CVE-2023-25910

CVSS V2 None CVSS V3 None

Description

A vulnerability has been identified in SIMATIC PCS 7 (All versions < V9.1 SP2 UC04), SIMATIC S7-PM (All versions < V5.7 SP1 HF1), SIMATIC S7-PM (All versions < V5.7 SP2 HF1), SIMATIC STEP 7 V5 (All versions < V5.7). The affected product contains a database management system that could allow remote users with low privileges to use embedded functions of the database (local or in a network share) that have impact on the server. An attacker with network access to the server network could leverage these embedded functions to run code with elevated privileges in the database management system's server.

Overview

CVE ID
CVE-2023-25910

Assigner
siemens

Vulnerability Status
PUBLISHED

Published Version
2023-06-13T08:17:04.612Z

Last Modified Date
2024-05-15T07:23:34.211Z

Weakness Enumerations

CWE	URL
CWE-94	http://cwe.mitre.org/data/definitions/94.html

References

Reference URL	Reference Tags
https://cert-portal.siemens.com/productcert/pdf/ssa-968170.pdf
https://cert-portal.siemens.com/productcert/html/ssa-968170.html

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-25910
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25910

History

Created	Old Value	New Value	Data Type	Notes
2024-06-25 17:38:21				Added to TrackCVE