CVE-2023-27465

Severity CVSS v4.0:
Pending analysis
Type:
CWE-200 Information Leak / Disclosure
Publication date:
13/06/2023
Last modified:
05/07/2023

Description

A vulnerability has been identified in SIMOTION C240 (All versions >= V5.4 = V5.4 = V5.4 = V5.4 = V5.4 = V5.4 = V5.4 = V5.4 = V5.4), SIMOTION D445-2 DP/PN (All versions >= V5.4 = V5.4 = V5.4), SIMOTION P320-4 S (All versions >= V5.4). When operated with Security Level Low the device does not protect access to certain services relevant for debugging. This could allow an unauthenticated attacker to extract confidential technology object (TO) configuration from the device.

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:siemens:simotion_d425-2_dp_firmware:*:*:*:*:*:*:*:* 5.4 (including) 5.5 (excluding)
cpe:2.3:o:siemens:simotion_d425-2_dp_firmware:5.5:-:*:*:*:*:*:*
cpe:2.3:h:siemens:simotion_d425-2_dp:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simotion_d425-2_dp\/pn_firmware:*:*:*:*:*:*:*:* 5.4 (including) 5.5 (excluding)
cpe:2.3:o:siemens:simotion_d425-2_dp\/pn_firmware:5.5:-:*:*:*:*:*:*
cpe:2.3:h:siemens:simotion_d425-2_dp\/pn:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simotion_d435-2_dp_firmware:*:*:*:*:*:*:*:* 5.4 (including) 5.5 (excluding)
cpe:2.3:o:siemens:simotion_d435-2_dp_firmware:5.5:-:*:*:*:*:*:*
cpe:2.3:h:siemens:simotion_d435-2_dp:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simotion_d435-2_dp\/pn_firmware:*:*:*:*:*:*:*:* 5.4 (including) 5.5 (excluding)
cpe:2.3:o:siemens:simotion_d435-2_dp\/pn_firmware:5.5:-:*:*:*:*:*:*
cpe:2.3:h:siemens:simotion_d435-2_dp\/pn:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simotion_d445-2_dp\/pn_\(0aa1\)_firmware:*:*:*:*:*:*:*:* 5.4 (including) 5.5 (excluding)
cpe:2.3:o:siemens:simotion_d445-2_dp\/pn_\(0aa1\)_firmware:5.5:-:*:*:*:*:*:*
cpe:2.3:h:siemens:simotion_d445-2_dp\/pn_\(0aa1\):-:*:*:*:*:*:*:*


References to Advisories, Solutions, and Tools