Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
None
Privileges Required
None
Attack Vector
Physical
0

CVE-2023-27465

Disclosure Date: June 13, 2023
CVE-2023-27465 CVSS v3 Base Score: 4.6
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

A vulnerability has been identified in SIMOTION C240 (All versions >= V5.4 < V5.5 SP1), SIMOTION C240 PN (All versions >= V5.4 < V5.5 SP1), SIMOTION D410-2 DP (All versions >= V5.4 < V5.5 SP1), SIMOTION D410-2 DP/PN (All versions >= V5.4 < V5.5 SP1), SIMOTION D425-2 DP (All versions >= V5.4 < V5.5 SP1), SIMOTION D425-2 DP/PN (All versions >= V5.4 < V5.5 SP1), SIMOTION D435-2 DP (All versions >= V5.4 < V5.5 SP1), SIMOTION D435-2 DP/PN (All versions >= V5.4 < V5.5 SP1), SIMOTION D445-2 DP/PN (All versions >= V5.4), SIMOTION D445-2 DP/PN (All versions >= V5.4 < V5.5 SP1), SIMOTION D455-2 DP/PN (All versions >= V5.4 < V5.5 SP1), SIMOTION P320-4 E (All versions >= V5.4), SIMOTION P320-4 S (All versions >= V5.4). When operated with Security Level Low the device does not protect access to certain services relevant for debugging. This could allow an unauthenticated attacker to extract confidential technology object (TO) configuration from the device.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
4.6 Medium
Impact Score:
3.6
Exploitability Score:
0.9
Vector:
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector (AV):
Physical
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
None
Availability (A):
None

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
SIMOTION C240 All versions >= V5.4 < V5.5 SP1
SIMOTION C240 PN All versions >= V5.4 < V5.5 SP1
SIMOTION D410-2 DP All versions >= V5.4 < V5.5 SP1
SIMOTION D410-2 DP/PN All versions >= V5.4 < V5.5 SP1
SIMOTION D425-2 DP All versions >= V5.4 < V5.5 SP1
SIMOTION D425-2 DP/PN All versions >= V5.4 < V5.5 SP1
SIMOTION D435-2 DP All versions >= V5.4 < V5.5 SP1
SIMOTION D435-2 DP/PN All versions >= V5.4 < V5.5 SP1
SIMOTION D445-2 DP/PN All versions >= V5.4
SIMOTION D445-2 DP/PN All versions >= V5.4 < V5.5 SP1
SIMOTION D455-2 DP/PN All versions >= V5.4 < V5.5 SP1
SIMOTION P320-4 E All versions >= V5.4
SIMOTION P320-4 S All versions >= V5.4
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • siemens

Products

  • simotion c240 firmware,
  • simotion c240 firmware 5.5,
  • simotion c240 pn firmware,
  • simotion c240 pn firmware 5.5,
  • simotion d410-2 dp firmware,
  • simotion d410-2 dp firmware 5.5,
  • simotion d410-2 dp/pn firmware,
  • simotion d410-2 dp/pn firmware 5.5,
  • simotion d425-2 dp firmware,
  • simotion d425-2 dp firmware 5.5,
  • simotion d425-2 dp/pn firmware,
  • simotion d425-2 dp/pn firmware 5.5,
  • simotion d435-2 dp firmware,
  • simotion d435-2 dp firmware 5.5,
  • simotion d435-2 dp/pn firmware,
  • simotion d435-2 dp/pn firmware 5.5,
  • simotion d445-2 dp/pn (0aa0) firmware 5.4,
  • simotion d445-2 dp/pn (0aa1) firmware,
  • simotion d445-2 dp/pn (0aa1) firmware 5.5,
  • simotion d455-2 dp/pn firmware,
  • simotion d455-2 dp/pn firmware 5.5,
  • simotion p320-4 e firmware 5.4,
  • simotion p320-4 s firmware 5.4

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis