CVE-2023-51440

A vulnerability has been identified in SIMATIC CP 343-1 (6GK7343-1EX30-0XE0) (All versions), SIMATIC CP 343-1 Lean (6GK7343-1CX10-0XE0) (All versions), SIPLUS NET CP 343-1 (6AG1343-1EX30-7XE0) (All versions), SIPLUS NET CP 343-1 Lean (6AG1343-1CX10-2XE0) (All versions). Affected products incorrectly validate TCP sequence numbers. This could allow an unauthenticated remote attacker to create a denial of service condition by injecting spoofed TCP RST packets.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://cert-portal.siemens.com/productcert/html/ssa-516818.html	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:siemens:cp_343-1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:cp_343-1:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:siemens:cp_343-1_lean_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:siemens:cp_343-1_lean:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:siemens:siplus_net_cp_343-1_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:siemens:siplus_net_cp_343-1:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:siemens:siplus_net_cp_343-1_lean_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:siemens:siplus_net_cp_343-1_lean:-:*:*:*:*:*:*:*

History

18 Oct 2024, 17:19

Type	Values Removed	Values Added
First Time		Siemens siplus Net Cp 343-1 Siemens cp 343-1 Lean Firmware Siemens siplus Net Cp 343-1 Lean Firmware Siemens siplus Net Cp 343-1 Firmware Siemens siplus Net Cp 343-1 Lean Siemens Siemens cp 343-1 Siemens cp 343-1 Firmware Siemens cp 343-1 Lean
CWE		NVD-CWE-noinfo
References	~~() https://cert-portal.siemens.com/productcert/html/ssa-516818.html -~~	() https://cert-portal.siemens.com/productcert/html/ssa-516818.html - Vendor Advisory
CPE		cpe:2.3:o:siemens:cp_343-1_lean_firmware:-:::::::* cpe:2.3:o:siemens:cp_343-1_firmware:::::::: cpe:2.3:h:siemens:siplus_net_cp_343-1:-:::::::* cpe:2.3:h:siemens:cp_343-1_lean:-:::::::* cpe:2.3:h:siemens:siplus_net_cp_343-1_lean:-:::::::* cpe:2.3:o:siemens:siplus_net_cp_343-1_lean_firmware:-:::::::* cpe:2.3:h:siemens:cp_343-1:-:::::::* cpe:2.3:o:siemens:siplus_net_cp_343-1_firmware:-:::::::*

13 Feb 2024, 14:01

Type	Values Removed	Values Added
Summary		(es) Se ha identificado una vulnerabilidad en: SIMATIC CP 343-1 (6GK7343-1EX30-0XE0) (todas las versiones), SIMATIC CP 343-1 Lean (6GK7343-1CX10-0XE0) (todas las versiones), SIPLUS NET CP 343-1 (6AG1343- 1EX30-7XE0) (todas las versiones), SIPLUS NET CP 343-1 Lean (6AG1343-1CX10-2XE0) (todas las versiones). Los productos afectados validan incorrectamente los números de secuencia TCP. Esto podría permitir que un atacante remoto no autenticado cree una condición de denegación de servicio inyectando paquetes TCP RST falsificados.

13 Feb 2024, 09:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-02-13 09:15

Updated : 2024-10-18 17:19

NVD link : CVE-2023-51440

Mitre link : CVE-2023-51440

CVE.ORG link : CVE-2023-51440

JSON object : View

Products Affected

siemens

cp_343-1_firmware
cp_343-1
siplus_net_cp_343-1_firmware
cp_343-1_lean_firmware
cp_343-1_lean
siplus_net_cp_343-1_lean_firmware
siplus_net_cp_343-1_lean
siplus_net_cp_343-1

CWE

NVD-CWE-noinfo CWE-940

Improper Verification of Source of a Communication Channel

7.5 /10