CVE-2023-51440

{"id": "CVE-2023-51440", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "productcert@siemens.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-02-13T09:15:46.830", "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-516818.html", "tags": ["Vendor Advisory"], "source": "productcert@siemens.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "productcert@siemens.com", "description": [{"lang": "en", "value": "CWE-940"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in SIMATIC CP 343-1 (6GK7343-1EX30-0XE0) (All versions), SIMATIC CP 343-1 Lean (6GK7343-1CX10-0XE0) (All versions), SIPLUS NET CP 343-1 (6AG1343-1EX30-7XE0) (All versions), SIPLUS NET CP 343-1 Lean (6AG1343-1CX10-2XE0) (All versions). Affected products incorrectly validate TCP sequence numbers. This could allow an unauthenticated remote attacker to create a denial of service condition by injecting spoofed TCP RST packets."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en: \nSIMATIC CP 343-1 (6GK7343-1EX30-0XE0) (todas las versiones), \nSIMATIC CP 343-1 Lean (6GK7343-1CX10-0XE0) (todas las versiones), \nSIPLUS NET CP 343-1 (6AG1343- 1EX30-7XE0) (todas las versiones), \nSIPLUS NET CP 343-1 Lean (6AG1343-1CX10-2XE0) (todas las versiones). \nLos productos afectados validan incorrectamente los n\u00fameros de secuencia TCP. Esto podr\u00eda permitir que un atacante remoto no autenticado cree una condici\u00f3n de denegaci\u00f3n de servicio inyectando paquetes TCP RST falsificados."}], "lastModified": "2024-10-18T17:19:23.517", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:cp_343-1_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BCBBA47B-610F-4226-83DB-D9D246D12274"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:cp_343-1:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7750ADFE-975A-4996-97AF-564E92DBC2E1"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:cp_343-1_lean_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8DFF3729-82F1-42AD-AE58-D0E5216E7148"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:cp_343-1_lean:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "482D477B-0087-4531-9B69-0B3E13BE608C"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:siplus_net_cp_343-1_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E5941347-0E16-41D1-BC6C-4FC62916F20F"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:siplus_net_cp_343-1:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C04E90BF-FA49-40B2-AEA2-A64A6E5A8B77"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:siplus_net_cp_343-1_lean_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "98B87B82-1949-498F-A922-8DF26B9F6414"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:siplus_net_cp_343-1_lean:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "31A4A9A6-25FF-4FEF-8081-E827CCC87FAF"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "productcert@siemens.com"}