Search

Find a vulnerability

Search criteria

    34 vulnerabilities found for opcenter_quality by siemens

    CVE-2024-41986 (GCVE-0-2024-41986)

    Vulnerability from nvd – Published: 2025-08-12 11:16 – Updated: 2025-08-12 19:16
    VLAI
    Summary
    A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506). The affected application support insecure TLS 1.0 and 1.1 protocol. An attacker could achieve a man-in-the-middle attack and compromise confidentiality and integrity of data.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-41986",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-12T19:16:25.144706Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-12T19:16:56.687Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "SmartClient modules Opcenter QL Home (SC)",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2506",
                  "status": "affected",
                  "version": "V13.2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "SOA Audit",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2506",
                  "status": "affected",
                  "version": "V13.2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "SOA Cockpit",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2506",
                  "status": "affected",
                  "version": "V13.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions \u003e= V13.2 \u003c V2506), SOA Audit (All versions \u003e= V13.2 \u003c V2506), SOA Cockpit (All versions \u003e= V13.2 \u003c V2506). The affected application support insecure TLS 1.0 and 1.1 protocol. An attacker could achieve a man-in-the-middle attack and compromise confidentiality and integrity of data."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
                "version": "3.1"
              }
            },
            {
              "cvssV4_0": {
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-327",
                  "description": "CWE-327: Use of a Broken or Risky Cryptographic Algorithm",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-12T11:16:42.595Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "url": "https://cert-portal.siemens.com/productcert/html/ssa-382999.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2024-41986",
        "datePublished": "2025-08-12T11:16:42.595Z",
        "dateReserved": "2024-07-25T12:46:30.322Z",
        "dateUpdated": "2025-08-12T19:16:56.687Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-41985 (GCVE-0-2024-41985)

    Vulnerability from nvd – Published: 2025-08-12 11:16 – Updated: 2025-08-12 19:25
    VLAI
    Summary
    A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506). The affected application does not expire the session without logout. This could allow an attacker to get unauthorized access if the session is left idle.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-613 - Insufficient Session Expiration
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-41985",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-12T19:24:10.939392Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-12T19:25:28.707Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "SmartClient modules Opcenter QL Home (SC)",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2506",
                  "status": "affected",
                  "version": "V13.2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "SOA Audit",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2506",
                  "status": "affected",
                  "version": "V13.2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "SOA Cockpit",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2506",
                  "status": "affected",
                  "version": "V13.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions \u003e= V13.2 \u003c V2506), SOA Audit (All versions \u003e= V13.2 \u003c V2506), SOA Cockpit (All versions \u003e= V13.2 \u003c V2506). The affected application does not expire the session without logout. This could allow an attacker to get unauthorized access if the session is left idle."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 2.6,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            },
            {
              "cvssV4_0": {
                "baseScore": 2.1,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-613",
                  "description": "CWE-613: Insufficient Session Expiration",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-12T11:16:41.301Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "url": "https://cert-portal.siemens.com/productcert/html/ssa-382999.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2024-41985",
        "datePublished": "2025-08-12T11:16:41.301Z",
        "dateReserved": "2024-07-25T12:46:30.322Z",
        "dateUpdated": "2025-08-12T19:25:28.707Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-41984 (GCVE-0-2024-41984)

    Vulnerability from nvd – Published: 2025-08-12 11:16 – Updated: 2025-08-12 19:33
    VLAI
    Summary
    A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506). The affected application improperly handles error while accessing an inaccessible resource leading to exposing the system applications.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-209 - Generation of Error Message Containing Sensitive Information
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-41984",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-12T19:32:49.960577Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-12T19:33:52.329Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "SmartClient modules Opcenter QL Home (SC)",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2506",
                  "status": "affected",
                  "version": "V13.2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "SOA Audit",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2506",
                  "status": "affected",
                  "version": "V13.2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "SOA Cockpit",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2506",
                  "status": "affected",
                  "version": "V13.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions \u003e= V13.2 \u003c V2506), SOA Audit (All versions \u003e= V13.2 \u003c V2506), SOA Cockpit (All versions \u003e= V13.2 \u003c V2506). The affected application improperly handles error while accessing an inaccessible resource leading to exposing the system applications."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 2.6,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            {
              "cvssV4_0": {
                "baseScore": 2.1,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-209",
                  "description": "CWE-209: Generation of Error Message Containing Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-12T11:16:39.989Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "url": "https://cert-portal.siemens.com/productcert/html/ssa-382999.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2024-41984",
        "datePublished": "2025-08-12T11:16:39.989Z",
        "dateReserved": "2024-07-25T12:46:30.322Z",
        "dateUpdated": "2025-08-12T19:33:52.329Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-41983 (GCVE-0-2024-41983)

    Vulnerability from nvd – Published: 2025-08-12 11:16 – Updated: 2025-08-12 19:47
    VLAI
    Summary
    A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506). The affected application displays SQL statement in the error messages encountered during the generation of reports using Cockpit tool.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-209 - Generation of Error Message Containing Sensitive Information
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-41983",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-12T19:45:04.629537Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-12T19:47:22.459Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "SmartClient modules Opcenter QL Home (SC)",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2506",
                  "status": "affected",
                  "version": "V13.2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "SOA Audit",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2506",
                  "status": "affected",
                  "version": "V13.2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "SOA Cockpit",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2506",
                  "status": "affected",
                  "version": "V13.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions \u003e= V13.2 \u003c V2506), SOA Audit (All versions \u003e= V13.2 \u003c V2506), SOA Cockpit (All versions \u003e= V13.2 \u003c V2506). The affected application displays SQL statement in the error messages encountered during the generation of reports using Cockpit tool."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            {
              "cvssV4_0": {
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-209",
                  "description": "CWE-209: Generation of Error Message Containing Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-12T11:16:38.616Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "url": "https://cert-portal.siemens.com/productcert/html/ssa-382999.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2024-41983",
        "datePublished": "2025-08-12T11:16:38.616Z",
        "dateReserved": "2024-07-25T12:46:30.322Z",
        "dateUpdated": "2025-08-12T19:47:22.459Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-41982 (GCVE-0-2024-41982)

    Vulnerability from nvd – Published: 2025-08-12 11:16 – Updated: 2025-08-12 15:53
    VLAI
    Summary
    A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506). The affected application does not have adequate encryption of sensitive information. This could allow an authenticated attacker to gain access of sensitive information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-311 - Missing Encryption of Sensitive Data
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-41982",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-12T15:53:08.764312Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-12T15:53:21.980Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "SmartClient modules Opcenter QL Home (SC)",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2506",
                  "status": "affected",
                  "version": "V13.2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "SOA Audit",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2506",
                  "status": "affected",
                  "version": "V13.2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "SOA Cockpit",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2506",
                  "status": "affected",
                  "version": "V13.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions \u003e= V13.2 \u003c V2506), SOA Audit (All versions \u003e= V13.2 \u003c V2506), SOA Cockpit (All versions \u003e= V13.2 \u003c V2506). The affected application does not have adequate encryption of sensitive information. This could allow an authenticated attacker to gain access of sensitive information."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
                "version": "3.1"
              }
            },
            {
              "cvssV4_0": {
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-311",
                  "description": "CWE-311: Missing Encryption of Sensitive Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-12T11:16:37.292Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "url": "https://cert-portal.siemens.com/productcert/html/ssa-382999.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2024-41982",
        "datePublished": "2025-08-12T11:16:37.292Z",
        "dateReserved": "2024-07-25T12:46:30.322Z",
        "dateUpdated": "2025-08-12T15:53:21.980Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-41980 (GCVE-0-2024-41980)

    Vulnerability from nvd – Published: 2025-08-12 11:16 – Updated: 2025-08-12 15:54
    VLAI
    Summary
    A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506). The affected application do not encrypt the communication in LDAP interface by default. This could allow an authenticated attacker to gain unauthorized access to sensitive information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-311 - Missing Encryption of Sensitive Data
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-41980",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-12T15:53:40.030449Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-12T15:54:00.509Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "SmartClient modules Opcenter QL Home (SC)",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2506",
                  "status": "affected",
                  "version": "V13.2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "SOA Audit",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2506",
                  "status": "affected",
                  "version": "V13.2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "SOA Cockpit",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2506",
                  "status": "affected",
                  "version": "V13.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions \u003e= V13.2 \u003c V2506), SOA Audit (All versions \u003e= V13.2 \u003c V2506), SOA Cockpit (All versions \u003e= V13.2 \u003c V2506). The affected application do not encrypt the communication in LDAP interface by default. This could allow an authenticated attacker to gain unauthorized access to sensitive information."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 3.1,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              }
            },
            {
              "cvssV4_0": {
                "baseScore": 2,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-311",
                  "description": "CWE-311: Missing Encryption of Sensitive Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-12T11:16:35.999Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "url": "https://cert-portal.siemens.com/productcert/html/ssa-382999.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2024-41980",
        "datePublished": "2025-08-12T11:16:35.999Z",
        "dateReserved": "2024-07-25T12:46:30.322Z",
        "dateUpdated": "2025-08-12T15:54:00.509Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-41979 (GCVE-0-2024-41979)

    Vulnerability from nvd – Published: 2025-08-12 11:16 – Updated: 2025-08-12 15:54
    VLAI
    Summary
    A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506). The affected application does not enforce mandatory authorization on some functionality level at server side. This could allow an authenticated attacker to gain complete access of the application.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-41979",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-12T15:54:24.954678Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-12T15:54:33.400Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "SmartClient modules Opcenter QL Home (SC)",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2506",
                  "status": "affected",
                  "version": "V13.2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "SOA Audit",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2506",
                  "status": "affected",
                  "version": "V13.2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "SOA Cockpit",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2506",
                  "status": "affected",
                  "version": "V13.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions \u003e= V13.2 \u003c V2506), SOA Audit (All versions \u003e= V13.2 \u003c V2506), SOA Cockpit (All versions \u003e= V13.2 \u003c V2506). The affected application does not enforce mandatory authorization on some functionality level at server side. This could allow an authenticated attacker to gain complete access of the application."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV4_0": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863: Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-12T11:16:34.660Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "url": "https://cert-portal.siemens.com/productcert/html/ssa-382999.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2024-41979",
        "datePublished": "2025-08-12T11:16:34.660Z",
        "dateReserved": "2024-07-25T12:46:30.321Z",
        "dateUpdated": "2025-08-12T15:54:33.400Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-46285 (GCVE-0-2023-46285)

    Vulnerability from nvd – Published: 2023-12-12 11:27 – Updated: 2025-05-24 10:24
    VLAI
    Summary
    A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an improper input validation vulnerability that could allow an attacker to bring the service into a Denial-of-Service state by sending a specifically crafted message to 4004/tcp. The corresponding service is auto-restarted after the crash is detected by a watchdog.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T20:45:40.610Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-999588.pdf"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-999588.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-46285",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-01-20T05:00:31.916630Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-24T10:24:30.154Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Opcenter Execution Foundation",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2407",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Opcenter Quality",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2312",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "SIMATIC PCS neo",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V4.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "SINEC NMS",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.0 SP1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Totally Integrated Automation Portal (TIA Portal) V14",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Totally Integrated Automation Portal (TIA Portal) V15.1",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Totally Integrated Automation Portal (TIA Portal) V16",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Totally Integrated Automation Portal (TIA Portal) V17",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V17 Update 8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Totally Integrated Automation Portal (TIA Portal) V18",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V18 Update 3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in Opcenter Execution Foundation (All versions \u003c V2407), Opcenter Quality (All versions \u003c V2312), SIMATIC PCS neo (All versions \u003c V4.1), SINEC NMS (All versions \u003c V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions \u003c V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions \u003c V18 Update 3). The affected application contains an improper input validation vulnerability that could allow an attacker to bring the service into a Denial-of-Service state by sending a specifically crafted message to 4004/tcp. The corresponding service is auto-restarted after the crash is detected by a watchdog."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20: Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-14T10:29:55.697Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-999588.pdf"
            },
            {
              "url": "https://cert-portal.siemens.com/productcert/html/ssa-999588.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2023-46285",
        "datePublished": "2023-12-12T11:27:17.080Z",
        "dateReserved": "2023-10-20T10:29:46.260Z",
        "dateUpdated": "2025-05-24T10:24:30.154Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-46284 (GCVE-0-2023-46284)

    Vulnerability from nvd – Published: 2023-12-12 11:27 – Updated: 2026-02-25 16:34
    VLAI
    Summary
    A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer when handling specific requests on port 4002/tcp and 4004/tcp. This could allow an attacker to crash the application. The corresponding service is auto-restarted after the crash.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T20:45:40.702Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-999588.pdf"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-999588.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-46284",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-01-20T05:00:31.197555Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-25T16:34:35.352Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Opcenter Execution Foundation",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2407",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Opcenter Quality",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2312",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "SIMATIC PCS neo",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V4.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "SINEC NMS",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.0 SP1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Totally Integrated Automation Portal (TIA Portal) V14",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Totally Integrated Automation Portal (TIA Portal) V15.1",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Totally Integrated Automation Portal (TIA Portal) V16",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Totally Integrated Automation Portal (TIA Portal) V17",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V17 Update 8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Totally Integrated Automation Portal (TIA Portal) V18",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V18 Update 3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in Opcenter Execution Foundation (All versions \u003c V2407), Opcenter Quality (All versions \u003c V2312), SIMATIC PCS neo (All versions \u003c V4.1), SINEC NMS (All versions \u003c V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions \u003c V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions \u003c V18 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer when handling specific requests on port 4002/tcp and 4004/tcp. This could allow an attacker to crash the application. The corresponding service is auto-restarted after the crash."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-14T10:29:54.329Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-999588.pdf"
            },
            {
              "url": "https://cert-portal.siemens.com/productcert/html/ssa-999588.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2023-46284",
        "datePublished": "2023-12-12T11:27:15.737Z",
        "dateReserved": "2023-10-20T10:29:46.260Z",
        "dateUpdated": "2026-02-25T16:34:35.352Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-46283 (GCVE-0-2023-46283)

    Vulnerability from nvd – Published: 2023-12-12 11:27 – Updated: 2025-01-14 10:29
    VLAI
    Summary
    A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer when handling specific requests on port 4002/tcp. This could allow an attacker to crash the application. The corresponding service is auto-restarted after the crash.
    CWE
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T20:45:40.675Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-999588.pdf"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-999588.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Opcenter Execution Foundation",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2407",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Opcenter Quality",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2312",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "SIMATIC PCS neo",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V4.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "SINEC NMS",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.0 SP1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Totally Integrated Automation Portal (TIA Portal) V14",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Totally Integrated Automation Portal (TIA Portal) V15.1",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Totally Integrated Automation Portal (TIA Portal) V16",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Totally Integrated Automation Portal (TIA Portal) V17",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V17 Update 8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Totally Integrated Automation Portal (TIA Portal) V18",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V18 Update 3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in Opcenter Execution Foundation (All versions \u003c V2407), Opcenter Quality (All versions \u003c V2312), SIMATIC PCS neo (All versions \u003c V4.1), SINEC NMS (All versions \u003c V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions \u003c V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions \u003c V18 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer when handling specific requests on port 4002/tcp. This could allow an attacker to crash the application. The corresponding service is auto-restarted after the crash."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-14T10:29:52.922Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-999588.pdf"
            },
            {
              "url": "https://cert-portal.siemens.com/productcert/html/ssa-999588.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2023-46283",
        "datePublished": "2023-12-12T11:27:14.437Z",
        "dateReserved": "2023-10-20T10:29:46.260Z",
        "dateUpdated": "2025-01-14T10:29:52.922Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-46282 (GCVE-0-2023-46282)

