CNVD-2023-97278 — Vulnetix

CNVD-2023-97278 PUBLISHED CVSS 7.099999904632568 HIGH

Opcenter Quality是一种质量管理体系（QMS），使组织能够通过提高流程稳定性来保障合规性、优化质量、降低缺陷和返工成本并实现卓越运营。SIMATIC PCS neo是一种分布式控制系统（DCS）。SINUMERIK集成产品套件有助于在生产环境的IT中实现机床的简单联网。Totally Integrated Automation Portal (TIA Portal)是一款PC软件，可提供西门子数字化自动化服务的完整范围，从数字规划、集成工程到透明操作。User Management Component (UMC) 是一个集成组件，可实现对用户的全系统集中维护。 Siemens User Management Component (UMC)存在未明漏洞，攻击者可利用该漏洞欺骗合法用户以触发不必要的行为。

Risk Scores

CVSS 3.1

7.099999904632568

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C

Affected Products

Vendor	Product	Versions
Siemens	Totally Integrated Automation Portal (TIA Portal) V16	0
Siemens	Opcenter Quality	0
Siemens	Totally Integrated Automation Portal (TIA Portal) V15.1	0
Siemens	Totally Integrated Automation Portal (TIA Portal) V17	0
Siemens	Totally Integrated Automation Portal (TIA Portal) V18	0
Siemens	SINEC NMS	0
Siemens	SIMATIC PCS neo	0
Siemens	Opcenter Execution Foundation	0
Siemens	Totally Integrated Automation Portal (TIA Portal) V14	0

Exploit Intelligence

CIRCL seen: CVE-2023-46281 (circl-sighting)
https://cert-portal.siemens.com/productcert/pdf/ssa-999588.pdf (circl)
https://cert-portal.siemens.com/productcert/html/ssa-999588.html (circl)

Timeline

Dec 11, 2023 CVE Published
Jan 2, 2024 PoC Published

References

Open in Interactive Console →