CVE-2023-38380
published 2023-12-12CVE-2023-38380: A vulnerability has been identified in SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) (All versions = V6.1 < V6.1 HF2), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL…
PriorityP342high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.96%
57.0th percentile
A vulnerability has been identified in SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) (All versions = V6.1 < V6.1 HF2), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) (All versions < V2.3), SIPLUS NET CP 1543-1 (6AG1543-1AX00-2XE0) (All versions < V3.0.37). The webserver implementation of the affected products does not correctly release allocated memory after it has been used.
An attacker with network access could use this vulnerability to cause a denial-of-service condition in the webserver of the affected product.
Affected
21 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | fortinet | — | — |
| fortinet | fortios | — | — |
| fortinet | fortiswitchmanager | — | — |
| siemens | simatic_cp_1242-7_v2 | < V3.4.29 | V3.4.29 |
| siemens | simatic_cp_1243-1 | < V3.4.29 | V3.4.29 |
| siemens | simatic_cp_1243-1_dnp3 | < * | * |
| siemens | simatic_cp_1243-1_iec | < V3.4.29 | V3.4.29 |
| siemens | simatic_cp_1243-7_lte | < V3.4.29 | V3.4.29 |
| siemens | simatic_cp_1243-8_irc | < V3.4.29 | V3.4.29 |
| siemens | simatic_cp_1542sp-1 | < V2.3 | V2.3 |
| siemens | simatic_cp_1542sp-1_irc | < V2.3 | V2.3 |
| siemens | simatic_cp_1543-1 | < V3.0.37 | V3.0.37 |
| siemens | simatic_cp_1543sp-1 | < V2.3 | V2.3 |
| siemens | sinamics_s210 | >= V6.1 < V6.1 HF2 | V6.1 HF2 |
| siemens | sinamics_s210_firmware | — | — |
| siemens | sinamics_s210_firmware | — | — |
| siemens | sinamics_s210_firmware | — | — |
| siemens | siplus_et_200sp_cp_1542sp-1_irc_tx_rail | < V2.3 | V2.3 |
| siemens | siplus_et_200sp_cp_1543sp-1_isec | < V2.3 | V2.3 |
| siemens | siplus_et_200sp_cp_1543sp-1_isec_tx_rail | < V2.3 | V2.3 |
| siemens | siplus_net_cp_1543-1 | < V3.0.37 | V3.0.37 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv4.08.7HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Siemens SIMATIC and SIPLUS
cisa_ics·2024-06-13
Siemens SIMATIC and SIPLUS
ICS Advisory
##
Siemens SIMATIC and SIPLUS
Release DateJune 13, 2024
Alert CodeICSA-24-165-10
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: SIMATIC, SIPLUS
- Vulnerabilities: Inadequate Encryption Strength, Improper Restriction of Operations within the Bounds of a Memory Bu
CISA ICS
Siemens Web Server of Industrial Products
cisa_ics·2023-12-14·CVSS 8.7
[HIGH] Siemens Web Server of Industrial Products
ICS Advisory
##
Siemens Web Server of Industrial Products
Release DateDecember 14, 2023
Alert CodeICSA-23-348-08
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 7.5
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: SIMATIC CP, SINAMICS, SIPLUS NET CP
- Vulnerability: Missing Release of Memory after Effective Lifetime
## 2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an unauthorized at
Fortinet
Read-Only users able to add/modify the Interface fields using the API
vendor_fortinet·2022-11-02·CVSS 7.1
CVE-2022-38380 [MEDIUM] CWE-284 Read-Only users able to add/modify the Interface fields using the API
FG-IR-22-174: Read-Only users able to add/modify the Interface fields using the API
An improper access control [CWE-284] vulnerability in FortiOS version 7.2.0 and versions 7.0.0 through 7.0.7 may allow a remote authenticated read-only user to modify the interface settings via the API.
An improper access control in Fortinet FortiSwitchManager version 7.2.0 through 7.2.2
7.0.0 through 7.0.1 may allow a remote authenticated read-only user to modify the interface settings via the API.
CVEs: CVE-2022-38380, CVE-2023-36635
CWEs: CWE-284
CVSS: 7.1 (high)
Affected products: FortiOS, FortiSwitchManager, FortiSwitchmanager, Fortinet
GHSA
GHSA-532g-fpxj-7pxx: A vulnerability has been identified in SIMATIC CP 1242-7 V2 (incl
ghsa_unreviewed·2023-12-12
CVE-2023-38380 [HIGH] CWE-401 GHSA-532g-fpxj-7pxx: A vulnerability has been identified in SIMATIC CP 1242-7 V2 (incl
A vulnerability has been identified in SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-1 (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-7 LTE (All versions), SIMATIC CP 1243-8 IRC (All versions), SIMATIC CP 1543-1 (All versions), SINAMICS S210 (6SL5...) (All versions >= V6.1 < V6.1 HF2), SIPLUS NET CP 1543-1 (All versions). The webserver implementation of the affected products does not correctly release allocated memory after it has been used.
An attacker with network access could use this vulnerability to cause a denial-of-service condition in the webserver of the affected product.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://cert-portal.siemens.com/productcert/html/ssa-139628.htmlhttps://cert-portal.siemens.com/productcert/html/ssa-625862.htmlhttps://cert-portal.siemens.com/productcert/html/ssa-693975.htmlhttps://cert-portal.siemens.com/productcert/pdf/ssa-693975.pdfhttps://cert-portal.siemens.com/productcert/html/ssa-139628.htmlhttps://cert-portal.siemens.com/productcert/html/ssa-625862.htmlhttps://cert-portal.siemens.com/productcert/html/ssa-693975.htmlhttps://cert-portal.siemens.com/productcert/pdf/ssa-693975.pdf
2023-12-12
Published