    Vulnerability from nvd – Published: 2023-12-12 11:27 – Updated: 2025-01-14 10:29
    VLAI
    Summary
    A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected applications that could allow an attacker to inject arbitrary JavaScript code. The code could be potentially executed later by another (possibly privileged) user.
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T20:37:40.314Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-999588.pdf"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-999588.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Opcenter Execution Foundation",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2407",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Opcenter Quality",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2312",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "SIMATIC PCS neo",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V4.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "SINEC NMS",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.0 SP1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Totally Integrated Automation Portal (TIA Portal) V14",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Totally Integrated Automation Portal (TIA Portal) V15.1",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Totally Integrated Automation Portal (TIA Portal) V16",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Totally Integrated Automation Portal (TIA Portal) V17",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V17 Update 8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Totally Integrated Automation Portal (TIA Portal) V18",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V18 Update 3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in Opcenter Execution Foundation (All versions \u003c V2407), Opcenter Quality (All versions \u003c V2312), SIMATIC PCS neo (All versions \u003c V4.1), SINEC NMS (All versions \u003c V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions \u003c V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions \u003c V18 Update 3). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected applications that could allow an attacker to inject arbitrary JavaScript code. The code could be potentially executed later by another (possibly privileged) user."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-14T10:29:51.618Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-999588.pdf"
            },
            {
              "url": "https://cert-portal.siemens.com/productcert/html/ssa-999588.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2023-46282",
        "datePublished": "2023-12-12T11:27:13.134Z",
        "dateReserved": "2023-10-20T10:29:46.260Z",
        "dateUpdated": "2025-01-14T10:29:51.618Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-46281 (GCVE-0-2023-46281)

    Vulnerability from nvd – Published: 2023-12-12 11:27 – Updated: 2025-01-14 10:29
    VLAI
    Summary
    A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). When accessing the UMC Web-UI from affected products, UMC uses an overly permissive CORS policy. This could allow an attacker to trick a legitimate user to trigger unwanted behavior.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-942 - Permissive Cross-domain Policy with Untrusted Domains
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T20:37:40.334Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-999588.pdf"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-999588.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-46281",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-08T14:41:24.487753Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-08T14:41:45.644Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Opcenter Execution Foundation",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2407",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Opcenter Quality",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2312",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "SIMATIC PCS neo",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V4.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "SINEC NMS",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.0 SP1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Totally Integrated Automation Portal (TIA Portal) V14",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Totally Integrated Automation Portal (TIA Portal) V15.1",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Totally Integrated Automation Portal (TIA Portal) V16",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Totally Integrated Automation Portal (TIA Portal) V17",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V17 Update 8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Totally Integrated Automation Portal (TIA Portal) V18",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V18 Update 3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in Opcenter Execution Foundation (All versions \u003c V2407), Opcenter Quality (All versions \u003c V2312), SIMATIC PCS neo (All versions \u003c V4.1), SINEC NMS (All versions \u003c V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions \u003c V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions \u003c V18 Update 3). When accessing the UMC Web-UI from affected products, UMC uses an overly permissive CORS policy. This could allow an attacker to trick a legitimate user to trigger unwanted behavior."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-942",
                  "description": "CWE-942: Permissive Cross-domain Policy with Untrusted Domains",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-14T10:29:50.318Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-999588.pdf"
            },
            {
              "url": "https://cert-portal.siemens.com/productcert/html/ssa-999588.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2023-46281",
        "datePublished": "2023-12-12T11:27:11.796Z",
        "dateReserved": "2023-10-20T10:29:46.259Z",
        "dateUpdated": "2025-01-14T10:29:50.318Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-33736 (GCVE-0-2022-33736)

    Vulnerability from nvd – Published: 2022-07-12 10:06 – Updated: 2024-08-03 08:09
    VLAI
    Summary
    A vulnerability has been identified in Opcenter Quality V13.1 (All versions < V13.1.20220624), Opcenter Quality V13.2 (All versions < V13.2.20220624). The affected applications do not properly validate login information during authentication. This could lead to denial of service condition for existing users or allow unauthenticated remote attackers to successfully login without credentials.
    Severity
    No CVSS data available.
    CWE
    • CWE-303 - Incorrect Implementation of Authentication Algorithm
    Assigner
    References
    Impacted products
    Vendor Product Version
    Siemens Opcenter Quality V13.1 Affected: All versions < V13.1.20220624
    Create a notification for this product.
    Siemens Opcenter Quality V13.2 Affected: All versions < V13.2.20220624
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T08:09:22.656Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-944952.pdf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Opcenter Quality V13.1",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions  \u003c V13.1.20220624"
                }
              ]
            },
            {
              "product": "Opcenter Quality V13.2",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V13.2.20220624"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in Opcenter Quality V13.1 (All versions \u003c V13.1.20220624), Opcenter Quality V13.2 (All versions \u003c V13.2.20220624). The affected applications do not properly validate login information during authentication. This could lead to denial of service condition for existing users or allow unauthenticated remote attackers to successfully login without credentials."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-303",
                  "description": "CWE-303: Incorrect Implementation of Authentication Algorithm",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-12T10:06:47.000Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-944952.pdf"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "productcert@siemens.com",
              "ID": "CVE-2022-33736",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Opcenter Quality V13.1",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions  \u003c V13.1.20220624"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Opcenter Quality V13.2",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions \u003c V13.2.20220624"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Siemens"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability has been identified in Opcenter Quality V13.1 (All versions \u003c V13.1.20220624), Opcenter Quality V13.2 (All versions \u003c V13.2.20220624). The affected applications do not properly validate login information during authentication. This could lead to denial of service condition for existing users or allow unauthenticated remote attackers to successfully login without credentials."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-303: Incorrect Implementation of Authentication Algorithm"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-944952.pdf",
                  "refsource": "MISC",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-944952.pdf"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2022-33736",
        "datePublished": "2022-07-12T10:06:47.000Z",
        "dateReserved": "2022-06-15T00:00:00.000Z",
        "dateUpdated": "2024-08-03T08:09:22.656Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-27389 (GCVE-0-2021-27389)

    Vulnerability from nvd – Published: 2021-04-22 20:42 – Updated: 2024-08-03 20:48
    VLAI
    Summary
    A vulnerability has been identified in Opcenter Quality (All versions < V12.2), QMS Automotive (All versions < V12.30). A private sign key is shipped with the product without adequate protection.
    Severity
    No CVSS data available.
    CWE
    • CWE-321 - Use of Hard-coded Cryptographic Key
    Assigner
    References
    Impacted products
    Vendor Product Version
    Siemens Opcenter Quality Affected: All versions < V12.2
    Create a notification for this product.
    Siemens QMS Automotive Affected: All versions < V12.30
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:48:16.625Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-788287.pdf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Opcenter Quality",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V12.2"
                }
              ]
            },
            {
              "product": "QMS Automotive",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V12.30"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in Opcenter Quality (All versions \u003c V12.2), QMS Automotive (All versions \u003c V12.30). A private sign key is shipped with the product without adequate protection."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-321",
                  "description": "CWE-321: Use of Hard-coded Cryptographic Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-04-22T20:42:21.000Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-788287.pdf"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "productcert@siemens.com",
              "ID": "CVE-2021-27389",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Opcenter Quality",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions \u003c V12.2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "QMS Automotive",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions \u003c V12.30"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Siemens"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability has been identified in Opcenter Quality (All versions \u003c V12.2), QMS Automotive (All versions \u003c V12.30). A private sign key is shipped with the product without adequate protection."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-321: Use of Hard-coded Cryptographic Key"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-788287.pdf",
                  "refsource": "MISC",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-788287.pdf"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2021-27389",
        "datePublished": "2021-04-22T20:42:21.000Z",
        "dateReserved": "2021-02-18T00:00:00.000Z",
        "dateUpdated": "2024-08-03T20:48:16.625Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-7588 (GCVE-0-2020-7588)

    Vulnerability from nvd – Published: 2020-07-14 13:18 – Updated: 2024-08-04 09:33
    VLAI
    Summary
    A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions < V3.3), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC IT LMS (All versions < V2.6), SIMATIC IT Production Suite (All versions < V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMOCODE ES V15.1 (All versions < V15.1 Update 4), SIMOCODE ES V16 (All versions < V16 Update 1), Soft Starter ES V15.1 (All versions < V15.1 Update 3), Soft Starter ES V16 (All versions < V16 Update 1). Sending a specially crafted packet to the affected service could cause a partial remote denial-of-service, that would cause the service to restart itself.
    Severity
    No CVSS data available.
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    References
    Impacted products
    Vendor Product Version
    Siemens Opcenter Execution Discrete Affected: All versions < V3.2
    Create a notification for this product.
    Siemens Opcenter Execution Foundation Affected: All versions < V3.2
    Create a notification for this product.
    Siemens Opcenter Execution Process Affected: All versions < V3.2
    Create a notification for this product.
    Siemens Opcenter Intelligence Affected: All versions < V3.3
    Create a notification for this product.
    Siemens Opcenter Quality Affected: All versions < V11.3
    Create a notification for this product.
    Siemens Opcenter RD&L Affected: V8.0
    Create a notification for this product.
    Siemens SIMATIC IT LMS Affected: All versions < V2.6
    Create a notification for this product.
    Siemens SIMATIC IT Production Suite Affected: All versions < V8.0
    Create a notification for this product.
    Siemens SIMATIC Notifier Server for Windows Affected: All versions
    Create a notification for this product.
    Siemens SIMATIC PCS neo Affected: All versions < V3.0 SP1
    Create a notification for this product.
    Siemens SIMATIC STEP 7 (TIA Portal) V15 Affected: All versions < V15.1 Update 5
    Create a notification for this product.
    Siemens SIMATIC STEP 7 (TIA Portal) V16 Affected: All versions < V16 Update 2
    Create a notification for this product.
    Siemens SIMOCODE ES V15.1 Affected: All versions < V15.1 Update 4
    Create a notification for this product.
    Siemens SIMOCODE ES V16 Affected: All versions < V16 Update 1
    Create a notification for this product.
    Siemens Soft Starter ES V15.1 Affected: All versions < V15.1 Update 3
    Create a notification for this product.
    Siemens Soft Starter ES V16 Affected: All versions < V16 Update 1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:33:19.850Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Opcenter Execution Discrete",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V3.2"
                }
              ]
            },
            {
              "product": "Opcenter Execution Foundation",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V3.2"
                }
              ]
            },
            {
              "product": "Opcenter Execution Process",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V3.2"
                }
              ]
            },
            {
              "product": "Opcenter Intelligence",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V3.3"
                }
              ]
            },
            {
              "product": "Opcenter Quality",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V11.3"
                }
              ]
            },
            {
              "product": "Opcenter RD\u0026L",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "V8.0"
                }
              ]
            },
            {
              "product": "SIMATIC IT LMS",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V2.6"
                }
              ]
            },
            {
              "product": "SIMATIC IT Production Suite",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V8.0"
                }
              ]
            },
            {
              "product": "SIMATIC Notifier Server for Windows",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "product": "SIMATIC PCS neo",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V3.0 SP1"
                }
              ]
            },
            {
              "product": "SIMATIC STEP 7 (TIA Portal) V15",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V15.1 Update 5"
                }
              ]
            },
            {
              "product": "SIMATIC STEP 7 (TIA Portal) V16",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V16 Update 2"
                }
              ]
            },
            {
              "product": "SIMOCODE ES V15.1",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V15.1 Update 4"
                }
              ]
            },
            {
              "product": "SIMOCODE ES V16",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V16 Update 1"
                }
              ]
            },
            {
              "product": "Soft Starter ES V15.1",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V15.1 Update 3"
                }
              ]
            },
            {
              "product": "Soft Starter ES V16",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V16 Update 1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in Opcenter Execution Discrete (All versions \u003c V3.2), Opcenter Execution Foundation (All versions \u003c V3.2), Opcenter Execution Process (All versions \u003c V3.2), Opcenter Intelligence (All versions \u003c V3.3), Opcenter Quality (All versions \u003c V11.3), Opcenter RD\u0026L (V8.0), SIMATIC IT LMS (All versions \u003c V2.6), SIMATIC IT Production Suite (All versions \u003c V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions \u003c V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions \u003c V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions \u003c V16 Update 2), SIMOCODE ES V15.1 (All versions \u003c V15.1 Update 4), SIMOCODE ES V16 (All versions \u003c V16 Update 1), Soft Starter ES V15.1 (All versions \u003c V15.1 Update 3), Soft Starter ES V16 (All versions \u003c V16 Update 1). Sending a specially crafted packet to the affected service could cause a partial remote denial-of-service, that would cause the service to restart itself."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20: Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-10T11:16:56.000Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "productcert@siemens.com",
              "ID": "CVE-2020-7588",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Opcenter Execution Discrete",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions \u003c V3.2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Opcenter Execution Foundation",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions \u003c V3.2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Opcenter Execution Process",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions \u003c V3.2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Opcenter Intelligence",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions \u003c V3.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Opcenter Quality",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions \u003c V11.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Opcenter RD\u0026L",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "V8.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SIMATIC IT LMS",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions \u003c V2.6"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SIMATIC IT Production Suite",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions \u003c V8.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SIMATIC Notifier Server for Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SIMATIC PCS neo",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions \u003c V3.0 SP1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SIMATIC STEP 7 (TIA Portal) V15",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions \u003c V15.1 Update 5"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SIMATIC STEP 7 (TIA Portal) V16",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions \u003c V16 Update 2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SIMOCODE ES V15.1",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions \u003c V15.1 Update 4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SIMOCODE ES V16",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions \u003c V16 Update 1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Soft Starter ES V15.1",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions \u003c V15.1 Update 3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Soft Starter ES V16",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions \u003c V16 Update 1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Siemens"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability has been identified in Opcenter Execution Discrete (All versions \u003c V3.2), Opcenter Execution Foundation (All versions \u003c V3.2), Opcenter Execution Process (All versions \u003c V3.2), Opcenter Intelligence (All versions \u003c V3.3), Opcenter Quality (All versions \u003c V11.3), Opcenter RD\u0026L (V8.0), SIMATIC IT LMS (All versions \u003c V2.6), SIMATIC IT Production Suite (All versions \u003c V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions \u003c V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions \u003c V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions \u003c V16 Update 2), SIMOCODE ES V15.1 (All versions \u003c V15.1 Update 4), SIMOCODE ES V16 (All versions \u003c V16 Update 1), Soft Starter ES V15.1 (All versions \u003c V15.1 Update 3), Soft Starter ES V16 (All versions \u003c V16 Update 1). Sending a specially crafted packet to the affected service could cause a partial remote denial-of-service, that would cause the service to restart itself."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-20: Improper Input Validation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf",
                  "refsource": "MISC",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2020-7588",
        "datePublished": "2020-07-14T13:18:05.000Z",
        "dateReserved": "2020-01-21T00:00:00.000Z",
        "dateUpdated": "2024-08-04T09:33:19.850Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-7587 (GCVE-0-2020-7587)

