Search

Find a vulnerability

Search criteria

    12 vulnerabilities found for SIMATIC Energy Manager Basic by Siemens

    VAR-202204-0322

    Vulnerability from variot - Updated: 2024-11-23 21:32

    A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.3 Update 1), SIMATIC Energy Manager PRO (All versions < V7.3 Update 1). A DLL Hijacking vulnerability could allow a local attacker to execute code with elevated privileges by placing a malicious DLL in one of the directories on the DLL search path. SIMATIC Energy Manager visualizes the energy flow and consumption values in the process in detail, assigns them to the relevant consumers or cost centers, and determines the reasons for changes

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202204-0322",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "simatic energy manager basic",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "7.3"
          },
          {
            "model": "simatic energy manager basic",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "7.3"
          },
          {
            "model": "simatic energy manager pro",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "7.3"
          },
          {
            "model": "simatic energy manager pro",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "7.3"
          },
          {
            "model": "simatic energy manager pro",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
            "version": "7.3 update 1"
          },
          {
            "model": "simatic energy manager basic",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
            "version": null
          },
          {
            "model": "simatic energy manager basic update",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "siemens",
            "version": "7.31"
          },
          {
            "model": "simatic energy manager pro update",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "siemens",
            "version": "7.31"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-28493"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-001570"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-23449"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Noam Moshe of Claroty reported these vulnerabilities to Siemens.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202204-2944"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2022-23449",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 6.9,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.4,
                "id": "CVE-2022-23449",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2022-28493",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.3,
                "id": "CVE-2022-23449",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.3,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2022-23449",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-23449",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2022-23449",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2022-28493",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202204-2944",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2022-23449",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-28493"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-23449"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-001570"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202204-2944"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-23449"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions \u003c V7.3 Update 1), SIMATIC Energy Manager PRO (All versions \u003c V7.3 Update 1). A DLL Hijacking vulnerability could allow a local attacker to execute code with elevated privileges by placing a malicious DLL in one of the directories on the DLL search path. SIMATIC Energy Manager visualizes the energy flow and consumption values in the process in detail, assigns them to the relevant consumers or cost centers, and determines the reasons for changes",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-23449"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-001570"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-28493"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-23449"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-23449",
            "trust": 3.9
          },
          {
            "db": "SIEMENS",
            "id": "SSA-655554",
            "trust": 2.3
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-22-104-11",
            "trust": 1.5
          },
          {
            "db": "JVN",
            "id": "JVNVU91165555",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-001570",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-28493",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022041913",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202204-2944",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-23449",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-28493"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-23449"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-001570"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202204-2944"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-23449"
          }
        ]
      },
      "id": "VAR-202204-0322",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-28493"
          }
        ],
        "trust": 1.1750000250000001
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-28493"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:32:37.674000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "SSA-655554",
            "trust": 0.8,
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-655554.pdf"
          },
          {
            "title": "Patch for Unknown Vulnerability in Siemens SIMATIC Energy Manager",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/329216"
          },
          {
            "title": "Siemens SIMATIC Fixes for code issue vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=190116"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-28493"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-001570"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202204-2944"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-427",
            "trust": 1.0
          },
          {
            "problemtype": "Uncontrolled search path elements (CWE-427) [NVD Evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-001570"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-23449"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.3,
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-655554.pdf"
          },
          {
            "trust": 0.9,
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-104-11"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu91165555/"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23449"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022041913"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/simatic-energy-manager-three-vulnerabilities-38020"
          },
          {
            "trust": 0.6,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-104-11"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-23449/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/427.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-28493"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-23449"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-001570"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202204-2944"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-23449"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-28493"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-23449"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-001570"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202204-2944"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-23449"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-04-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-28493"
          },
          {
            "date": "2022-04-12T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-23449"
          },
          {
            "date": "2022-04-22T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-001570"
          },
          {
            "date": "2022-04-12T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202204-2944"
          },
          {
            "date": "2022-04-12T09:15:14.297000",
            "db": "NVD",
            "id": "CVE-2022-23449"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-04-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-28493"
          },
          {
            "date": "2022-04-19T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-23449"
          },
          {
            "date": "2022-04-22T06:27:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-001570"
          },
          {
            "date": "2022-04-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202204-2944"
          },
          {
            "date": "2024-11-21T06:48:34.670000",
            "db": "NVD",
            "id": "CVE-2022-23449"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202204-2944"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "SIMATIC\u00a0Energy\u00a0Manager\u00a0Basic\u00a0 and \u00a0SIMATIC\u00a0Energy\u00a0Manager\u00a0PRO\u00a0 Vulnerability in Uncontrolled Search Path Elements",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-001570"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "code problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202204-2944"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202204-0323

    Vulnerability from variot - Updated: 2024-11-23 21:32

    A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.3 Update 1), SIMATIC Energy Manager PRO (All versions < V7.3 Update 1). Affected applications improperly assign permissions to critical directories and files used by the application processes. This could allow a local unprivileged attacker to achieve code execution with ADMINISTRATOR or even NT AUTHORITY/SYSTEM privileges. SIMATIC Energy Manager visualizes the energy flow and consumption values in the process in detail, assigns them to the relevant consumers or cost centers, and determines the reasons for changes

