Details of VAR-202401-0195

ID

VAR-202401-0195

CVE

CVE-2023-49252

TITLE

Siemens' simatic cn 4100 Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2023-024618

DESCRIPTION

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.7). The affected application allows IP configuration change without authentication to the device. This could allow an attacker to cause denial of service condition. Siemens' simatic cn 4100 Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. SIMATIC CN 4100 is a communication node that can connect to third-party systems. Siemens SIMATIC CN 4100 has an input validation error vulnerability that can be exploited by attackers to cause a denial of service

Trust: 2.16

sources: NVD: CVE-2023-49252 // JVNDB: JVNDB-2023-024618 // CNVD: CNVD-2024-01396

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2024-01396

AFFECTED PRODUCTS

vendor:	siemens	model:	simatic cn 4100	scope:	lt	version:	2.7	Trust: 1.0
vendor:	シーメンス	model:	simatic cn 4100	scope:	eq	version:	-	Trust: 0.8
vendor:	シーメンス	model:	simatic cn 4100	scope:	eq	version:	2.7	Trust: 0.8
vendor:	シーメンス	model:	simatic cn 4100	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic cn	scope:	eq	version:	4100<2.7	Trust: 0.6

sources: CNVD: CNVD-2024-01396 // JVNDB: JVNDB-2023-024618 // NVD: CVE-2023-49252

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com:	CVE-2023-49252
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2023-024618
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2024-01396
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2024-01396
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

productcert@siemens.com:	CVE-2023-49252
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2023-024618
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2024-01396 // JVNDB: JVNDB-2023-024618 // NVD: CVE-2023-49252

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-20	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-024618 // NVD: CVE-2023-49252

PATCH

title:

Patch for Siemens SIMATIC CN 4100 Input Validation Error Vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/514126

Trust: 0.6

sources: CNVD: CNVD-2024-01396

EXTERNAL IDS

db:	NVD	id:	CVE-2023-49252	Trust: 3.2
db:	SIEMENS	id:	SSA-777015	Trust: 2.4
db:	JVN	id:	JVNVU92179258	Trust: 0.8
db:	ICS CERT	id:	ICSA-24-011-09	Trust: 0.8
db:	JVNDB	id:	JVNDB-2023-024618	Trust: 0.8
db:	CNVD	id:	CNVD-2024-01396	Trust: 0.6

sources: CNVD: CNVD-2024-01396 // JVNDB: JVNDB-2023-024618 // NVD: CVE-2023-49252

REFERENCES

url:	https://cert-portal.siemens.com/productcert/pdf/ssa-777015.pdf	Trust: 1.8
url:	https://jvn.jp/vu/jvnvu92179258/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2023-49252	Trust: 0.8
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-24-011-09	Trust: 0.8
url:	https://cert-portal.siemens.com/productcert/html/ssa-777015.html	Trust: 0.6

sources: CNVD: CNVD-2024-01396 // JVNDB: JVNDB-2023-024618 // NVD: CVE-2023-49252

SOURCES

db:	CNVD	id:	CNVD-2024-01396
db:	JVNDB	id:	JVNDB-2023-024618
db:	NVD	id:	CVE-2023-49252

LAST UPDATE DATE

2025-03-14T22:46:16.796000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2024-01396	date:	2024-01-10T00:00:00
db:	JVNDB	id:	JVNDB-2023-024618	date:	2024-02-01T02:53:00
db:	NVD	id:	CVE-2023-49252	date:	2024-01-11T22:43:37.097

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2024-01396	date:	2024-01-10T00:00:00
db:	JVNDB	id:	JVNDB-2023-024618	date:	2024-02-01T00:00:00
db:	NVD	id:	CVE-2023-49252	date:	2024-01-09T10:15:20.243