    Vulnerability from nvd – Published: 2020-07-14 13:18 – Updated: 2024-08-04 09:33
    VLAI
    Summary
    A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions < V3.3), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC IT LMS (All versions < V2.6), SIMATIC IT Production Suite (All versions < V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMOCODE ES V15.1 (All versions < V15.1 Update 4), SIMOCODE ES V16 (All versions < V16 Update 1), Soft Starter ES V15.1 (All versions < V15.1 Update 3), Soft Starter ES V16 (All versions < V16 Update 1). Sending multiple specially crafted packets to the affected service could cause a partial remote denial-of-service, that would cause the service to restart itself. On some cases the vulnerability could leak random information from the remote service.
    Severity
    No CVSS data available.
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    References
    Impacted products
    Vendor Product Version
    Siemens Opcenter Execution Discrete Affected: All versions < V3.2
    Create a notification for this product.
    Siemens Opcenter Execution Foundation Affected: All versions < V3.2
    Create a notification for this product.
    Siemens Opcenter Execution Process Affected: All versions < V3.2
    Create a notification for this product.
    Siemens Opcenter Intelligence Affected: All versions < V3.3
    Create a notification for this product.
    Siemens Opcenter Quality Affected: All versions < V11.3
    Create a notification for this product.
    Siemens Opcenter RD&L Affected: V8.0
    Create a notification for this product.
    Siemens SIMATIC IT LMS Affected: All versions < V2.6
    Create a notification for this product.
    Siemens SIMATIC IT Production Suite Affected: All versions < V8.0
    Create a notification for this product.
    Siemens SIMATIC Notifier Server for Windows Affected: All versions
    Create a notification for this product.
    Siemens SIMATIC PCS neo Affected: All versions < V3.0 SP1
    Create a notification for this product.
    Siemens SIMATIC STEP 7 (TIA Portal) V15 Affected: All versions < V15.1 Update 5
    Create a notification for this product.
    Siemens SIMATIC STEP 7 (TIA Portal) V16 Affected: All versions < V16 Update 2
    Create a notification for this product.
    Siemens SIMOCODE ES V15.1 Affected: All versions < V15.1 Update 4
    Create a notification for this product.
    Siemens SIMOCODE ES V16 Affected: All versions < V16 Update 1
    Create a notification for this product.
    Siemens Soft Starter ES V15.1 Affected: All versions < V15.1 Update 3
    Create a notification for this product.
    Siemens Soft Starter ES V16 Affected: All versions < V16 Update 1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:33:19.877Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Opcenter Execution Discrete",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V3.2"
                }
              ]
            },
            {
              "product": "Opcenter Execution Foundation",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V3.2"
                }
              ]
            },
            {
              "product": "Opcenter Execution Process",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V3.2"
                }
              ]
            },
            {
              "product": "Opcenter Intelligence",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V3.3"
                }
              ]
            },
            {
              "product": "Opcenter Quality",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V11.3"
                }
              ]
            },
            {
              "product": "Opcenter RD\u0026L",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "V8.0"
                }
              ]
            },
            {
              "product": "SIMATIC IT LMS",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V2.6"
                }
              ]
            },
            {
              "product": "SIMATIC IT Production Suite",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V8.0"
                }
              ]
            },
            {
              "product": "SIMATIC Notifier Server for Windows",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "product": "SIMATIC PCS neo",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V3.0 SP1"
                }
              ]
            },
            {
              "product": "SIMATIC STEP 7 (TIA Portal) V15",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V15.1 Update 5"
                }
              ]
            },
            {
              "product": "SIMATIC STEP 7 (TIA Portal) V16",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V16 Update 2"
                }
              ]
            },
            {
              "product": "SIMOCODE ES V15.1",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V15.1 Update 4"
                }
              ]
            },
            {
              "product": "SIMOCODE ES V16",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V16 Update 1"
                }
              ]
            },
            {
              "product": "Soft Starter ES V15.1",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V15.1 Update 3"
                }
              ]
            },
            {
              "product": "Soft Starter ES V16",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V16 Update 1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in Opcenter Execution Discrete (All versions \u003c V3.2), Opcenter Execution Foundation (All versions \u003c V3.2), Opcenter Execution Process (All versions \u003c V3.2), Opcenter Intelligence (All versions \u003c V3.3), Opcenter Quality (All versions \u003c V11.3), Opcenter RD\u0026L (V8.0), SIMATIC IT LMS (All versions \u003c V2.6), SIMATIC IT Production Suite (All versions \u003c V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions \u003c V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions \u003c V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions \u003c V16 Update 2), SIMOCODE ES V15.1 (All versions \u003c V15.1 Update 4), SIMOCODE ES V16 (All versions \u003c V16 Update 1), Soft Starter ES V15.1 (All versions \u003c V15.1 Update 3), Soft Starter ES V16 (All versions \u003c V16 Update 1). Sending multiple specially crafted packets to the affected service could cause a partial remote denial-of-service, that would cause the service to restart itself. On some cases the vulnerability could leak random information from the remote service."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400: Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-10T11:16:51.000Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "productcert@siemens.com",
              "ID": "CVE-2020-7587",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Opcenter Execution Discrete",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions \u003c V3.2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Opcenter Execution Foundation",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions \u003c V3.2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Opcenter Execution Process",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions \u003c V3.2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Opcenter Intelligence",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions \u003c V3.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Opcenter Quality",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions \u003c V11.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Opcenter RD\u0026L",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "V8.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SIMATIC IT LMS",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions \u003c V2.6"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SIMATIC IT Production Suite",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions \u003c V8.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SIMATIC Notifier Server for Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SIMATIC PCS neo",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions \u003c V3.0 SP1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SIMATIC STEP 7 (TIA Portal) V15",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions \u003c V15.1 Update 5"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SIMATIC STEP 7 (TIA Portal) V16",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions \u003c V16 Update 2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SIMOCODE ES V15.1",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions \u003c V15.1 Update 4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SIMOCODE ES V16",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions \u003c V16 Update 1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Soft Starter ES V15.1",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions \u003c V15.1 Update 3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Soft Starter ES V16",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions \u003c V16 Update 1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Siemens"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability has been identified in Opcenter Execution Discrete (All versions \u003c V3.2), Opcenter Execution Foundation (All versions \u003c V3.2), Opcenter Execution Process (All versions \u003c V3.2), Opcenter Intelligence (All versions \u003c V3.3), Opcenter Quality (All versions \u003c V11.3), Opcenter RD\u0026L (V8.0), SIMATIC IT LMS (All versions \u003c V2.6), SIMATIC IT Production Suite (All versions \u003c V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions \u003c V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions \u003c V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions \u003c V16 Update 2), SIMOCODE ES V15.1 (All versions \u003c V15.1 Update 4), SIMOCODE ES V16 (All versions \u003c V16 Update 1), Soft Starter ES V15.1 (All versions \u003c V15.1 Update 3), Soft Starter ES V16 (All versions \u003c V16 Update 1). Sending multiple specially crafted packets to the affected service could cause a partial remote denial-of-service, that would cause the service to restart itself. On some cases the vulnerability could leak random information from the remote service."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-400: Uncontrolled Resource Consumption"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf",
                  "refsource": "MISC",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2020-7587",
        "datePublished": "2020-07-14T13:18:05.000Z",
        "dateReserved": "2020-01-21T00:00:00.000Z",
        "dateUpdated": "2024-08-04T09:33:19.877Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-41986 (GCVE-0-2024-41986)

