Information disclosure in Siemens products - CVE-2023-27465
Published: June 14, 2023
Vulnerability identifier: #VU77309
CSH Severity: Low
CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2023-27465
CWE-ID: CWE-200
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
SIMOTION C240
SIMOTION C240 PN
SIMOTION D410-2 DP/PN
SIMOTION D425-2 DP
SIMOTION D425-2 DP/PN
SIMOTION D435-2 DP
SIMOTION D435-2 DP/PN
SIMOTION D445-2 DP/PN
SIMOTION D455-2 DP/PN
SIMOTION P320-4 E
SIMOTION P320-4 S
SIMOTION C240
SIMOTION C240 PN
SIMOTION D410-2 DP/PN
SIMOTION D425-2 DP
SIMOTION D425-2 DP/PN
SIMOTION D435-2 DP
SIMOTION D435-2 DP/PN
SIMOTION D445-2 DP/PN
SIMOTION D455-2 DP/PN
SIMOTION P320-4 E
SIMOTION P320-4 S
Software vendor:
Siemens
Siemens
Description
The vulnerability allows a local attacker to gain access to potentially sensitive information.
The vulnerability exists due to the affected device does not protect access to certain services relevant for debugging. An attacker with physical access can extract confidential technology object (TO) configuration from the device.
Remediation
Install updates from vendor's website.