CVE-2023-27465

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-27465
A vulnerability has been identified in SIMOTION C240 (All versions >= V5.4 < V5.5 SP1), SIMOTION C240 PN (All versions >= V5.4 < V5.5 SP1), SIMOTION D410-2 DP (All versions >= V5.4 < V5.5 SP1), SIMOTION D410-2 DP/PN (All versions >= V5.4 < V5.5 SP1), SIMOTION D425-2 DP (All versions >= V5.4 < V5.5 SP1), SIMOTION D425-2 DP/PN (All versions >= V5.4 < V5.5 SP1), SIMOTION D435-2 DP (All versions >= V5.4 < V5.5 SP1), SIMOTION D435-2 DP/PN (All versions >= V5.4 < V5.5 SP1), SIMOTION D445-2 DP/PN (All versions >= V5.4), SIMOTION D445-2 DP/PN (All versions >= V5.4 < V5.5 SP1), SIMOTION D455-2 DP/PN (All versions >= V5.4 < V5.5 SP1), SIMOTION P320-4 E (All versions >= V5.4), SIMOTION P320-4 S (All versions >= V5.4). When operated with Security Level Low the device does not protect access to certain services relevant for debugging. This could allow an unauthenticated attacker to extract confidential technology object (TO) configuration from the device.

4.6 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.9 / Impact : 3.6

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-482956.pdf Patch Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-482956.pdf Patch Vendor Advisory
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:siemens:simotion_d425-2_dp_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simotion_d425-2_dp_firmware:5.5:-:*:*:*:*:*:*
cpe:2.3:h:siemens:simotion_d425-2_dp:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:o:siemens:simotion_d425-2_dp\/pn_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simotion_d425-2_dp\/pn_firmware:5.5:-:*:*:*:*:*:*
cpe:2.3:h:siemens:simotion_d425-2_dp\/pn:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
OR cpe:2.3:o:siemens:simotion_d435-2_dp_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simotion_d435-2_dp_firmware:5.5:-:*:*:*:*:*:*
cpe:2.3:h:siemens:simotion_d435-2_dp:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
OR cpe:2.3:o:siemens:simotion_d435-2_dp\/pn_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simotion_d435-2_dp\/pn_firmware:5.5:-:*:*:*:*:*:*
cpe:2.3:h:siemens:simotion_d435-2_dp\/pn:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
OR cpe:2.3:o:siemens:simotion_d445-2_dp\/pn_\(0aa1\)_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simotion_d445-2_dp\/pn_\(0aa1\)_firmware:5.5:-:*:*:*:*:*:*
cpe:2.3:h:siemens:simotion_d445-2_dp\/pn_\(0aa1\):-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:siemens:simotion_d445-2_dp\/pn_\(0aa0\)_firmware:5.4:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simotion_d445-2_dp\/pn_\(0aa0\):-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
OR cpe:2.3:o:siemens:simotion_d455-2_dp\/pn_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simotion_d455-2_dp\/pn_firmware:5.5:-:*:*:*:*:*:*
cpe:2.3:h:siemens:simotion_d455-2_dp\/pn:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:siemens:simotion_p320-4_e_firmware:5.4:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simotion_p320-4_e:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:siemens:simotion_p320-4_s_firmware:5.4:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simotion_p320-4_s:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
OR cpe:2.3:o:siemens:simotion_d410-2_dp_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simotion_d410-2_dp_firmware:5.5:-:*:*:*:*:*:*
cpe:2.3:h:siemens:simotion_d410-2_dp:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
OR cpe:2.3:o:siemens:simotion_d410-2_dp\/pn_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simotion_d410-2_dp\/pn_firmware:5.5:-:*:*:*:*:*:*
cpe:2.3:h:siemens:simotion_d410-2_dp\/pn:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
OR cpe:2.3:o:siemens:simotion_c240_pn_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simotion_c240_pn_firmware:5.5:-:*:*:*:*:*:*
cpe:2.3:h:siemens:simotion_c240_pn:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
OR cpe:2.3:o:siemens:simotion_c240_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simotion_c240_firmware:5.5:-:*:*:*:*:*:*
cpe:2.3:h:siemens:simotion_c240:-:*:*:*:*:*:*:*
History

21 Nov 2024, 07:52

Type Values Removed Values Added
References () https://cert-portal.siemens.com/productcert/pdf/ssa-482956.pdf - Patch, Vendor Advisory () https://cert-portal.siemens.com/productcert/pdf/ssa-482956.pdf - Patch, Vendor Advisory