    Vulnerability from cvelistv5 – Published: 2025-08-12 11:16 – Updated: 2025-08-12 19:16
    VLAI
    Summary
    A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506). The affected application support insecure TLS 1.0 and 1.1 protocol. An attacker could achieve a man-in-the-middle attack and compromise confidentiality and integrity of data.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-41986",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-12T19:16:25.144706Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-12T19:16:56.687Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "SmartClient modules Opcenter QL Home (SC)",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2506",
                  "status": "affected",
                  "version": "V13.2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "SOA Audit",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2506",
                  "status": "affected",
                  "version": "V13.2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "SOA Cockpit",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2506",
                  "status": "affected",
                  "version": "V13.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions \u003e= V13.2 \u003c V2506), SOA Audit (All versions \u003e= V13.2 \u003c V2506), SOA Cockpit (All versions \u003e= V13.2 \u003c V2506). The affected application support insecure TLS 1.0 and 1.1 protocol. An attacker could achieve a man-in-the-middle attack and compromise confidentiality and integrity of data."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
                "version": "3.1"
              }
            },
            {
              "cvssV4_0": {
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-327",
                  "description": "CWE-327: Use of a Broken or Risky Cryptographic Algorithm",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-12T11:16:42.595Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "url": "https://cert-portal.siemens.com/productcert/html/ssa-382999.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2024-41986",
        "datePublished": "2025-08-12T11:16:42.595Z",
        "dateReserved": "2024-07-25T12:46:30.322Z",
        "dateUpdated": "2025-08-12T19:16:56.687Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-41985 (GCVE-0-2024-41985)

    Vulnerability from cvelistv5 – Published: 2025-08-12 11:16 – Updated: 2025-08-12 19:25
    VLAI
    Summary
    A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506). The affected application does not expire the session without logout. This could allow an attacker to get unauthorized access if the session is left idle.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-613 - Insufficient Session Expiration
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-41985",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-12T19:24:10.939392Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-12T19:25:28.707Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "SmartClient modules Opcenter QL Home (SC)",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2506",
                  "status": "affected",
                  "version": "V13.2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "SOA Audit",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2506",
                  "status": "affected",
                  "version": "V13.2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "SOA Cockpit",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2506",
                  "status": "affected",
                  "version": "V13.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions \u003e= V13.2 \u003c V2506), SOA Audit (All versions \u003e= V13.2 \u003c V2506), SOA Cockpit (All versions \u003e= V13.2 \u003c V2506). The affected application does not expire the session without logout. This could allow an attacker to get unauthorized access if the session is left idle."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 2.6,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            },
            {
              "cvssV4_0": {
                "baseScore": 2.1,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-613",
                  "description": "CWE-613: Insufficient Session Expiration",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-12T11:16:41.301Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "url": "https://cert-portal.siemens.com/productcert/html/ssa-382999.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2024-41985",
        "datePublished": "2025-08-12T11:16:41.301Z",
        "dateReserved": "2024-07-25T12:46:30.322Z",
        "dateUpdated": "2025-08-12T19:25:28.707Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-41984 (GCVE-0-2024-41984)

    Vulnerability from cvelistv5 – Published: 2025-08-12 11:16 – Updated: 2025-08-12 19:33
    VLAI
    Summary
    A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506). The affected application improperly handles error while accessing an inaccessible resource leading to exposing the system applications.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-209 - Generation of Error Message Containing Sensitive Information
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-41984",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-12T19:32:49.960577Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-12T19:33:52.329Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "SmartClient modules Opcenter QL Home (SC)",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2506",
                  "status": "affected",
                  "version": "V13.2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "SOA Audit",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2506",
                  "status": "affected",
                  "version": "V13.2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "SOA Cockpit",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2506",
                  "status": "affected",
                  "version": "V13.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions \u003e= V13.2 \u003c V2506), SOA Audit (All versions \u003e= V13.2 \u003c V2506), SOA Cockpit (All versions \u003e= V13.2 \u003c V2506). The affected application improperly handles error while accessing an inaccessible resource leading to exposing the system applications."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 2.6,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            {
              "cvssV4_0": {
                "baseScore": 2.1,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-209",
                  "description": "CWE-209: Generation of Error Message Containing Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-12T11:16:39.989Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "url": "https://cert-portal.siemens.com/productcert/html/ssa-382999.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2024-41984",
        "datePublished": "2025-08-12T11:16:39.989Z",
        "dateReserved": "2024-07-25T12:46:30.322Z",
        "dateUpdated": "2025-08-12T19:33:52.329Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-41983 (GCVE-0-2024-41983)

    Vulnerability from cvelistv5 – Published: 2025-08-12 11:16 – Updated: 2025-08-12 19:47
    VLAI
    Summary
    A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506). The affected application displays SQL statement in the error messages encountered during the generation of reports using Cockpit tool.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-209 - Generation of Error Message Containing Sensitive Information
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-41983",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-12T19:45:04.629537Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-12T19:47:22.459Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "SmartClient modules Opcenter QL Home (SC)",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2506",
                  "status": "affected",
                  "version": "V13.2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "SOA Audit",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2506",
                  "status": "affected",
                  "version": "V13.2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "SOA Cockpit",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2506",
                  "status": "affected",
                  "version": "V13.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions \u003e= V13.2 \u003c V2506), SOA Audit (All versions \u003e= V13.2 \u003c V2506), SOA Cockpit (All versions \u003e= V13.2 \u003c V2506). The affected application displays SQL statement in the error messages encountered during the generation of reports using Cockpit tool."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            {
              "cvssV4_0": {
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-209",
                  "description": "CWE-209: Generation of Error Message Containing Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-12T11:16:38.616Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "url": "https://cert-portal.siemens.com/productcert/html/ssa-382999.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2024-41983",
        "datePublished": "2025-08-12T11:16:38.616Z",
        "dateReserved": "2024-07-25T12:46:30.322Z",
        "dateUpdated": "2025-08-12T19:47:22.459Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-41982 (GCVE-0-2024-41982)

    Vulnerability from cvelistv5 – Published: 2025-08-12 11:16 – Updated: 2025-08-12 15:53
    VLAI
    Summary
    A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506). The affected application does not have adequate encryption of sensitive information. This could allow an authenticated attacker to gain access of sensitive information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-311 - Missing Encryption of Sensitive Data
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-41982",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-12T15:53:08.764312Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-12T15:53:21.980Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "SmartClient modules Opcenter QL Home (SC)",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2506",
                  "status": "affected",
                  "version": "V13.2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "SOA Audit",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2506",
                  "status": "affected",
                  "version": "V13.2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "SOA Cockpit",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2506",
                  "status": "affected",
                  "version": "V13.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions \u003e= V13.2 \u003c V2506), SOA Audit (All versions \u003e= V13.2 \u003c V2506), SOA Cockpit (All versions \u003e= V13.2 \u003c V2506). The affected application does not have adequate encryption of sensitive information. This could allow an authenticated attacker to gain access of sensitive information."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
                "version": "3.1"
              }
            },
            {
              "cvssV4_0": {
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-311",
                  "description": "CWE-311: Missing Encryption of Sensitive Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-12T11:16:37.292Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "url": "https://cert-portal.siemens.com/productcert/html/ssa-382999.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2024-41982",
        "datePublished": "2025-08-12T11:16:37.292Z",
        "dateReserved": "2024-07-25T12:46:30.322Z",
        "dateUpdated": "2025-08-12T15:53:21.980Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-41980 (GCVE-0-2024-41980)

