CVE-2023-37482
published 2025-02-11CVE-2023-37482: The login functionality of the web server in affected devices does not normalize the response times of login attempts. An unauthenticated remote attacker could…
medium6.9CVSS 4.0
AVNACLATNPRNUINVCLVINVANSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
The login functionality of the web server in affected devices does not normalize the response times of login attempts. An unauthenticated remote attacker could exploit this side-channel information to distinguish between valid and invalid usernames.
Affected
92 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| siemens | simatic_drive_controller_cpu_1504d_tf | >= V3.1.0 < V3.1.2 | V3.1.2 |
| siemens | simatic_drive_controller_cpu_1507d_tf | >= V3.1.0 < V3.1.2 | V3.1.2 |
| siemens | simatic_et_200sp_cpu_1510sp-1_pn | >= V3.1.0 < V3.1.2 | V3.1.2 |
| siemens | simatic_et_200sp_cpu_1510sp_f-1_pn | >= V3.1.0 < V3.1.2 | V3.1.2 |
| siemens | simatic_et_200sp_cpu_1512sp-1_pn | >= V3.1.0 < V3.1.2 | V3.1.2 |
| siemens | simatic_et_200sp_cpu_1512sp_f-1_pn | >= V3.1.0 < V3.1.2 | V3.1.2 |
| siemens | simatic_et_200sp_cpu_1514sp-2_pn | >= V3.1.0 < V3.1.2 | V3.1.2 |
| siemens | simatic_et_200sp_cpu_1514sp_f-2_pn | >= V3.1.0 < V3.1.2 | V3.1.2 |
| siemens | simatic_et_200sp_cpu_1514spt-2_pn | >= V3.1.0 < V3.1.2 | V3.1.2 |
| siemens | simatic_et_200sp_cpu_1514spt_f-2_pn | >= V3.1.0 < V3.1.2 | V3.1.2 |
| siemens | simatic_et_200sp_open_controller_cpu_1515sp_pc2 | >= V30.1.0 < V31.1.4 | V31.1.4 |
| siemens | simatic_s7-1200_cpu_1211c_ac_dc_rly | < V4.7 | V4.7 |
| siemens | simatic_s7-1200_cpu_1211c_dc_dc_dc | < V4.7 | V4.7 |
| siemens | simatic_s7-1200_cpu_1211c_dc_dc_rly | < V4.7 | V4.7 |
| siemens | simatic_s7-1200_cpu_1212c_ac_dc_rly | < V4.7 | V4.7 |
| siemens | simatic_s7-1200_cpu_1212c_dc_dc_dc | < V4.7 | V4.7 |
| siemens | simatic_s7-1200_cpu_1212c_dc_dc_rly | < V4.7 | V4.7 |
| siemens | simatic_s7-1200_cpu_1212fc_dc_dc_dc | < V4.7 | V4.7 |
| siemens | simatic_s7-1200_cpu_1212fc_dc_dc_rly | < V4.7 | V4.7 |
| siemens | simatic_s7-1200_cpu_1214c_ac_dc_rly | < V4.7 | V4.7 |
| siemens | simatic_s7-1200_cpu_1214c_dc_dc_dc | < V4.7 | V4.7 |
| siemens | simatic_s7-1200_cpu_1214c_dc_dc_rly | < V4.7 | V4.7 |
| siemens | simatic_s7-1200_cpu_1214fc_dc_dc_dc | < V4.7 | V4.7 |
| siemens | simatic_s7-1200_cpu_1214fc_dc_dc_rly | < V4.7 | V4.7 |
| siemens | simatic_s7-1200_cpu_1215c_ac_dc_rly | < V4.7 | V4.7 |