CVE-2023-46284
First published: Tue Dec 12 2023(Updated: )
A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer when handling specific requests on port 4002/tcp and 4004/tcp. This could allow an attacker to crash the application. The corresponding service is auto-restarted after the crash.
Credit: productcert@siemens.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Siemens Opcenter Quality | ||
| Siemens SIMATIC PCS neo V4.0 | <4.1 | |
| Siemens SINUMERIK Integrate Run MyHMI/Automotive | ||
| Siemens Totally Integrated Automation Portal (TIA Portal) | >=14.0<15 | |
| Siemens Totally Integrated Automation Portal (TIA Portal) | >=15<16 | |
| Siemens Totally Integrated Automation Portal (TIA Portal) | >=16<17 | |
| Siemens Totally Integrated Automation Portal (TIA Portal) | ||
| Siemens Totally Integrated Automation Portal (TIA Portal) | =18 | |
| Siemens Totally Integrated Automation Portal (TIA Portal) | =18-update_1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-46284?
The severity of CVE-2023-46284 is classified as high, indicating significant potential impact.
How do I fix CVE-2023-46284?
To fix CVE-2023-46284, users should upgrade to the latest versions of the affected Siemens products as outlined in the advisories.
Which Siemens products are affected by CVE-2023-46284?
CVE-2023-46284 affects various Siemens products including Opcenter Execution Foundation, Opcenter Quality, SIMATIC PCS neo, SINEC NMS, and Totally Integrated Automation Portal.
Are there any workaround solutions for CVE-2023-46284?
No specific workarounds are provided for CVE-2023-46284; updating to the latest software version is recommended.
What are the potential risks of ignoring CVE-2023-46284?
Ignoring CVE-2023-46284 could lead to unauthorized access and control over systems utilizing the affected Siemens products.
- agent/type
- agent/first-publish-date
- agent/weakness
- agent/remedy
- agent/author
- agent/severity
- agent/event
- agent/references
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/siemens
- canonical/siemens opcenter quality
- canonical/siemens simatic pcs neo v4.0
- canonical/siemens sinumerik integrate run myhmi/automotive
- canonical/siemens totally integrated automation portal (tia portal)
- version/siemens totally integrated automation portal (tia portal)/14.0
- version/siemens totally integrated automation portal (tia portal)/15
- version/siemens totally integrated automation portal (tia portal)/16
- version/siemens totally integrated automation portal (tia portal)/17
- version/siemens totally integrated automation portal (tia portal)/18
- version/siemens totally integrated automation portal (tia portal)/18-update_1