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202204-0323",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "simatic energy manager basic",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "7.3"
          },
          {
            "model": "simatic energy manager basic",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "7.3"
          },
          {
            "model": "simatic energy manager pro",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "7.3"
          },
          {
            "model": "simatic energy manager pro",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "7.3"
          },
          {
            "model": "simatic energy manager pro",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
            "version": "7.3 update 1"
          },
          {
            "model": "simatic energy manager basic",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
            "version": null
          },
          {
            "model": "simatic energy manager basic update",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "siemens",
            "version": "7.31"
          },
          {
            "model": "simatic energy manager pro update",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "siemens",
            "version": "7.31"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-28494"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-001569"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-23448"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Noam Moshe of Claroty reported these vulnerabilities to Siemens.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202204-2945"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2022-23448",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2022-23448",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2022-28494",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2022-23448",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2022-23448",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-23448",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2022-23448",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2022-28494",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202204-2945",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2022-23448",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-28494"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-23448"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-001569"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202204-2945"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-23448"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions \u003c V7.3 Update 1), SIMATIC Energy Manager PRO (All versions \u003c V7.3 Update 1). Affected applications improperly assign permissions to critical directories and files used by the application processes. This could allow a local unprivileged attacker to achieve code execution with ADMINISTRATOR or even NT AUTHORITY/SYSTEM privileges. SIMATIC Energy Manager visualizes the energy flow and consumption values in the process in detail, assigns them to the relevant consumers or cost centers, and determines the reasons for changes",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-23448"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-001569"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-28494"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-23448"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-23448",
            "trust": 3.9
          },
          {
            "db": "SIEMENS",
            "id": "SSA-655554",
            "trust": 2.3
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-22-104-11",
            "trust": 1.5
          },
          {
            "db": "JVN",
            "id": "JVNVU91165555",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-001569",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-28494",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022041913",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202204-2945",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-23448",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-28494"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-23448"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-001569"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202204-2945"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-23448"
          }
        ]
      },
      "id": "VAR-202204-0323",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-28494"
          }
        ],
        "trust": 1.1750000250000001
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-28494"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:32:37.644000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "SSA-655554",
            "trust": 0.8,
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-655554.pdf"
          },
          {
            "title": "Patch for Siemens SIMATIC Energy Manager Access Control Error Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/329211"
          },
          {
            "title": "Siemens SIMATIC Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=190117"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-28494"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-001569"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202204-2945"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-732",
            "trust": 1.0
          },
          {
            "problemtype": "Improper permission assignment for critical resources (CWE-732) [NVD Evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-001569"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-23448"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.3,
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-655554.pdf"
          },
          {
            "trust": 0.9,
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-104-11"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu91165555/"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23448"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022041913"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/simatic-energy-manager-three-vulnerabilities-38020"
          },
          {
            "trust": 0.6,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-104-11"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-23448/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/732.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-28494"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-23448"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-001569"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202204-2945"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-23448"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-28494"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-23448"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-001569"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202204-2945"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-23448"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-04-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-28494"
          },
          {
            "date": "2022-04-12T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-23448"
          },
          {
            "date": "2022-04-22T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-001569"
          },
          {
            "date": "2022-04-12T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202204-2945"
          },
          {
            "date": "2022-04-12T09:15:14.233000",
            "db": "NVD",
            "id": "CVE-2022-23448"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-04-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-28494"
          },
          {
            "date": "2022-04-19T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-23448"
          },
          {
            "date": "2022-04-22T06:27:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-001569"
          },
          {
            "date": "2022-04-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202204-2945"
          },
          {
            "date": "2024-11-21T06:48:34.530000",
            "db": "NVD",
            "id": "CVE-2022-23448"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202204-2945"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "SIMATIC\u00a0Energy\u00a0Manager\u00a0Basic\u00a0 and \u00a0SIMATIC\u00a0Energy\u00a0Manager\u00a0PRO\u00a0 Improper Permission Assignment Vulnerability in Critical Resources",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-001569"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202204-2945"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202204-0324

    Vulnerability from variot - Updated: 2024-11-23 21:32

    A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.3 Update 1), SIMATIC Energy Manager PRO (All versions < V7.3 Update 1). The affected system allows remote users to send maliciously crafted objects. Due to insecure deserialization of user-supplied content by the affected software, an unauthenticated attacker could exploit this vulnerability by sending a maliciously crafted serialized object. This could allow the attacker to execute arbitrary code on the device with SYSTEM privileges

