CNVD-2023-97279 — Vulnetix

CNVD-2023-97279 PUBLISHED CVSS 7.5 HIGH

Opcenter Quality是一种质量管理体系（QMS），使组织能够通过提高流程稳定性来保障合规性、优化质量、降低缺陷和返工成本并实现卓越运营。SIMATIC PCS neo是一种分布式控制系统（DCS）。SINUMERIK集成产品套件有助于在生产环境的IT中实现机床的简单联网。Totally Integrated Automation Portal (TIA Portal)是一款PC软件，可提供西门子数字化自动化服务的完整范围，从数字规划、集成工程到透明操作。User Management Component (UMC) 是一个集成组件，可实现对用户的全系统集中维护。 Siemens User Management Component (UMC)存在输入验证不当漏洞，攻击者可利用该漏洞通过向4004/tcp发送特制的消息，使服务进入拒绝服务状态。

Risk Scores

CVSS 3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

Affected Products

Vendor	Product	Versions
Siemens	Totally Integrated Automation Portal (TIA Portal) V18	0
Siemens	Totally Integrated Automation Portal (TIA Portal) V17	0
Siemens	Totally Integrated Automation Portal (TIA Portal) V14	0
Siemens	SIMATIC PCS neo	0
Siemens	Opcenter Execution Foundation	0
Siemens	SINEC NMS	0
Siemens	Totally Integrated Automation Portal (TIA Portal) V16	0
Siemens	Totally Integrated Automation Portal (TIA Portal) V15.1	0
Siemens	Opcenter Quality	0

Exploit Intelligence

CIRCL seen: CVE-2023-46285 (circl-sighting)
https://cert-portal.siemens.com/productcert/pdf/ssa-999588.pdf (circl)
https://cert-portal.siemens.com/productcert/html/ssa-999588.html (circl)

Timeline

Dec 11, 2023 CVE Published
May 24, 2025 PoC Published

References

Open in Interactive Console →