    Vulnerability from cvelistv5 – Published: 2025-08-12 11:16 – Updated: 2025-08-12 15:54
    VLAI
    Summary
    A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506). The affected application do not encrypt the communication in LDAP interface by default. This could allow an authenticated attacker to gain unauthorized access to sensitive information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-311 - Missing Encryption of Sensitive Data
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-41980",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-12T15:53:40.030449Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-12T15:54:00.509Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "SmartClient modules Opcenter QL Home (SC)",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2506",
                  "status": "affected",
                  "version": "V13.2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "SOA Audit",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2506",
                  "status": "affected",
                  "version": "V13.2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "SOA Cockpit",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2506",
                  "status": "affected",
                  "version": "V13.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions \u003e= V13.2 \u003c V2506), SOA Audit (All versions \u003e= V13.2 \u003c V2506), SOA Cockpit (All versions \u003e= V13.2 \u003c V2506). The affected application do not encrypt the communication in LDAP interface by default. This could allow an authenticated attacker to gain unauthorized access to sensitive information."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 3.1,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              }
            },
            {
              "cvssV4_0": {
                "baseScore": 2,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-311",
                  "description": "CWE-311: Missing Encryption of Sensitive Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-12T11:16:35.999Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "url": "https://cert-portal.siemens.com/productcert/html/ssa-382999.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2024-41980",
        "datePublished": "2025-08-12T11:16:35.999Z",
        "dateReserved": "2024-07-25T12:46:30.322Z",
        "dateUpdated": "2025-08-12T15:54:00.509Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-41979 (GCVE-0-2024-41979)

    Vulnerability from cvelistv5 – Published: 2025-08-12 11:16 – Updated: 2025-08-12 15:54
    VLAI
    Summary
    A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506). The affected application does not enforce mandatory authorization on some functionality level at server side. This could allow an authenticated attacker to gain complete access of the application.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-41979",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-12T15:54:24.954678Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-12T15:54:33.400Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "SmartClient modules Opcenter QL Home (SC)",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2506",
                  "status": "affected",
                  "version": "V13.2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "SOA Audit",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2506",
                  "status": "affected",
                  "version": "V13.2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "SOA Cockpit",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2506",
                  "status": "affected",
                  "version": "V13.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions \u003e= V13.2 \u003c V2506), SOA Audit (All versions \u003e= V13.2 \u003c V2506), SOA Cockpit (All versions \u003e= V13.2 \u003c V2506). The affected application does not enforce mandatory authorization on some functionality level at server side. This could allow an authenticated attacker to gain complete access of the application."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV4_0": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863: Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-12T11:16:34.660Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "url": "https://cert-portal.siemens.com/productcert/html/ssa-382999.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2024-41979",
        "datePublished": "2025-08-12T11:16:34.660Z",
        "dateReserved": "2024-07-25T12:46:30.321Z",
        "dateUpdated": "2025-08-12T15:54:33.400Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-46285 (GCVE-0-2023-46285)

    Vulnerability from cvelistv5 – Published: 2023-12-12 11:27 – Updated: 2025-05-24 10:24
    VLAI
    Summary
    A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an improper input validation vulnerability that could allow an attacker to bring the service into a Denial-of-Service state by sending a specifically crafted message to 4004/tcp. The corresponding service is auto-restarted after the crash is detected by a watchdog.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T20:45:40.610Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-999588.pdf"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-999588.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-46285",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-01-20T05:00:31.916630Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-24T10:24:30.154Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Opcenter Execution Foundation",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2407",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Opcenter Quality",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2312",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "SIMATIC PCS neo",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V4.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "SINEC NMS",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.0 SP1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Totally Integrated Automation Portal (TIA Portal) V14",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Totally Integrated Automation Portal (TIA Portal) V15.1",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Totally Integrated Automation Portal (TIA Portal) V16",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Totally Integrated Automation Portal (TIA Portal) V17",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V17 Update 8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Totally Integrated Automation Portal (TIA Portal) V18",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V18 Update 3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in Opcenter Execution Foundation (All versions \u003c V2407), Opcenter Quality (All versions \u003c V2312), SIMATIC PCS neo (All versions \u003c V4.1), SINEC NMS (All versions \u003c V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions \u003c V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions \u003c V18 Update 3). The affected application contains an improper input validation vulnerability that could allow an attacker to bring the service into a Denial-of-Service state by sending a specifically crafted message to 4004/tcp. The corresponding service is auto-restarted after the crash is detected by a watchdog."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20: Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-14T10:29:55.697Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-999588.pdf"
            },
            {
              "url": "https://cert-portal.siemens.com/productcert/html/ssa-999588.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2023-46285",
        "datePublished": "2023-12-12T11:27:17.080Z",
        "dateReserved": "2023-10-20T10:29:46.260Z",
        "dateUpdated": "2025-05-24T10:24:30.154Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-46284 (GCVE-0-2023-46284)

    Vulnerability from cvelistv5 – Published: 2023-12-12 11:27 – Updated: 2026-02-25 16:34
    VLAI
    Summary
    A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer when handling specific requests on port 4002/tcp and 4004/tcp. This could allow an attacker to crash the application. The corresponding service is auto-restarted after the crash.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T20:45:40.702Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-999588.pdf"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-999588.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-46284",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-01-20T05:00:31.197555Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-25T16:34:35.352Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Opcenter Execution Foundation",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2407",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Opcenter Quality",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2312",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "SIMATIC PCS neo",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V4.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "SINEC NMS",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.0 SP1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Totally Integrated Automation Portal (TIA Portal) V14",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Totally Integrated Automation Portal (TIA Portal) V15.1",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Totally Integrated Automation Portal (TIA Portal) V16",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Totally Integrated Automation Portal (TIA Portal) V17",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V17 Update 8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Totally Integrated Automation Portal (TIA Portal) V18",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V18 Update 3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in Opcenter Execution Foundation (All versions \u003c V2407), Opcenter Quality (All versions \u003c V2312), SIMATIC PCS neo (All versions \u003c V4.1), SINEC NMS (All versions \u003c V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions \u003c V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions \u003c V18 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer when handling specific requests on port 4002/tcp and 4004/tcp. This could allow an attacker to crash the application. The corresponding service is auto-restarted after the crash."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-14T10:29:54.329Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-999588.pdf"
            },
            {
              "url": "https://cert-portal.siemens.com/productcert/html/ssa-999588.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2023-46284",
        "datePublished": "2023-12-12T11:27:15.737Z",
        "dateReserved": "2023-10-20T10:29:46.260Z",
        "dateUpdated": "2026-02-25T16:34:35.352Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-46283 (GCVE-0-2023-46283)

    Vulnerability from cvelistv5 – Published: 2023-12-12 11:27 – Updated: 2025-01-14 10:29
    VLAI
    Summary
    A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer when handling specific requests on port 4002/tcp. This could allow an attacker to crash the application. The corresponding service is auto-restarted after the crash.
    CWE
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T20:45:40.675Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-999588.pdf"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-999588.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Opcenter Execution Foundation",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2407",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Opcenter Quality",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2312",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "SIMATIC PCS neo",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V4.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "SINEC NMS",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.0 SP1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Totally Integrated Automation Portal (TIA Portal) V14",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Totally Integrated Automation Portal (TIA Portal) V15.1",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Totally Integrated Automation Portal (TIA Portal) V16",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Totally Integrated Automation Portal (TIA Portal) V17",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V17 Update 8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Totally Integrated Automation Portal (TIA Portal) V18",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V18 Update 3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in Opcenter Execution Foundation (All versions \u003c V2407), Opcenter Quality (All versions \u003c V2312), SIMATIC PCS neo (All versions \u003c V4.1), SINEC NMS (All versions \u003c V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions \u003c V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions \u003c V18 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer when handling specific requests on port 4002/tcp. This could allow an attacker to crash the application. The corresponding service is auto-restarted after the crash."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-14T10:29:52.922Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-999588.pdf"
            },
            {
              "url": "https://cert-portal.siemens.com/productcert/html/ssa-999588.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2023-46283",
        "datePublished": "2023-12-12T11:27:14.437Z",
        "dateReserved": "2023-10-20T10:29:46.260Z",
        "dateUpdated": "2025-01-14T10:29:52.922Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-46282 (GCVE-0-2023-46282)