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202204-0324",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "simatic energy manager basic",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "7.3"
          },
          {
            "model": "simatic energy manager basic",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "7.3"
          },
          {
            "model": "simatic energy manager pro",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "7.3"
          },
          {
            "model": "simatic energy manager pro",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "7.3"
          },
          {
            "model": "simatic energy manager pro",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
            "version": "7.3 update 1"
          },
          {
            "model": "simatic energy manager basic",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-001571"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-23450"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Noam Moshe of Claroty reported these vulnerabilities to Siemens.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202204-2942"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2022-23450",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2022-23450",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2022-23450",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2022-23450",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-23450",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2022-23450",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202204-2942",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULMON",
                "id": "CVE-2022-23450",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2022-23450"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-001571"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202204-2942"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-23450"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions \u003c V7.3 Update 1), SIMATIC Energy Manager PRO (All versions \u003c V7.3 Update 1). The affected system allows remote users to send maliciously crafted objects. Due to insecure deserialization of user-supplied content by the affected software, an unauthenticated attacker could exploit this vulnerability by sending a maliciously crafted serialized object. This could allow the attacker to execute arbitrary code on the device with SYSTEM privileges",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-23450"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-001571"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-23450"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-23450",
            "trust": 3.3
          },
          {
            "db": "SIEMENS",
            "id": "SSA-655554",
            "trust": 1.7
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-22-104-11",
            "trust": 1.5
          },
          {
            "db": "JVN",
            "id": "JVNVU91165555",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-001571",
            "trust": 0.8
          },
          {
            "db": "CS-HELP",
            "id": "SB2022041913",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202204-2942",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-23450",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2022-23450"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-001571"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202204-2942"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-23450"
          }
        ]
      },
      "id": "VAR-202204-0324",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.575000025
      },
      "last_update_date": "2024-11-23T21:32:37.467000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "SSA-655554",
            "trust": 0.8,
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-655554.pdf"
          },
          {
            "title": "Siemens SIMATIC Fixes for code issue vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=189469"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-001571"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202204-2942"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-502",
            "trust": 1.0
          },
          {
            "problemtype": "Deserialization of untrusted data (CWE-502) [NVD Evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-001571"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-23450"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-655554.pdf"
          },
          {
            "trust": 0.9,
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-104-11"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu91165555/"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23450"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022041913"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/simatic-energy-manager-three-vulnerabilities-38020"
          },
          {
            "trust": 0.6,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-104-11"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-23450/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/502.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2022-23450"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-001571"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202204-2942"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-23450"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULMON",
            "id": "CVE-2022-23450"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-001571"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202204-2942"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-23450"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-04-12T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-23450"
          },
          {
            "date": "2022-04-22T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-001571"
          },
          {
            "date": "2022-04-12T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202204-2942"
          },
          {
            "date": "2022-04-12T09:15:14.357000",
            "db": "NVD",
            "id": "CVE-2022-23450"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-04-19T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-23450"
          },
          {
            "date": "2022-04-22T06:27:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-001571"
          },
          {
            "date": "2022-04-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202204-2942"
          },
          {
            "date": "2024-11-21T06:48:34.807000",
            "db": "NVD",
            "id": "CVE-2022-23450"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202204-2942"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "SIMATIC\u00a0Energy\u00a0Manager\u00a0Basic\u00a0 and \u00a0SIMATIC\u00a0Energy\u00a0Manager\u00a0PRO\u00a0 Untrusted Data Deserialization Vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-001571"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "code problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202204-2942"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202407-0374

    Vulnerability from variot - Updated: 2024-08-14 14:01

    A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.5), SIMATIC Energy Manager PRO (All versions < V7.5), SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions), SIMIT V10 (All versions), SIMIT V11 (All versions < V11.1). Unified Automation .NET based OPC UA Server SDK before 3.2.2 used in Siemens products are affected by a similar vulnerability as documented in CVE-2023-27321 for the OPC Foundation UA .NET Standard implementation. A successful attack may lead to high load situation and memory exhaustion, and may block the server. SIMATIC Energy Manager provides users with a scalable, non-industry-specific energy data management system. SIMATIC IPC DiagBase diagnostic software identifies any potential faults on SIMATIC industrial computers at an early stage and helps to avoid or reduce system downtime. SIMATIC IPC DiagMonitor monitors, reports, visualizes and records the system status of SIMATIC industrial computers. It communicates with other systems and reacts when events occur. SIMIT Simluation Platform allows simulation of plant settings to predict faults in the early planning stage

