CVE-2023-51440 - Vulnerability Details

Description

A vulnerability has been identified in SIMATIC CP 343-1 (6GK7343-1EX30-0XE0) (All versions), SIMATIC CP 343-1 Lean (6GK7343-1CX10-0XE0) (All versions), SIPLUS NET CP 343-1 (6AG1343-1EX30-7XE0) (All versions), SIPLUS NET CP 343-1 Lean (6AG1343-1CX10-2XE0) (All versions). Affected products incorrectly validate TCP sequence numbers. This could allow an unauthenticated remote attacker to create a denial of service condition by injecting spoofed TCP RST packets.

Published: 2024-02-13

Score: 7.5 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Siemens

SIMATIC CP 343-1

unknown

Version	Status	Constraints
`All versions`	affected	—

Siemens

SIMATIC CP 343-1 Lean

unknown

Version	Status	Constraints
`All versions`	affected	—

Siemens

SIPLUS NET CP 343-1

unknown

Version	Status	Constraints
`All versions`	affected	—

Siemens

SIPLUS NET CP 343-1 Lean

unknown

Version	Status	Constraints
`All versions`	affected	—

Configuration 1 [-]

AND

cpe:2.3:h:siemens:simatic_cp_343-1:-:*:*:*:*:*:*:*

cpe:2.3:o:siemens:simatic_cp_343-1_firmware:*:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:h:siemens:simatic_cp_343-1_lean:-:*:*:*:*:*:*:*

cpe:2.3:o:siemens:simatic_cp_343-1_lean_firmware:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:h:siemens:siplus_net_cp_343-1:-:*:*:*:*:*:*:*

cpe:2.3:o:siemens:siplus_net_cp_343-1_firmware:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:h:siemens:siplus_net_cp_343-1_lean:-:*:*:*:*:*:*:*

cpe:2.3:o:siemens:siplus_net_cp_343-1_lean_firmware:-:*:*:*:*:*:*:*

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2023-56160	A vulnerability has been identified in SIMATIC CP 343-1 (6GK7343-1EX30-0XE0) (All versions), SIMATIC CP 343-1 Lean (6GK7343-1CX10-0XE0) (All versions), SIPLUS NET CP 343-1 (6AG1343-1EX30-7XE0) (All versions), SIPLUS NET CP 343-1 Lean (6AG1343-1CX10-2XE0) (All versions). Affected products incorrectly validate TCP sequence numbers. This could allow an unauthenticated remote attacker to create a denial of service condition by injecting spoofed TCP RST packets.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.0037.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://cert-portal.siemens.com/productcert/html/ssa-516818.html

History

Mon, 16 Dec 2024 15:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Siemens simatic Cp 343-1 Siemens simatic Cp 343-1 Firmware Siemens simatic Cp 343-1 Lean Siemens simatic Cp 343-1 Lean Firmware
CPEs	cpe:2.3:h:siemens:cp_343-1:-:::::::* cpe:2.3:h:siemens:cp_343-1_lean:-:::::::* cpe:2.3:o:siemens:cp_343-1_firmware:::::::: cpe:2.3:o:siemens:cp_343-1_lean_firmware:-:::::::*	cpe:2.3:h:siemens:simatic_cp_343-1:-:::::::* cpe:2.3:h:siemens:simatic_cp_343-1_lean:-:::::::* cpe:2.3:o:siemens:simatic_cp_343-1_firmware:::::::: cpe:2.3:o:siemens:simatic_cp_343-1_lean_firmware:-:::::::*
Vendors & Products	Siemens cp 343-1 Siemens cp 343-1 Firmware Siemens cp 343-1 Lean Siemens cp 343-1 Lean Firmware	Siemens simatic Cp 343-1 Siemens simatic Cp 343-1 Firmware Siemens simatic Cp 343-1 Lean Siemens simatic Cp 343-1 Lean Firmware

Fri, 18 Oct 2024 17:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Siemens Siemens cp 343-1 Siemens cp 343-1 Firmware Siemens cp 343-1 Lean Siemens cp 343-1 Lean Firmware Siemens siplus Net Cp 343-1 Siemens siplus Net Cp 343-1 Firmware Siemens siplus Net Cp 343-1 Lean Siemens siplus Net Cp 343-1 Lean Firmware
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:h:siemens:cp_343-1:-:::::::* cpe:2.3:h:siemens:cp_343-1_lean:-:::::::* cpe:2.3:h:siemens:siplus_net_cp_343-1:-:::::::* cpe:2.3:h:siemens:siplus_net_cp_343-1_lean:-:::::::* cpe:2.3:o:siemens:cp_343-1_firmware:::::::: cpe:2.3:o:siemens:cp_343-1_lean_firmware:-:::::::* cpe:2.3:o:siemens:siplus_net_cp_343-1_firmware:-:::::::* cpe:2.3:o:siemens:siplus_net_cp_343-1_lean_firmware:-:::::::*
Vendors & Products		Siemens Siemens cp 343-1 Siemens cp 343-1 Firmware Siemens cp 343-1 Lean Siemens cp 343-1 Lean Firmware Siemens siplus Net Cp 343-1 Siemens siplus Net Cp 343-1 Firmware Siemens siplus Net Cp 343-1 Lean Siemens siplus Net Cp 343-1 Lean Firmware

Subscriptions

Siemens Simatic Cp 343-1 Simatic Cp 343-1 Firmware Simatic Cp 343-1 Lean Simatic Cp 343-1 Lean Firmware Siplus Net Cp 343-1 Siplus Net Cp 343-1 Firmware Siplus Net Cp 343-1 Lean Siplus Net Cp 343-1 Lean Firmware

MITRE

Status: PUBLISHED

Assigner: siemens

Published: 2024-02-13T09:00:04.702Z

Updated: 2024-08-02T22:32:10.181Z

Reserved: 2023-12-19T12:49:24.031Z

Link: CVE-2023-51440

Vulnrichment

Updated: 2024-08-02T22:32:10.181Z

NVD

Status : Analyzed

Published: 2024-02-13T09:15:46.830

Modified: 2024-12-16T15:17:29.160

Link: CVE-2023-51440

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object