Secondary", "description": [ { "lang": "en", "value": "CWE-213" } ] } ], "configurations": [ { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:siemens:simotion_d425-2_dp:-:*:*:*:*:*:*:*", "matchCriteriaId": "CFD83F3F-CF11-44D9-8F9C-0B8D33BC3481" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:siemens:simotion_d425-2_dp_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.4", "versionEndExcluding": "5.5", "matchCriteriaId": "0A65B54E-FE29-4352-8BA4-60C2F23F87F8" }, { "vulnerable": true, "criteria": "cpe:2.3:o:siemens:simotion_d425-2_dp_firmware:5.5:-:*:*:*:*:*:*", "matchCriteriaId": "B6979F0F-FA12-422F-938D-0C84D39F69E9" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:siemens:simotion_d425-2_dp\\/pn:-:*:*:*:*:*:*:*", "matchCriteriaId": "1A007F9C-B6E3-4606-A7C2-B78E5F51C9BF" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:siemens:simotion_d425-2_dp\\/pn_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.4", "versionEndExcluding": "5.5", "matchCriteriaId": "50C77E0A-9C5D-43EA-9157-C94CF4ACBE98" }, { "vulnerable": true, "criteria": "cpe:2.3:o:siemens:simotion_d425-2_dp\\/pn_firmware:5.5:-:*:*:*:*:*:*", "matchCriteriaId": "35BA3146-E138-48C5-BAFB-36FF795C8591" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:siemens:simotion_d435-2_dp_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.4", "versionEndExcluding": "5.5", "matchCriteriaId": "848DE61E-A4F9-4368-82AB-EA6FCD369EDB" }, { "vulnerable": true, "criteria": "cpe:2.3:o:siemens:simotion_d435-2_dp_firmware:5.5:-:*:*:*:*:*:*", "matchCriteriaId": "EC2302CA-AD84-4FE8-98EA-7764A5B8978B" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:siemens:simotion_d435-2_dp:-:*:*:*:*:*:*:*", "matchCriteriaId": "80932D46-6182-4B9D-9A66-BC381052DBF8" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:siemens:simotion_d435-2_dp\\/pn_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.4", "versionEndExcluding": "5.5", "matchCriteriaId": "FE2ACB98-373C-471C-B5A7-8D1BE59BBDA7" }, { "vulnerable": true, "criteria": "cpe:2.3:o:siemens:simotion_d435-2_dp\\/pn_firmware:5.5:-:*:*:*:*:*:*", "matchCriteriaId": "AB781258-8A47-4388-A115-68ACF6CFD420" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:siemens:simotion_d435-2_dp\\/pn:-:*:*:*:*:*:*:*", "matchCriteriaId": "3371CB24-AB41-44C7-93B7-78E2BD171D42" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:siemens:simotion_d445-2_dp\\/pn_\\(0aa1\\)_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.4", "versionEndExcluding": "5.5", "matchCriteriaId": "B9B8C9F9-9474-4153-8CCA-60308E13543D" }, { "vulnerable": true, "criteria": "cpe:2.3:o:siemens:simotion_d445-2_dp\\/pn_\\(0aa1\\)_firmware:5.5:-:*:*:*:*:*:*", "matchCriteriaId": "117C8E63-C09D-412C-9B68-F2C72A8CCEDD" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:siemens:simotion_d445-2_dp\\/pn_\\(0aa1\\):-:*:*:*:*:*:*:*", "matchCriteriaId": "DC9044F0-7E54-4C66-8613-A440B71D9D0D" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:siemens:simotion_d445-2_dp\\/pn_\\(0aa0\\)_firmware:5.4:*:*:*:*:*:*:*", "matchCriteriaId": "6B9D8FBD-E8E7-43E1-922F-973851E0D160" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:siemens:simotion_d445-2_dp\\/pn_\\(0aa0\\):-:*:*:*:*:*:*:*", "matchCriteriaId": "05D488BB-E0B5-46DF-B303-98524A39EEC2" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:siemens:simotion_d455-2_dp\\/pn_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.4", "versionEndExcluding": "5.5", "matchCriteriaId": "9CB06BE4-AA5C-4367-B34F-BB3FC17B9470" }, { "vulnerable": true, "criteria": "cpe:2.3:o:siemens:simotion_d455-2_dp\\/pn_firmware:5.5:-:*:*:*:*:*:*", "matchCriteriaId": "995B8740-C501-4448-9D22-4D115FAAE543" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:siemens:simotion_d455-2_dp\\/pn:-:*:*:*:*:*:*:*", "matchCriteriaId": "53FBAAA1-4012-463D-864B-C7BEAE15093E" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:siemens:simotion_p320-4_e:-:*:*:*:*:*:*:*", "matchCriteriaId": "80DFB571-E3FA-44AA-B81C-AC7E13FFCB01" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:siemens:simotion_p320-4_e_firmware:5.4:*:*:*:*:*:*:*", "matchCriteriaId": "2C90B0F9-BBC8-417E-98FD-30BC069E769D" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:siemens:simotion_p320-4_s:-:*:*:*:*:*:*:*", "matchCriteriaId": "4849FE93-67D0-496F-B47D-5035FF902540" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:siemens:simotion_p320-4_s_firmware:5.4:*:*:*:*:*:*:*", "matchCriteriaId": "D49AFE41-D93E-4488-A5CB-AC48BB5921D6" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:siemens:simotion_d410-2_dp:-:*:*:*:*:*:*:*", "matchCriteriaId": "D2899391-D29A-4C95-A795-1B7EADCDF799" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:siemens:simotion_d410-2_dp_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.4", "versionEndExcluding": "5.5", "matchCriteriaId": "91C51B40-4344-4796-AF7B-9F85D255A113" }, { "vulnerable": true, "criteria": "cpe:2.3:o:siemens:simotion_d410-2_dp_firmware:5.5:-:*:*:*:*:*:*", "matchCriteriaId": "E2E25B36-BB4D-40B6-91A2-FC344E063B45" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:siemens:simotion_d410-2_dp\\/pn:-:*:*:*:*:*:*:*", "matchCriteriaId": "C6C5013B-BE8F-4635-9F7E-006EE737A4A0" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:siemens:simotion_d410-2_dp\\/pn_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.4", "versionEndExcluding": "5.5", "matchCriteriaId": "52950381-7B46-46F7-9B44-0313EA47EA87" }, { "vulnerable": true, "criteria": "cpe:2.3:o:siemens:simotion_d410-2_dp\\/pn_firmware:5.5:-:*:*:*:*:*:*", "matchCriteriaId": "BFA771D3-A08F-4690-853D-F07B47EC83AE" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:siemens:simotion_c240_pn:-:*:*:*:*:*:*:*", "matchCriteriaId": "2355A13D-6E84-4F35-8BE6-223C086E3719" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:siemens:simotion_c240_pn_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.4", "versionEndExcluding": "5.5", "matchCriteriaId": "625A4A2B-37BB-4534-B1DD-3B18862F97BC" }, { "vulnerable": true, "criteria": "cpe:2.3:o:siemens:simotion_c240_pn_firmware:5.5:-:*:*:*:*:*:*", "matchCriteriaId": "2BE0D94D-FFF4-4913-9376-A3389579CC70" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:siemens:simotion_c240:-:*:*:*:*:*:*:*", "matchCriteriaId": "48B461ED-4B04-4EC2-B88E-F50D53509B1D" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:siemens:simotion_c240_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.4", "versionEndExcluding": "5.5", "matchCriteriaId": "94035BD3-584A-4F93-A9AB-75A32F1628E2" }, { "vulnerable": true, "criteria": "cpe:2.3:o:siemens:simotion_c240_firmware:5.5:-:*:*:*:*:*:*", "matchCriteriaId": "6E8FF00E-5125-4CD8-BD83-9F595ABA3B11" } ] } ] } ], "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-482956.pdf", "source": "productcert@siemens.com", "tags": [ "Patch", "Vendor Advisory" ] } ] }