ID
VAR-202502-0123
CVE
CVE-2023-37482
TITLE
Siemens Multiple SIMATIC Products Web Server User Enumeration Vulnerability
Trust: 0.6
DESCRIPTION
The login functionality of the web server in affected devices does not normalize the response times of login attempts. An unauthenticated remote attacker could exploit this side-channel information to distinguish between valid and invalid usernames. SIMATIC Drive Controllers are designed for the automation of production machines and combine the functionality of the SIMATIC S7-1500 CPU and SINAMICS S120 drive control. The SIMATIC ET 200SP Open Controller is a PC-based version of the SIMATIC S7-1500 controller, including optional visualization and central I/O combinations in one compact device. The SIMATIC S7-1200 CPU products are designed for discrete and continuous control in industrial environments such as global manufacturing, food and beverage, and chemical industries. The SIMATIC S7-1200 CPU products are designed for discrete and continuous control in industrial environments such as global manufacturing, food and beverage, and chemical industries. The SIMATIC S7-1500 CPU products are designed for discrete and continuous control in industrial environments such as global manufacturing, food and beverage, and chemical industries. The SIMATIC S7-1500 Software Controller is the SIMATIC software controller for PC-based automation solutions. SIMATIC S7-PLCSIM Advanced simulates S7-1200, S7-1500 and some other PLC derivatives. Includes full network access to simulate PLCs, even in virtualized environments
Trust: 1.44
IOT TAXONOMY
| category: | ['ICS'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | siemens | model: | simatic drive controller family | scope: | gte | version: | v3.1.0,<v3.1.2 | Trust: 0.6 |
| vendor: | siemens | model: | simatic et 200sp open controller cpu 1515sp pc2 | scope: | gte | version: | v30.1.0 | Trust: 0.6 |
| vendor: | siemens | model: | simatic s7-1200 cpu family | scope: | eq | version: | v4<4.7 | Trust: 0.6 |
| vendor: | siemens | model: | simatic s7-1500 cpu family | scope: | gte | version: | v3.1.0,<v3.1.2 | Trust: 0.6 |
| vendor: | siemens | model: | simatic s7-1500 software controller | scope: | gte | version: | v30.1.0 | Trust: 0.6 |
| vendor: | siemens | model: | simatic s7-plcsim advanced | scope: | gte | version: | v6.0,<v7.0 | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-203 | Trust: 1.0 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2023-37482 | Trust: 1.6 |
| db: | SIEMENS | id: | SSA-195895 | Trust: 1.6 |
| db: | CNVD | id: | CNVD-2025-03035 | Trust: 0.6 |
REFERENCES
| url: | https://cert-portal.siemens.com/productcert/html/ssa-195895.html | Trust: 1.6 |
SOURCES
| db: | CNVD | id: | CNVD-2025-03035 |
| db: | NVD | id: | CVE-2023-37482 |
LAST UPDATE DATE
2025-02-20T22:50:51.787000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2025-03035 | date: | 2025-02-18T00:00:00 |
| db: | NVD | id: | CVE-2023-37482 | date: | 2025-02-11T11:15:11.427 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2025-03035 | date: | 2025-02-18T00:00:00 |
| db: | NVD | id: | CVE-2023-37482 | date: | 2025-02-11T11:15:11.427 |