CVE-2023-27465 — MEDIUM (4.6)

Q: How severe is CVE-2023-27465?

CVE-2023-27465 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-27465?

Check the references section above for vendor advisories and patch information. Affected products include: Siemens Simotion D425-2 Dp Firmware, Siemens Simotion D425-2 Dp, Siemens Simotion D425-2 Dp\/Pn Firmware, Siemens Simotion D425-2 Dp\/Pn, Siemens Simotion D435-2 Dp Firmware.

Vulnerability Description

A vulnerability has been identified in SIMOTION C240 (All versions >= V5.4 < V5.5 SP1), SIMOTION C240 PN (All versions >= V5.4 < V5.5 SP1), SIMOTION D410-2 DP (All versions >= V5.4 < V5.5 SP1), SIMOTION D410-2 DP/PN (All versions >= V5.4 < V5.5 SP1), SIMOTION D425-2 DP (All versions >= V5.4 < V5.5 SP1), SIMOTION D425-2 DP/PN (All versions >= V5.4 < V5.5 SP1), SIMOTION D435-2 DP (All versions >= V5.4 < V5.5 SP1), SIMOTION D435-2 DP/PN (All versions >= V5.4 < V5.5 SP1), SIMOTION D445-2 DP/PN (All versions >= V5.4), SIMOTION D445-2 DP/PN (All versions >= V5.4 < V5.5 SP1), SIMOTION D455-2 DP/PN (All versions >= V5.4 < V5.5 SP1), SIMOTION P320-4 E (All versions >= V5.4), SIMOTION P320-4 S (All versions >= V5.4). When operated with Security Level Low the device does not protect access to certain services relevant for debugging. This could allow an unauthenticated attacker to extract confidential technology object (TO) configuration from the device.

CVSS Score

4.6

MEDIUM

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Siemens	Simotion D425-2 Dp Firmware	>= 5.4, < 5.5
Siemens	Simotion D425-2 Dp	-
Siemens	Simotion D425-2 Dp\/Pn Firmware	>= 5.4, < 5.5
Siemens	Simotion D425-2 Dp\/Pn	-
Siemens	Simotion D435-2 Dp Firmware	>= 5.4, < 5.5
Siemens	Simotion D435-2 Dp	-
Siemens	Simotion D435-2 Dp\/Pn Firmware	>= 5.4, < 5.5
Siemens	Simotion D435-2 Dp\/Pn	-
Siemens	Simotion D445-2 Dp\/Pn \(0Aa1\) Firmware	>= 5.4, < 5.5
Siemens	Simotion D445-2 Dp\/Pn \(0Aa1\)	-
Siemens	Simotion D445-2 Dp\/Pn \(0Aa0\) Firmware	5.4
Siemens	Simotion D445-2 Dp\/Pn \(0Aa0\)	-
Siemens	Simotion D455-2 Dp\/Pn Firmware	>= 5.4, < 5.5
Siemens	Simotion D455-2 Dp\/Pn	-
Siemens	Simotion P320-4 E Firmware	5.4
Siemens	Simotion P320-4 E	-
Siemens	Simotion P320-4 S Firmware	5.4
Siemens	Simotion P320-4 S	-
Siemens	Simotion D410-2 Dp Firmware	>= 5.4, < 5.5
Siemens	Simotion D410-2 Dp	-

Related Weaknesses (CWE)

CWE-213 CWE-200

References

https://cert-portal.siemens.com/productcert/pdf/ssa-482956.pdfPatchVendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-482956.pdfPatchVendor Advisory

FAQ

What is CVE-2023-27465?

CVE-2023-27465 is a vulnerability with a CVSS score of 4.6 (MEDIUM). A vulnerability has been identified in SIMOTION C240 (All versions >= V5.4 < V5.5 SP1), SIMOTION C240 PN (All versions >= V5.4 < V5.5 SP1), SIMOTION D410-2 DP (All versions >= V5.4 < V5.5 SP1), SIMOTI...

How severe is CVE-2023-27465?

CVE-2023-27465 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-27465?

Check the references section above for vendor advisories and patch information. Affected products include: Siemens Simotion D425-2 Dp Firmware, Siemens Simotion D425-2 Dp, Siemens Simotion D425-2 Dp\/Pn Firmware, Siemens Simotion D425-2 Dp\/Pn, Siemens Simotion D435-2 Dp Firmware.