HIGH🇬🇧 English

CVE-2023-46284

CVSS 7.5v3.1pub. 2023-12-12upd. 2024-11-21

A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer when handling specific requests on port 4002/tcp and 4004/tcp. This could allow an attacker to crash the application. The corresponding service is auto-restarted after the crash.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • Siemens Opcenter Quality

    APP
    Siemens
    wszystkie wersje
  • Siemens Simatic Pcs Neo

    APP
    Siemens
    < 4.1
  • Siemens Sinumerik Integrate Runmyhmi \/automotive

    APP
    Siemens
    wszystkie wersje
  • Siemens Totally Integrated Automation Portal

    APP
    Siemens
    1815 – 16 (bez)16 – 17 (bez)17 – 18 (bez)14.0 – 15 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2025-40795CRITICAL9.3PL ✓ten sam produkt

Stack-based buffer overflow w Siemens SIMATIC PCS neo i UMC — RCE bez uwierzytelnienia

CVE-2021-20093CRITICAL9.1ten sam produkt

A buffer over-read vulnerability exists in Wibu-Systems CodeMeter versions < 7.21a. An unauthenticated remote ...

CVE-2021-27389CRITICAL9.8ten sam produkt

A vulnerability has been identified in Opcenter Quality (All versions < V12.2), QMS Automotive (All versions <...

CVE-2025-40796HIGH8.7ten sam produkt

A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions...

CVE-2025-40797HIGH8.7ten sam produkt

A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions...