CVE-2023-52891 — Improperly Controlled Sequential Memory Allocation in Siemens Simatic Energy Manager Basic

CWE-1325 — Improperly Controlled Sequential Memory Allocation3 documents3 sources

Severity

5.3MEDIUMNVD

CNA7.5

EPSS

0.1%

top 69.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Simatic Energy Manager Basic Siemens Simatic Energy Manager PRO Siemens Simatic IPC Diagbase +3 more

Timeline

PublishedJul 9

Description

A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.5), SIMATIC Energy Manager PRO (All versions < V7.5), SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions), SIMIT V10 (All versions), SIMIT V11 (All versions < V11.1). Unified Automation .NET based OPC UA Server SDK before 3.2.2 used in Siemens products are affected by a similar vulnerability as documented in CVE-2023-27321 for the OPC Foundation UA .NET Standard implementation. A succes…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages6 packages

▶CVEListV5siemens/simatic_energy_manager_basic< V7.5

▶CVEListV5siemens/simatic_energy_manager_pro< V7.5

▶CVEListV5siemens/simatic_ipc_diagbase< *

▶CVEListV5siemens/simatic_ipc_diagmonitor< *

▶CVEListV5siemens/simit_v10< *

🔴Vulnerability Details

CVEList

CVE-2023-52891: A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7↗2024-07-09

▶

GHSA

GHSA-gccj-rgh5-5x96: A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7↗2024-07-09

▶