Details of VAR-202403-0630

ID

VAR-202403-0630

CVE

CVE-2024-21483

TITLE

Siemens SENTRON 7KM PAC3x20 Devices Improper Access Control Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2024-13807

DESCRIPTION

A vulnerability has been identified in SENTRON 7KM PAC3120 AC/DC (7KM3120-0BA01-1DA0) (All versions >= V3.2.3 < V3.3.0 only when manufactured between LQN231003... and LQN231215... ( with LQNYYMMDD...)), SENTRON 7KM PAC3120 DC (7KM3120-1BA01-1EA0) (All versions >= V3.2.3 < V3.3.0 only when manufactured between LQN231003... and LQN231215... ( with LQNYYMMDD...)), SENTRON 7KM PAC3220 AC/DC (7KM3220-0BA01-1DA0) (All versions >= V3.2.3 < V3.3.0 only when manufactured between LQN231003... and LQN231215... ( with LQNYYMMDD...)), SENTRON 7KM PAC3220 DC (7KM3220-1BA01-1EA0) (All versions >= V3.2.3 < V3.3.0 only when manufactured between LQN231003... and LQN231215... ( with LQNYYMMDD...)). The read out protection of the internal flash of affected devices was not properly set at the end of the manufacturing process. An attacker with physical access to the device could read out the data. SENTRON PAC Meter products are power measuring devices for precise energy management and transparent information collection

Trust: 1.44

sources: NVD: CVE-2024-21483 // CNVD: CNVD-2024-13807

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2024-13807

AFFECTED PRODUCTS

vendor:	siemens	model:	sentron 7km pac3120 ac/dc	scope:	gte	version:	v3.2.3,<v3.3.0	Trust: 0.6
vendor:	siemens	model:	sentron 7km pac3120 dc	scope:	gte	version:	v3.2.3,<v3.3.0	Trust: 0.6
vendor:	siemens	model:	sentron 7km pac3220 ac/dc	scope:	gte	version:	v3.2.3,<v3.3.0	Trust: 0.6
vendor:	siemens	model:	sentron 7km pac3220 dc	scope:	gte	version:	v3.2.3,<v3.3.0	Trust: 0.6

sources: CNVD: CNVD-2024-13807

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com:	CVE-2024-21483
value:	MEDIUM
Trust: 1.0
CNVD:	CNVD-2024-13807
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2024-13807
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:C/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

productcert@siemens.com:
baseSeverity:	MEDIUM
baseScore:	4.6
vectorString:	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	0.9
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2024-13807 // NVD: CVE-2024-21483

PROBLEMTYPE DATA

problemtype:

CWE-284

Trust: 1.0

sources: NVD: CVE-2024-21483

PATCH

title:

Patch for Siemens SENTRON 7KM PAC3x20 Devices Improper Access Control Vulnerability

url:

https://www.cnvd.org.cn/patchinfo/show/534561

Trust: 0.6

sources: CNVD: CNVD-2024-13807

EXTERNAL IDS

db:	NVD	id:	CVE-2024-21483	Trust: 1.6
db:	SIEMENS	id:	SSA-792319	Trust: 1.6
db:	CNVD	id:	CNVD-2024-13807	Trust: 0.6

sources: CNVD: CNVD-2024-13807 // NVD: CVE-2024-21483

REFERENCES

url:

https://cert-portal.siemens.com/productcert/html/ssa-792319.html

Trust: 1.6

sources: CNVD: CNVD-2024-13807 // NVD: CVE-2024-21483

SOURCES

db:	CNVD	id:	CNVD-2024-13807
db:	NVD	id:	CVE-2024-21483

LAST UPDATE DATE

2024-03-20T23:07:23.578000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2024-13807	date:	2024-03-19T00:00:00
db:	NVD	id:	CVE-2024-21483	date:	2024-03-12T12:40:13.500

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2024-13807	date:	2024-03-19T00:00:00
db:	NVD	id:	CVE-2024-21483	date:	2024-03-12T11:15:48.217