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202407-0374",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "simatic ipc diagmonitor",
            "scope": null,
            "trust": 0.6,
            "vendor": "siemens",
            "version": null
          },
          {
            "model": "simatic ipc diagbase",
            "scope": null,
            "trust": 0.6,
            "vendor": "siemens",
            "version": null
          },
          {
            "model": "simatic energy manager basic",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "siemens",
            "version": "v7.5"
          },
          {
            "model": "simatic energy manager pro",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "siemens",
            "version": "v7.5"
          },
          {
            "model": "simit",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "siemens",
            "version": "v10"
          },
          {
            "model": "simit",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "siemens",
            "version": "v11\u003cv11.1"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-31238"
          }
        ]
      },
      "cve": "CVE-2023-52891",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2024-31238",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "productcert@siemens.com",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2023-52891",
                "impactScore": 1.4,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "productcert@siemens.com",
                "id": "CVE-2023-52891",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2024-31238",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-31238"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-52891"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions \u003c V7.5), SIMATIC Energy Manager PRO (All versions \u003c V7.5), SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions), SIMIT V10 (All versions), SIMIT V11 (All versions \u003c V11.1). Unified Automation .NET based OPC UA Server SDK before 3.2.2 used in Siemens products are affected by a similar vulnerability as documented in CVE-2023-27321 for the OPC Foundation UA .NET Standard implementation. A successful attack may lead to high load situation and memory exhaustion, and may block the server. SIMATIC Energy Manager provides users with a scalable, non-industry-specific energy data management system. SIMATIC IPC DiagBase diagnostic software identifies any potential faults on SIMATIC industrial computers at an early stage and helps to avoid or reduce system downtime. SIMATIC IPC DiagMonitor monitors, reports, visualizes and records the system status of SIMATIC industrial computers. It communicates with other systems and reacts when events occur. SIMIT Simluation Platform allows simulation of plant settings to predict faults in the early planning stage",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-52891"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-31238"
          }
        ],
        "trust": 1.44
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "SIEMENS",
            "id": "SSA-088132",
            "trust": 1.6
          },
          {
            "db": "NVD",
            "id": "CVE-2023-52891",
            "trust": 1.6
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-31238",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-31238"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-52891"
          }
        ]
      },
      "id": "VAR-202407-0374",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-31238"
          }
        ],
        "trust": 1.2089285775
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-31238"
          }
        ]
      },
      "last_update_date": "2024-08-14T14:01:08.148000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Patch for Siemens Industrial Products OPC UA Server Denial of Service Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/567721"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-31238"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-1325",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-52891"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-088132.html"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-31238"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-52891"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-31238"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-52891"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2024-07-10T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2024-31238"
          },
          {
            "date": "2024-07-09T12:15:11.263000",
            "db": "NVD",
            "id": "CVE-2023-52891"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2024-07-10T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2024-31238"
          },
          {
            "date": "2024-07-09T18:19:14.047000",
            "db": "NVD",
            "id": "CVE-2023-52891"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Siemens Industrial Products OPC UA Server Denial of Service Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-31238"
          }
        ],
        "trust": 0.6
      }
    }

    CVE-2023-52891 (GCVE-0-2023-52891)

    Vulnerability from nvd – Published: 2024-07-09 12:04 – Updated: 2025-08-27 20:42
    VLAI
    Summary
    A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.5), SIMATIC Energy Manager PRO (All versions < V7.5), SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions), SIMIT V10 (All versions), SIMIT V11 (All versions < V11.1). Unified Automation .NET based OPC UA Server SDK before 3.2.2 used in Siemens products are affected by a similar vulnerability as documented in CVE-2023-27321 for the OPC Foundation UA .NET Standard implementation. A successful attack may lead to high load situation and memory exhaustion, and may block the server.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1325 - Improperly Controlled Sequential Memory Allocation
    Assigner
    Impacted products
    Vendor Product Version
    Siemens SIMATIC Energy Manager Basic Affected: 0 , < V7.5 (custom)
    Create a notification for this product.
    Siemens SIMATIC Energy Manager PRO Affected: 0 , < V7.5 (custom)
    Create a notification for this product.
    Siemens SIMATIC IPC DiagBase Affected: 0 , < * (custom)
    Create a notification for this product.
    Siemens SIMATIC IPC DiagMonitor Affected: 0 , < * (custom)
    Create a notification for this product.
    Siemens SIMIT V10 Affected: 0 , < * (custom)
    Create a notification for this product.
    Siemens SIMIT V11 Affected: 0 , < V11.1 (custom)
    Create a notification for this product.
    siemens simatic_energy_manager_basic Affected: 0 , < V7.5 (custom)
        cpe:2.3:a:siemens:simatic_energy_manager_basic:*:*:*:*:*:*:*:*
    Create a notification for this product.
    siemens simatic_energy_manager_pro Affected: 0 , < V7.5 (custom)
        cpe:2.3:a:siemens:simatic_energy_manager_pro:*:*:*:*:*:*:*:*
    Create a notification for this product.
    siemens simatic_ipc_diagbase Affected: 0 , ≤ * (custom)
        cpe:2.3:h:siemens:simatic_ipc_diagbase:-:*:*:*:*:*:*:*
    Create a notification for this product.
    siemens simatic_ipc_diagmonitor Affected: 0 , ≤ * (custom)
        cpe:2.3:h:siemens:simatic_ipc_diagmonitor:-:*:*:*:*:*:*:*
    Create a notification for this product.
    siemens simit_v10 Affected: 0 , ≤ * (custom)
        cpe:2.3:a:siemens:simit_v10:*:*:*:*:*:*:*:*
    Create a notification for this product.
    siemens simit_v11 Affected: 0 , < V11.1 (custom)
        cpe:2.3:a:siemens:simit_v11:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:siemens:simatic_energy_manager_basic:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "simatic_energy_manager_basic",
                "vendor": "siemens",
                "versions": [
                  {
                    "lessThan": "V7.5",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:siemens:simatic_energy_manager_pro:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "simatic_energy_manager_pro",
                "vendor": "siemens",
                "versions": [
                  {
                    "lessThan": "V7.5",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:siemens:simatic_ipc_diagbase:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "simatic_ipc_diagbase",
                "vendor": "siemens",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:siemens:simatic_ipc_diagmonitor:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "simatic_ipc_diagmonitor",
                "vendor": "siemens",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:siemens:simit_v10:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "simit_v10",
                "vendor": "siemens",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:siemens:simit_v11:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "simit_v11",
                "vendor": "siemens",
                "versions": [
                  {
                    "lessThan": "V11.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-52891",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-09T13:26:14.481281Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-27T20:42:53.094Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:18:41.378Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-088132.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "SIMATIC Energy Manager Basic",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V7.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "SIMATIC Energy Manager PRO",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V7.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "SIMATIC IPC DiagBase",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "SIMATIC IPC DiagMonitor",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "SIMIT V10",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "SIMIT V11",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V11.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions \u003c V7.5), SIMATIC Energy Manager PRO (All versions \u003c V7.5), SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions), SIMIT V10 (All versions), SIMIT V11 (All versions \u003c V11.1). Unified Automation .NET based OPC UA Server SDK before 3.2.2 used in Siemens products are affected by a similar vulnerability as documented in CVE-2023-27321 for the OPC Foundation UA .NET Standard implementation. A successful attack may lead to high load situation and memory exhaustion, and may block the server."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1325",
                  "description": "CWE-1325: Improperly Controlled Sequential Memory Allocation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-09T12:04:42.619Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "url": "https://cert-portal.siemens.com/productcert/html/ssa-088132.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2023-52891",
        "datePublished": "2024-07-09T12:04:42.619Z",
        "dateReserved": "2024-06-21T15:06:40.772Z",
        "dateUpdated": "2025-08-27T20:42:53.094Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-23450 (GCVE-0-2022-23450)