    Vulnerability from cvelistv5 – Published: 2023-12-12 11:27 – Updated: 2025-01-14 10:29
    VLAI
    Summary
    A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected applications that could allow an attacker to inject arbitrary JavaScript code. The code could be potentially executed later by another (possibly privileged) user.
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T20:37:40.314Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-999588.pdf"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-999588.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Opcenter Execution Foundation",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2407",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Opcenter Quality",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2312",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "SIMATIC PCS neo",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V4.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "SINEC NMS",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.0 SP1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Totally Integrated Automation Portal (TIA Portal) V14",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Totally Integrated Automation Portal (TIA Portal) V15.1",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Totally Integrated Automation Portal (TIA Portal) V16",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Totally Integrated Automation Portal (TIA Portal) V17",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V17 Update 8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Totally Integrated Automation Portal (TIA Portal) V18",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V18 Update 3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in Opcenter Execution Foundation (All versions \u003c V2407), Opcenter Quality (All versions \u003c V2312), SIMATIC PCS neo (All versions \u003c V4.1), SINEC NMS (All versions \u003c V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions \u003c V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions \u003c V18 Update 3). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected applications that could allow an attacker to inject arbitrary JavaScript code. The code could be potentially executed later by another (possibly privileged) user."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-14T10:29:51.618Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-999588.pdf"
            },
            {
              "url": "https://cert-portal.siemens.com/productcert/html/ssa-999588.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2023-46282",
        "datePublished": "2023-12-12T11:27:13.134Z",
        "dateReserved": "2023-10-20T10:29:46.260Z",
        "dateUpdated": "2025-01-14T10:29:51.618Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-46281 (GCVE-0-2023-46281)

    Vulnerability from cvelistv5 – Published: 2023-12-12 11:27 – Updated: 2025-01-14 10:29
    VLAI
    Summary
    A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). When accessing the UMC Web-UI from affected products, UMC uses an overly permissive CORS policy. This could allow an attacker to trick a legitimate user to trigger unwanted behavior.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-942 - Permissive Cross-domain Policy with Untrusted Domains
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T20:37:40.334Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-999588.pdf"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-999588.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-46281",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-08T14:41:24.487753Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-08T14:41:45.644Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Opcenter Execution Foundation",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2407",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Opcenter Quality",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2312",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "SIMATIC PCS neo",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V4.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "SINEC NMS",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V2.0 SP1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Totally Integrated Automation Portal (TIA Portal) V14",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Totally Integrated Automation Portal (TIA Portal) V15.1",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Totally Integrated Automation Portal (TIA Portal) V16",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Totally Integrated Automation Portal (TIA Portal) V17",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V17 Update 8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Totally Integrated Automation Portal (TIA Portal) V18",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V18 Update 3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in Opcenter Execution Foundation (All versions \u003c V2407), Opcenter Quality (All versions \u003c V2312), SIMATIC PCS neo (All versions \u003c V4.1), SINEC NMS (All versions \u003c V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions \u003c V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions \u003c V18 Update 3). When accessing the UMC Web-UI from affected products, UMC uses an overly permissive CORS policy. This could allow an attacker to trick a legitimate user to trigger unwanted behavior."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-942",
                  "description": "CWE-942: Permissive Cross-domain Policy with Untrusted Domains",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-14T10:29:50.318Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-999588.pdf"
            },
            {
              "url": "https://cert-portal.siemens.com/productcert/html/ssa-999588.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2023-46281",
        "datePublished": "2023-12-12T11:27:11.796Z",
        "dateReserved": "2023-10-20T10:29:46.259Z",
        "dateUpdated": "2025-01-14T10:29:50.318Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-33736 (GCVE-0-2022-33736)

    Vulnerability from cvelistv5 – Published: 2022-07-12 10:06 – Updated: 2024-08-03 08:09
    VLAI
    Summary
    A vulnerability has been identified in Opcenter Quality V13.1 (All versions < V13.1.20220624), Opcenter Quality V13.2 (All versions < V13.2.20220624). The affected applications do not properly validate login information during authentication. This could lead to denial of service condition for existing users or allow unauthenticated remote attackers to successfully login without credentials.
    Severity
    No CVSS data available.
    CWE
    • CWE-303 - Incorrect Implementation of Authentication Algorithm
    Assigner
    References
    Impacted products
    Vendor Product Version
    Siemens Opcenter Quality V13.1 Affected: All versions < V13.1.20220624
    Create a notification for this product.
    Siemens Opcenter Quality V13.2 Affected: All versions < V13.2.20220624
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T08:09:22.656Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-944952.pdf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Opcenter Quality V13.1",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions  \u003c V13.1.20220624"
                }
              ]
            },
            {
              "product": "Opcenter Quality V13.2",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V13.2.20220624"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in Opcenter Quality V13.1 (All versions \u003c V13.1.20220624), Opcenter Quality V13.2 (All versions \u003c V13.2.20220624). The affected applications do not properly validate login information during authentication. This could lead to denial of service condition for existing users or allow unauthenticated remote attackers to successfully login without credentials."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-303",
                  "description": "CWE-303: Incorrect Implementation of Authentication Algorithm",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-12T10:06:47.000Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-944952.pdf"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "productcert@siemens.com",
              "ID": "CVE-2022-33736",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Opcenter Quality V13.1",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions  \u003c V13.1.20220624"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Opcenter Quality V13.2",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions \u003c V13.2.20220624"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Siemens"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability has been identified in Opcenter Quality V13.1 (All versions \u003c V13.1.20220624), Opcenter Quality V13.2 (All versions \u003c V13.2.20220624). The affected applications do not properly validate login information during authentication. This could lead to denial of service condition for existing users or allow unauthenticated remote attackers to successfully login without credentials."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-303: Incorrect Implementation of Authentication Algorithm"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-944952.pdf",
                  "refsource": "MISC",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-944952.pdf"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2022-33736",
        "datePublished": "2022-07-12T10:06:47.000Z",
        "dateReserved": "2022-06-15T00:00:00.000Z",
        "dateUpdated": "2024-08-03T08:09:22.656Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-27389 (GCVE-0-2021-27389)

    Vulnerability from cvelistv5 – Published: 2021-04-22 20:42 – Updated: 2024-08-03 20:48
    VLAI
    Summary
    A vulnerability has been identified in Opcenter Quality (All versions < V12.2), QMS Automotive (All versions < V12.30). A private sign key is shipped with the product without adequate protection.
    Severity
    No CVSS data available.
    CWE
    • CWE-321 - Use of Hard-coded Cryptographic Key
    Assigner
    References
    Impacted products
    Vendor Product Version
    Siemens Opcenter Quality Affected: All versions < V12.2
    Create a notification for this product.
    Siemens QMS Automotive Affected: All versions < V12.30
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:48:16.625Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-788287.pdf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Opcenter Quality",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V12.2"
                }
              ]
            },
            {
              "product": "QMS Automotive",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V12.30"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in Opcenter Quality (All versions \u003c V12.2), QMS Automotive (All versions \u003c V12.30). A private sign key is shipped with the product without adequate protection."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-321",
                  "description": "CWE-321: Use of Hard-coded Cryptographic Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-04-22T20:42:21.000Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-788287.pdf"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "productcert@siemens.com",
              "ID": "CVE-2021-27389",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Opcenter Quality",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions \u003c V12.2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "QMS Automotive",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions \u003c V12.30"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Siemens"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability has been identified in Opcenter Quality (All versions \u003c V12.2), QMS Automotive (All versions \u003c V12.30). A private sign key is shipped with the product without adequate protection."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-321: Use of Hard-coded Cryptographic Key"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-788287.pdf",
                  "refsource": "MISC",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-788287.pdf"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2021-27389",
        "datePublished": "2021-04-22T20:42:21.000Z",
        "dateReserved": "2021-02-18T00:00:00.000Z",
        "dateUpdated": "2024-08-03T20:48:16.625Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }