CVE-2023-46283

CVSS V2 None CVSS V3 None

Description

A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 7), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer when handling specific requests on port 4002/tcp. This could allow an attacker to crash the application. The corresponding service is auto-restarted after the crash.

Overview

CVE ID
CVE-2023-46283

Assigner
siemens

Vulnerability Status
PUBLISHED

Published Version
2023-12-12T11:27:14.437Z

Last Modified Date
2024-05-15T07:23:45.646Z

Weakness Enumerations

CWE	URL
CWE-120	http://cwe.mitre.org/data/definitions/120.html

References

Reference URL	Reference Tags
https://cert-portal.siemens.com/productcert/pdf/ssa-999588.pdf
https://cert-portal.siemens.com/productcert/html/ssa-999588.html

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-46283
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46283

History

Created	Old Value	New Value	Data Type	Notes
2024-06-24 23:01:17				Added to TrackCVE