    Vulnerability from nvd – Published: 2022-04-12 09:07 – Updated: 2024-08-03 03:43
    VLAI
    Summary
    A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.3 Update 1), SIMATIC Energy Manager PRO (All versions < V7.3 Update 1). The affected system allows remote users to send maliciously crafted objects. Due to insecure deserialization of user-supplied content by the affected software, an unauthenticated attacker could exploit this vulnerability by sending a maliciously crafted serialized object. This could allow the attacker to execute arbitrary code on the device with SYSTEM privileges.
    Severity
    No CVSS data available.
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    References
    Impacted products
    Vendor Product Version
    Siemens SIMATIC Energy Manager Basic Affected: All versions < V7.3 Update 1
    Create a notification for this product.
    Siemens SIMATIC Energy Manager PRO Affected: All versions < V7.3 Update 1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:43:45.971Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-655554.pdf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SIMATIC Energy Manager Basic",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V7.3 Update 1"
                }
              ]
            },
            {
              "product": "SIMATIC Energy Manager PRO",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V7.3 Update 1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions \u003c V7.3 Update 1), SIMATIC Energy Manager PRO (All versions \u003c V7.3 Update 1). The affected system allows remote users to send maliciously crafted objects. Due to insecure deserialization of user-supplied content by the affected software, an unauthenticated attacker could exploit this vulnerability by sending a maliciously crafted serialized object. This could allow the attacker to execute arbitrary code on the device with SYSTEM privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502: Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-12T09:07:38.000Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-655554.pdf"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "productcert@siemens.com",
              "ID": "CVE-2022-23450",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SIMATIC Energy Manager Basic",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions \u003c V7.3 Update 1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SIMATIC Energy Manager PRO",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions \u003c V7.3 Update 1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Siemens"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions \u003c V7.3 Update 1), SIMATIC Energy Manager PRO (All versions \u003c V7.3 Update 1). The affected system allows remote users to send maliciously crafted objects. Due to insecure deserialization of user-supplied content by the affected software, an unauthenticated attacker could exploit this vulnerability by sending a maliciously crafted serialized object. This could allow the attacker to execute arbitrary code on the device with SYSTEM privileges."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-502: Deserialization of Untrusted Data"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-655554.pdf",
                  "refsource": "MISC",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-655554.pdf"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2022-23450",
        "datePublished": "2022-04-12T09:07:38.000Z",
        "dateReserved": "2022-01-19T00:00:00.000Z",
        "dateUpdated": "2024-08-03T03:43:45.971Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-23449 (GCVE-0-2022-23449)

    Vulnerability from nvd – Published: 2022-04-12 09:07 – Updated: 2024-08-03 03:43
    VLAI
    Summary
    A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.3 Update 1), SIMATIC Energy Manager PRO (All versions < V7.3 Update 1). A DLL Hijacking vulnerability could allow a local attacker to execute code with elevated privileges by placing a malicious DLL in one of the directories on the DLL search path.
    Severity
    No CVSS data available.
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    References
    Impacted products
    Vendor Product Version
    Siemens SIMATIC Energy Manager Basic Affected: All versions < V7.3 Update 1
    Create a notification for this product.
    Siemens SIMATIC Energy Manager PRO Affected: All versions < V7.3 Update 1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:43:45.997Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-655554.pdf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SIMATIC Energy Manager Basic",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V7.3 Update 1"
                }
              ]
            },
            {
              "product": "SIMATIC Energy Manager PRO",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V7.3 Update 1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions \u003c V7.3 Update 1), SIMATIC Energy Manager PRO (All versions \u003c V7.3 Update 1). A DLL Hijacking vulnerability could allow a local attacker to execute code with elevated privileges by placing a malicious DLL in one of the directories on the DLL search path."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427: Uncontrolled Search Path Element",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-12T09:07:37.000Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-655554.pdf"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "productcert@siemens.com",
              "ID": "CVE-2022-23449",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SIMATIC Energy Manager Basic",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions \u003c V7.3 Update 1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SIMATIC Energy Manager PRO",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions \u003c V7.3 Update 1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Siemens"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions \u003c V7.3 Update 1), SIMATIC Energy Manager PRO (All versions \u003c V7.3 Update 1). A DLL Hijacking vulnerability could allow a local attacker to execute code with elevated privileges by placing a malicious DLL in one of the directories on the DLL search path."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-427: Uncontrolled Search Path Element"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-655554.pdf",
                  "refsource": "MISC",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-655554.pdf"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2022-23449",
        "datePublished": "2022-04-12T09:07:37.000Z",
        "dateReserved": "2022-01-19T00:00:00.000Z",
        "dateUpdated": "2024-08-03T03:43:45.997Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-23448 (GCVE-0-2022-23448)

    Vulnerability from nvd – Published: 2022-04-12 09:07 – Updated: 2024-08-03 03:43
    VLAI
    Summary
    A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.3 Update 1), SIMATIC Energy Manager PRO (All versions < V7.3 Update 1). Affected applications improperly assign permissions to critical directories and files used by the application processes. This could allow a local unprivileged attacker to achieve code execution with ADMINISTRATOR or even NT AUTHORITY/SYSTEM privileges.
    Severity
    No CVSS data available.
    CWE
    • CWE-732 - Incorrect Permission Assignment for Critical Resource
    Assigner
    References
    Impacted products
    Vendor Product Version
    Siemens SIMATIC Energy Manager Basic Affected: All versions < V7.3 Update 1
    Create a notification for this product.
    Siemens SIMATIC Energy Manager PRO Affected: All versions < V7.3 Update 1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:43:45.944Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-655554.pdf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SIMATIC Energy Manager Basic",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V7.3 Update 1"
                }
              ]
            },
            {
              "product": "SIMATIC Energy Manager PRO",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V7.3 Update 1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions \u003c V7.3 Update 1), SIMATIC Energy Manager PRO (All versions \u003c V7.3 Update 1). Affected applications improperly assign permissions to critical directories and files used by the application processes. This could allow a local unprivileged attacker to achieve code execution with ADMINISTRATOR or even NT AUTHORITY/SYSTEM privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-732",
                  "description": "CWE-732: Incorrect Permission Assignment for Critical Resource",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-12T09:07:35.000Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-655554.pdf"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "productcert@siemens.com",
              "ID": "CVE-2022-23448",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SIMATIC Energy Manager Basic",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions \u003c V7.3 Update 1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SIMATIC Energy Manager PRO",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions \u003c V7.3 Update 1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Siemens"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions \u003c V7.3 Update 1), SIMATIC Energy Manager PRO (All versions \u003c V7.3 Update 1). Affected applications improperly assign permissions to critical directories and files used by the application processes. This could allow a local unprivileged attacker to achieve code execution with ADMINISTRATOR or even NT AUTHORITY/SYSTEM privileges."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-732: Incorrect Permission Assignment for Critical Resource"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-655554.pdf",
                  "refsource": "MISC",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-655554.pdf"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2022-23448",
        "datePublished": "2022-04-12T09:07:35.000Z",
        "dateReserved": "2022-01-19T00:00:00.000Z",
        "dateUpdated": "2024-08-03T03:43:45.944Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-52891 (GCVE-0-2023-52891)