05 Jul 2023, 17:48

Type Values Removed Values Added
CWE CWE-200
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 4.6
First Time Siemens simotion P320-4 E Firmware
Siemens simotion D425-2 Dp\/pn Firmware
Siemens simotion C240 Pn
Siemens simotion C240 Pn Firmware
Siemens simotion D445-2 Dp\/pn \(0aa1\) Firmware
Siemens simotion D410-2 Dp Firmware
Siemens simotion C240
Siemens simotion P320-4 S Firmware
Siemens simotion D410-2 Dp\/pn
Siemens simotion D445-2 Dp\/pn \(0aa1\)
Siemens simotion P320-4 E
Siemens simotion D425-2 Dp\/pn
Siemens simotion D445-2 Dp\/pn \(0aa0\) Firmware
Siemens simotion D410-2 Dp\/pn Firmware
Siemens
Siemens simotion D455-2 Dp\/pn
Siemens simotion D425-2 Dp Firmware
Siemens simotion D425-2 Dp
Siemens simotion D435-2 Dp\/pn
Siemens simotion D435-2 Dp Firmware
Siemens simotion D435-2 Dp
Siemens simotion D435-2 Dp\/pn Firmware
Siemens simotion C240 Firmware
Siemens simotion D445-2 Dp\/pn \(0aa0\)
Siemens simotion D410-2 Dp
Siemens simotion P320-4 S
Siemens simotion D455-2 Dp\/pn Firmware
References (MISC) https://cert-portal.siemens.com/productcert/pdf/ssa-482956.pdf - (MISC) https://cert-portal.siemens.com/productcert/pdf/ssa-482956.pdf - Patch, Vendor Advisory
CPE cpe:2.3:o:siemens:simotion_c240_pn_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simotion_d435-2_dp\/pn_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simotion_d425-2_dp_firmware:5.5:-:*:*:*:*:*:*
cpe:2.3:h:siemens:simotion_d425-2_dp\/pn:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simotion_d435-2_dp:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simotion_d410-2_dp_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simotion_d445-2_dp\/pn_\(0aa1\)_firmware:5.5:-:*:*:*:*:*:*
cpe:2.3:o:siemens:simotion_d425-2_dp\/pn_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simotion_c240_firmware:5.5:-:*:*:*:*:*:*
cpe:2.3:o:siemens:simotion_d410-2_dp_firmware:5.5:-:*:*:*:*:*:*
cpe:2.3:o:siemens:simotion_d455-2_dp\/pn_firmware:5.5:-:*:*:*:*:*:*
cpe:2.3:h:siemens:simotion_p320-4_e:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simotion_d445-2_dp\/pn_\(0aa1\):-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simotion_d425-2_dp:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simotion_d435-2_dp_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simotion_c240:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simotion_d445-2_dp\/pn_\(0aa0\):-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simotion_d425-2_dp\/pn_firmware:5.5:-:*:*:*:*:*:*
cpe:2.3:o:siemens:simotion_d425-2_dp_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simotion_d435-2_dp\/pn:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simotion_p320-4_s_firmware:5.4:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simotion_d410-2_dp\/pn:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simotion_p320-4_e_firmware:5.4:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simotion_d435-2_dp_firmware:5.5:-:*:*:*:*:*:*
cpe:2.3:o:siemens:simotion_d445-2_dp\/pn_\(0aa0\)_firmware:5.4:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simotion_c240_pn:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simotion_d410-2_dp\/pn_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simotion_d455-2_dp\/pn:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simotion_d410-2_dp:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simotion_d410-2_dp\/pn_firmware:5.5:-:*:*:*:*:*:*
cpe:2.3:o:siemens:simotion_c240_pn_firmware:5.5:-:*:*:*:*:*:*
cpe:2.3:o:siemens:simotion_d435-2_dp\/pn_firmware:5.5:-:*:*:*:*:*:*
cpe:2.3:o:siemens:simotion_c240_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simotion_p320-4_s:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simotion_d455-2_dp\/pn_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simotion_d445-2_dp\/pn_\(0aa1\)_firmware:*:*:*:*:*:*:*:*

13 Jun 2023, 09:15

Type Values Removed Values Added
New CVE
Information

Published : 2023-06-13 09:15

Updated : 2024-11-21 07:52

NVD link : CVE-2023-27465

Mitre link : CVE-2023-27465

CVE.ORG link : CVE-2023-27465

JSON object : View

Products Affected

siemens

  • simotion_c240_pn_firmware
  • simotion_d425-2_dp_firmware
  • simotion_d435-2_dp\/pn_firmware
  • simotion_d445-2_dp\/pn_\(0aa0\)
  • simotion_p320-4_s
  • simotion_p320-4_e_firmware
  • simotion_d425-2_dp\/pn_firmware
  • simotion_p320-4_s_firmware
  • simotion_d455-2_dp\/pn
  • simotion_d410-2_dp
  • simotion_c240_firmware
  • simotion_d410-2_dp\/pn
  • simotion_d425-2_dp\/pn
  • simotion_d435-2_dp
  • simotion_d455-2_dp\/pn_firmware
  • simotion_c240_pn
  • simotion_d425-2_dp
  • simotion_c240
  • simotion_d445-2_dp\/pn_\(0aa1\)_firmware
  • simotion_p320-4_e
  • simotion_d435-2_dp\/pn
  • simotion_d410-2_dp_firmware
  • simotion_d445-2_dp\/pn_\(0aa1\)
  • simotion_d445-2_dp\/pn_\(0aa0\)_firmware
  • simotion_d410-2_dp\/pn_firmware
  • simotion_d435-2_dp_firmware
CWE
CWE-213

Exposure of Sensitive Information Due to Incompatible Policies

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024