ID

VAR-202303-0902


CVE

CVE-2023-27403


TITLE

Siemens'  Tecnomatix Plant Simulation  Out-of-bounds write vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2023-004923

DESCRIPTION

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains a memory corruption vulnerability while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20303, ZDI-CAN-20348). Siemens' Tecnomatix Plant Simulation Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of SPP files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. Siemens Tecnomatix Plant Simulation is an industrial control equipment of German Siemens (Siemens). Leverage the power of discrete event simulation for throughput analysis and optimization to improve manufacturing system performance

Trust: 3.42

sources: NVD: CVE-2023-27403 // JVNDB: JVNDB-2023-004923 // ZDI: ZDI-23-332 // ZDI: ZDI-23-329 // CNVD: CNVD-2023-18934

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2023-18934

AFFECTED PRODUCTS

vendor:siemensmodel:tecnomatix plant simulationscope: - version: -

Trust: 1.4

vendor:siemensmodel:tecnomatix plant simulationscope:ltversion:2201.0006

Trust: 1.0

vendor:シーメンスmodel:tecnomatix plant simulationscope:eqversion: -

Trust: 0.8

vendor:シーメンスmodel:tecnomatix plant simulationscope:eqversion:2201.0006

Trust: 0.8

vendor:シーメンスmodel:tecnomatix plant simulationscope: - version: -

Trust: 0.8

vendor:siemensmodel:tecnomatix plant simulationscope:ltversion:v2201.0006

Trust: 0.6

sources: ZDI: ZDI-23-332 // ZDI: ZDI-23-329 // CNVD: CNVD-2023-18934 // JVNDB: JVNDB-2023-004923 // NVD: CVE-2023-27403

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI: CVE-2023-27403
value: HIGH

Trust: 1.4

productcert@siemens.com: CVE-2023-27403
value: HIGH

Trust: 1.0

OTHER: JVNDB-2023-004923
value: HIGH

Trust: 0.8

CNVD: CNVD-2023-18934
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202303-984
value: HIGH

Trust: 0.6

CNVD: CNVD-2023-18934
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

ZDI: CVE-2023-27403
baseSeverity: HIGH
baseScore: 7.8
vectorString: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.4

productcert@siemens.com:
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

OTHER: JVNDB-2023-004923
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: ZDI: ZDI-23-332 // ZDI: ZDI-23-329 // CNVD: CNVD-2023-18934 // JVNDB: JVNDB-2023-004923 // NVD: CVE-2023-27403 // CNNVD: CNNVD-202303-984

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.0

problemtype:Out-of-bounds writing (CWE-787) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-004923 // NVD: CVE-2023-27403

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202303-984

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202303-984

CONFIGURATIONS

sources: NVD: CVE-2023-27403

PATCH

title:Siemens has issued an update to correct this vulnerability.url:https://cert-portal.siemens.com/productcert/pdf/ssa-847261.pdf

Trust: 1.4

title:Patch for Siemens Tecnomatix Plant Simulation Memory Corruption Vulnerabilityurl:https://www.cnvd.org.cn/patchinfo/show/415681

Trust: 0.6

title:Siemens Tecnomatix Plant Simulation Buffer error vulnerability fixurl:http://123.124.177.30/web/xxk/bdxqbyid.tag?id=228844

Trust: 0.6

sources: ZDI: ZDI-23-332 // ZDI: ZDI-23-329 // CNVD: CNVD-2023-18934 // CNNVD: CNNVD-202303-984

EXTERNAL IDS

db:NVDid:CVE-2023-27403

Trust: 5.2

db:SIEMENSid:SSA-847261

Trust: 3.0

db:JVNid:JVNVU97514209

Trust: 0.8

db:JVNDBid:JVNDB-2023-004923

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-20348

Trust: 0.7

db:ZDIid:ZDI-23-332

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-20303

Trust: 0.7

db:ZDIid:ZDI-23-329

Trust: 0.7

db:CNVDid:CNVD-2023-18934

Trust: 0.6

db:CNNVDid:CNNVD-202303-984

Trust: 0.6

sources: ZDI: ZDI-23-332 // ZDI: ZDI-23-329 // CNVD: CNVD-2023-18934 // JVNDB: JVNDB-2023-004923 // NVD: CVE-2023-27403 // CNNVD: CNNVD-202303-984

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-847261.pdf

Trust: 4.4

url:https://jvn.jp/vu/jvnvu97514209/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2023-27403

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2023-27403/

Trust: 0.6

sources: ZDI: ZDI-23-332 // ZDI: ZDI-23-329 // CNVD: CNVD-2023-18934 // JVNDB: JVNDB-2023-004923 // NVD: CVE-2023-27403 // CNNVD: CNNVD-202303-984

CREDITS

Dennis Herrmann (@dhn_)

Trust: 0.7

sources: ZDI: ZDI-23-332

SOURCES

db:ZDIid:ZDI-23-332
db:ZDIid:ZDI-23-329
db:CNVDid:CNVD-2023-18934
db:JVNDBid:JVNDB-2023-004923
db:NVDid:CVE-2023-27403
db:CNNVDid:CNNVD-202303-984

LAST UPDATE DATE

2023-12-18T11:23:15.476000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-23-332date:2023-03-16T00:00:00
db:ZDIid:ZDI-23-329date:2023-03-16T00:00:00
db:CNVDid:CNVD-2023-18934date:2023-03-22T00:00:00
db:JVNDBid:JVNDB-2023-004923date:2023-11-02T07:28:00
db:NVDid:CVE-2023-27403date:2023-11-07T04:09:56.210
db:CNNVDid:CNNVD-202303-984date:2023-03-17T00:00:00

SOURCES RELEASE DATE

db:ZDIid:ZDI-23-332date:2023-03-16T00:00:00
db:ZDIid:ZDI-23-329date:2023-03-16T00:00:00
db:CNVDid:CNVD-2023-18934date:2023-03-22T00:00:00
db:JVNDBid:JVNDB-2023-004923date:2023-11-02T00:00:00
db:NVDid:CVE-2023-27403date:2023-03-14T10:15:29.337
db:CNNVDid:CNNVD-202303-984date:2023-03-14T00:00:00