    Vulnerability from cvelistv5 – Published: 2024-07-09 12:04 – Updated: 2025-08-27 20:42
    VLAI
    Summary
    A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.5), SIMATIC Energy Manager PRO (All versions < V7.5), SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions), SIMIT V10 (All versions), SIMIT V11 (All versions < V11.1). Unified Automation .NET based OPC UA Server SDK before 3.2.2 used in Siemens products are affected by a similar vulnerability as documented in CVE-2023-27321 for the OPC Foundation UA .NET Standard implementation. A successful attack may lead to high load situation and memory exhaustion, and may block the server.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1325 - Improperly Controlled Sequential Memory Allocation
    Assigner
    Impacted products
    Vendor Product Version
    Siemens SIMATIC Energy Manager Basic Affected: 0 , < V7.5 (custom)
    Create a notification for this product.
    Siemens SIMATIC Energy Manager PRO Affected: 0 , < V7.5 (custom)
    Create a notification for this product.
    Siemens SIMATIC IPC DiagBase Affected: 0 , < * (custom)
    Create a notification for this product.
    Siemens SIMATIC IPC DiagMonitor Affected: 0 , < * (custom)
    Create a notification for this product.
    Siemens SIMIT V10 Affected: 0 , < * (custom)
    Create a notification for this product.
    Siemens SIMIT V11 Affected: 0 , < V11.1 (custom)
    Create a notification for this product.
    siemens simatic_energy_manager_basic Affected: 0 , < V7.5 (custom)
        cpe:2.3:a:siemens:simatic_energy_manager_basic:*:*:*:*:*:*:*:*
    Create a notification for this product.
    siemens simatic_energy_manager_pro Affected: 0 , < V7.5 (custom)
        cpe:2.3:a:siemens:simatic_energy_manager_pro:*:*:*:*:*:*:*:*
    Create a notification for this product.
    siemens simatic_ipc_diagbase Affected: 0 , ≤ * (custom)
        cpe:2.3:h:siemens:simatic_ipc_diagbase:-:*:*:*:*:*:*:*
    Create a notification for this product.
    siemens simatic_ipc_diagmonitor Affected: 0 , ≤ * (custom)
        cpe:2.3:h:siemens:simatic_ipc_diagmonitor:-:*:*:*:*:*:*:*
    Create a notification for this product.
    siemens simit_v10 Affected: 0 , ≤ * (custom)
        cpe:2.3:a:siemens:simit_v10:*:*:*:*:*:*:*:*
    Create a notification for this product.
    siemens simit_v11 Affected: 0 , < V11.1 (custom)
        cpe:2.3:a:siemens:simit_v11:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:siemens:simatic_energy_manager_basic:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "simatic_energy_manager_basic",
                "vendor": "siemens",
                "versions": [
                  {
                    "lessThan": "V7.5",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:siemens:simatic_energy_manager_pro:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "simatic_energy_manager_pro",
                "vendor": "siemens",
                "versions": [
                  {
                    "lessThan": "V7.5",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:siemens:simatic_ipc_diagbase:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "simatic_ipc_diagbase",
                "vendor": "siemens",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:siemens:simatic_ipc_diagmonitor:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "simatic_ipc_diagmonitor",
                "vendor": "siemens",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:siemens:simit_v10:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "simit_v10",
                "vendor": "siemens",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:siemens:simit_v11:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "simit_v11",
                "vendor": "siemens",
                "versions": [
                  {
                    "lessThan": "V11.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-52891",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-09T13:26:14.481281Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-27T20:42:53.094Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:18:41.378Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-088132.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "SIMATIC Energy Manager Basic",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V7.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "SIMATIC Energy Manager PRO",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V7.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "SIMATIC IPC DiagBase",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "SIMATIC IPC DiagMonitor",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "SIMIT V10",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "SIMIT V11",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V11.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions \u003c V7.5), SIMATIC Energy Manager PRO (All versions \u003c V7.5), SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions), SIMIT V10 (All versions), SIMIT V11 (All versions \u003c V11.1). Unified Automation .NET based OPC UA Server SDK before 3.2.2 used in Siemens products are affected by a similar vulnerability as documented in CVE-2023-27321 for the OPC Foundation UA .NET Standard implementation. A successful attack may lead to high load situation and memory exhaustion, and may block the server."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1325",
                  "description": "CWE-1325: Improperly Controlled Sequential Memory Allocation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-09T12:04:42.619Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "url": "https://cert-portal.siemens.com/productcert/html/ssa-088132.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2023-52891",
        "datePublished": "2024-07-09T12:04:42.619Z",
        "dateReserved": "2024-06-21T15:06:40.772Z",
        "dateUpdated": "2025-08-27T20:42:53.094Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-23450 (GCVE-0-2022-23450)

    Vulnerability from cvelistv5 – Published: 2022-04-12 09:07 – Updated: 2024-08-03 03:43
    VLAI
    Summary
    A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.3 Update 1), SIMATIC Energy Manager PRO (All versions < V7.3 Update 1). The affected system allows remote users to send maliciously crafted objects. Due to insecure deserialization of user-supplied content by the affected software, an unauthenticated attacker could exploit this vulnerability by sending a maliciously crafted serialized object. This could allow the attacker to execute arbitrary code on the device with SYSTEM privileges.
    Severity
    No CVSS data available.
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    References
    Impacted products
    Vendor Product Version
    Siemens SIMATIC Energy Manager Basic Affected: All versions < V7.3 Update 1
    Create a notification for this product.
    Siemens SIMATIC Energy Manager PRO Affected: All versions < V7.3 Update 1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:43:45.971Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-655554.pdf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SIMATIC Energy Manager Basic",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V7.3 Update 1"
                }
              ]
            },
            {
              "product": "SIMATIC Energy Manager PRO",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V7.3 Update 1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions \u003c V7.3 Update 1), SIMATIC Energy Manager PRO (All versions \u003c V7.3 Update 1). The affected system allows remote users to send maliciously crafted objects. Due to insecure deserialization of user-supplied content by the affected software, an unauthenticated attacker could exploit this vulnerability by sending a maliciously crafted serialized object. This could allow the attacker to execute arbitrary code on the device with SYSTEM privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502: Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-12T09:07:38.000Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-655554.pdf"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "productcert@siemens.com",
              "ID": "CVE-2022-23450",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SIMATIC Energy Manager Basic",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions \u003c V7.3 Update 1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SIMATIC Energy Manager PRO",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions \u003c V7.3 Update 1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Siemens"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions \u003c V7.3 Update 1), SIMATIC Energy Manager PRO (All versions \u003c V7.3 Update 1). The affected system allows remote users to send maliciously crafted objects. Due to insecure deserialization of user-supplied content by the affected software, an unauthenticated attacker could exploit this vulnerability by sending a maliciously crafted serialized object. This could allow the attacker to execute arbitrary code on the device with SYSTEM privileges."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-502: Deserialization of Untrusted Data"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-655554.pdf",
                  "refsource": "MISC",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-655554.pdf"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2022-23450",
        "datePublished": "2022-04-12T09:07:38.000Z",
        "dateReserved": "2022-01-19T00:00:00.000Z",
        "dateUpdated": "2024-08-03T03:43:45.971Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-23449 (GCVE-0-2022-23449)

