Risk | Low |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2023-27465 |
CWE-ID | CWE-200 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software |
SIMOTION C240 Hardware solutions / Firmware SIMOTION C240 PN Hardware solutions / Firmware SIMOTION D410-2 DP/PN Hardware solutions / Firmware SIMOTION D425-2 DP Hardware solutions / Firmware SIMOTION D425-2 DP/PN Hardware solutions / Firmware SIMOTION D435-2 DP Hardware solutions / Firmware SIMOTION D435-2 DP/PN Hardware solutions / Firmware SIMOTION D445-2 DP/PN Hardware solutions / Firmware SIMOTION D455-2 DP/PN Hardware solutions / Firmware SIMOTION P320-4 E Hardware solutions / Firmware SIMOTION P320-4 S Hardware solutions / Firmware |
Vendor | Siemens |
Security Bulletin
This security bulletin contains one low risk vulnerability.
EUVDB-ID: #VU77309
Risk: Low
CVSSv3.1: 4 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-27465
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain access to potentially sensitive information.
The vulnerability exists due to the affected device does not protect access to certain services relevant for debugging. An attacker with physical access can extract confidential technology object (TO) configuration from the device.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSIMOTION C240: 5.4
SIMOTION C240 PN: 5.4
SIMOTION D410-2 DP/PN: 5.4
SIMOTION D425-2 DP: 5.4
SIMOTION D425-2 DP/PN: 5.4
SIMOTION D435-2 DP: 5.4
SIMOTION D435-2 DP/PN: 5.4
SIMOTION D445-2 DP/PN: 5.4
SIMOTION D455-2 DP/PN: 5.4
SIMOTION P320-4 E: 5.4
SIMOTION P320-4 S: 5.4
CPE2.3http://cert-portal.siemens.com/productcert/pdf/ssa-482956.pdf
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.