A vulnerability has been identified in SIMATIC PCS 7 (All versions < V9.1 SP2 UC04), SIMATIC S7-PM (All versions), SIMATIC STEP 7 V5 (All versions < V5.7). The affected product contains a database management system that could allow remote users with low privileges to use embedded functions of the database (local or in a network share) that have impact on the server.
An attacker with network access to the server network could leverage these embedded functions to run code with elevated privileges in the database management system's server.
References
Link | Resource |
---|---|
https://cert-portal.siemens.com/productcert/html/ssa-968170.html | |
https://cert-portal.siemens.com/productcert/pdf/ssa-968170.pdf | Mitigation Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
12 Mar 2024, 11:15
Type | Values Removed | Values Added |
---|---|---|
Summary | (en) A vulnerability has been identified in SIMATIC PCS 7 (All versions < V9.1 SP2 UC04), SIMATIC S7-PM (All versions), SIMATIC STEP 7 V5 (All versions < V5.7). The affected product contains a database management system that could allow remote users with low privileges to use embedded functions of the database (local or in a network share) that have impact on the server. An attacker with network access to the server network could leverage these embedded functions to run code with elevated privileges in the database management system's server. | |
References |
|
20 Jun 2023, 19:59
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-94 | |
References | (MISC) https://cert-portal.siemens.com/productcert/pdf/ssa-968170.pdf - Mitigation, Patch, Vendor Advisory | |
CPE | cpe:2.3:a:siemens:simatic_s7-pm:*:*:*:*:*:*:*:* cpe:2.3:a:siemens:simatic_step_7:*:*:*:*:*:*:*:* cpe:2.3:a:siemens:simatic_pcs_7:*:*:*:*:*:*:*:* |
|
First Time |
Siemens simatic S7-pm
Siemens simatic Pcs 7 Siemens simatic Step 7 Siemens |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
13 Jun 2023, 09:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-06-13 09:15
Updated : 2024-03-12 11:15
NVD link : CVE-2023-25910
Mitre link : CVE-2023-25910
CVE.ORG link : CVE-2023-25910
JSON object : View
Products Affected
siemens
- simatic_pcs_7
- simatic_s7-pm
- simatic_step_7
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')