    Vulnerability from cvelistv5 – Published: 2022-04-12 09:07 – Updated: 2024-08-03 03:43
    VLAI
    Summary
    A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.3 Update 1), SIMATIC Energy Manager PRO (All versions < V7.3 Update 1). A DLL Hijacking vulnerability could allow a local attacker to execute code with elevated privileges by placing a malicious DLL in one of the directories on the DLL search path.
    Severity
    No CVSS data available.
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    References
    Impacted products
    Vendor Product Version
    Siemens SIMATIC Energy Manager Basic Affected: All versions < V7.3 Update 1
    Create a notification for this product.
    Siemens SIMATIC Energy Manager PRO Affected: All versions < V7.3 Update 1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:43:45.997Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-655554.pdf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SIMATIC Energy Manager Basic",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V7.3 Update 1"
                }
              ]
            },
            {
              "product": "SIMATIC Energy Manager PRO",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V7.3 Update 1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions \u003c V7.3 Update 1), SIMATIC Energy Manager PRO (All versions \u003c V7.3 Update 1). A DLL Hijacking vulnerability could allow a local attacker to execute code with elevated privileges by placing a malicious DLL in one of the directories on the DLL search path."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427: Uncontrolled Search Path Element",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-12T09:07:37.000Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-655554.pdf"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "productcert@siemens.com",
              "ID": "CVE-2022-23449",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SIMATIC Energy Manager Basic",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions \u003c V7.3 Update 1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SIMATIC Energy Manager PRO",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions \u003c V7.3 Update 1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Siemens"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions \u003c V7.3 Update 1), SIMATIC Energy Manager PRO (All versions \u003c V7.3 Update 1). A DLL Hijacking vulnerability could allow a local attacker to execute code with elevated privileges by placing a malicious DLL in one of the directories on the DLL search path."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-427: Uncontrolled Search Path Element"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-655554.pdf",
                  "refsource": "MISC",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-655554.pdf"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2022-23449",
        "datePublished": "2022-04-12T09:07:37.000Z",
        "dateReserved": "2022-01-19T00:00:00.000Z",
        "dateUpdated": "2024-08-03T03:43:45.997Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-23448 (GCVE-0-2022-23448)

    Vulnerability from cvelistv5 – Published: 2022-04-12 09:07 – Updated: 2024-08-03 03:43
    VLAI
    Summary
    A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.3 Update 1), SIMATIC Energy Manager PRO (All versions < V7.3 Update 1). Affected applications improperly assign permissions to critical directories and files used by the application processes. This could allow a local unprivileged attacker to achieve code execution with ADMINISTRATOR or even NT AUTHORITY/SYSTEM privileges.
    Severity
    No CVSS data available.
    CWE
    • CWE-732 - Incorrect Permission Assignment for Critical Resource
    Assigner
    References
    Impacted products
    Vendor Product Version
    Siemens SIMATIC Energy Manager Basic Affected: All versions < V7.3 Update 1
    Create a notification for this product.
    Siemens SIMATIC Energy Manager PRO Affected: All versions < V7.3 Update 1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:43:45.944Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-655554.pdf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SIMATIC Energy Manager Basic",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V7.3 Update 1"
                }
              ]
            },
            {
              "product": "SIMATIC Energy Manager PRO",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V7.3 Update 1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions \u003c V7.3 Update 1), SIMATIC Energy Manager PRO (All versions \u003c V7.3 Update 1). Affected applications improperly assign permissions to critical directories and files used by the application processes. This could allow a local unprivileged attacker to achieve code execution with ADMINISTRATOR or even NT AUTHORITY/SYSTEM privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-732",
                  "description": "CWE-732: Incorrect Permission Assignment for Critical Resource",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-12T09:07:35.000Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-655554.pdf"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "productcert@siemens.com",
              "ID": "CVE-2022-23448",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SIMATIC Energy Manager Basic",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions \u003c V7.3 Update 1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SIMATIC Energy Manager PRO",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions \u003c V7.3 Update 1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Siemens"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions \u003c V7.3 Update 1), SIMATIC Energy Manager PRO (All versions \u003c V7.3 Update 1). Affected applications improperly assign permissions to critical directories and files used by the application processes. This could allow a local unprivileged attacker to achieve code execution with ADMINISTRATOR or even NT AUTHORITY/SYSTEM privileges."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-732: Incorrect Permission Assignment for Critical Resource"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-655554.pdf",
                  "refsource": "MISC",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-655554.pdf"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2022-23448",
        "datePublished": "2022-04-12T09:07:35.000Z",
        "dateReserved": "2022-01-19T00:00:00.000Z",
        "dateUpdated": "2024-08-03T03:43:45.944Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }