VDB
ICSA-23-017-03
ICSA-23-017-03
PUBLISHED
CVSS 9.800000190734863 CRITICAL
Siemens has released a new version for SINEC INS that fixes multiple vulnerabilities that could allow an attacker to read and write arbitrary files from the file system of the affected component and to ultimately execute arbitrary code on the device. In addition, this version also contains fixes for multiple vulnerabilities in underlying third party components. Siemens has released an update for SINEC INS and recommends to update to the latest version.
Risk Scores
CVSS 3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| SINEC INS |
Exploit Intelligence
- https://cert-portal.siemens.com/productcert/csaf/ssa-332410.json (circl)
- https://cert-portal.siemens.com/productcert/txt/ssa-332410.txt (circl)
- https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf (circl)
- https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2023/icsa-23-017-03.json (circl)
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-017-03 (circl)
- https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01 (circl)
- https://www.cisa.gov/resources-tools/resources/ics-recommended-practices (circl)
- https://www.cisa.gov/topics/industrial-control-systems (circl)
- https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf (circl)
- https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf (circl)
…and 2 more exploits
Timeline
- Jan 10, 2023 CVE Published
References
- https://cert-portal.siemens.com/productcert/csaf/ssa-332410.json advisory
- https://cert-portal.siemens.com/productcert/txt/ssa-332410.txt advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf advisory
- https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2023/icsa-23-017-03.json advisory
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-017-03 advisory
- https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01 url
- https://www.cisa.gov/resources-tools/resources/ics-recommended-practices url
- https://www.cisa.gov/topics/industrial-control-systems url
- https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf url
- https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf url
- https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B url
- https://support.industry.siemens.com/cs/ww/en/view/109815432/ fix