CVE-2023-28766

Summary

CVE	CVE-2023-28766
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2023-04-11 10:15:00 UTC
Updated	2024-03-12 11:15:00 UTC
Description	A vulnerability has been identified in SIPROTEC 5 6MD85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 6MD86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 6MD89 (CP300) (All versions >= V7.80 < V9.60), SIPROTEC 5 6MU85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7KE85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SA82 (CP100) (All versions), SIPROTEC 5 7SA82 (CP150) (All versions < V9.40), SIPROTEC 5 7SA86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SA87 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SD82 (CP100) (All versions), SIPROTEC 5 7SD82 (CP150) (All versions < V9.40), SIPROTEC 5 7SD86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SD87 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SJ81 (CP100) (All versions), SIPROTEC 5 7SJ81 (CP150) (All versions < V9.40), SIPROTEC 5 7SJ82 (CP100) (All versions), SIPROTEC 5 7SJ82 (CP150) (All versions < V9.40), SIPROTEC 5 7SJ85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SJ86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SK82 (CP100) (All versions), SIPROTEC 5 7SK82 (CP150) (All versions < V9.40), SIPROTEC 5 7SK85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SL82 (CP100) (All versions), SIPROTEC 5 7SL82 (CP150) (All versions < V9.40), SIPROTEC 5 7SL86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SL87 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SS85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7ST85 (CP300) (All versions >= V7.80 < V9.60), SIPROTEC 5 7ST86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SX82 (CP150) (All versions < V9.40), SIPROTEC 5 7SX85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7UM85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7UT82 (CP100) (All versions), SIPROTEC 5 7UT82 (CP150) (All versions < V9.40), SIPROTEC 5 7UT85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7UT86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7UT87 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7VE85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7VK87 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7VU85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 Communication Module ETH-BA-2EL (All versions < V9.40), SIPROTEC 5 Communication Module ETH-BB-2FO (All versions < V9.40), SIPROTEC 5 Communication Module ETH-BD-2FO (All versions < V9.40), SIPROTEC 5 Compact 7SX800 (CP050) (All versions < V9.40). Affected devices lack proper validation of http request parameters of the hosted web service. An unauthenticated remote attacker could send specially crafted packets that could cause denial of service condition of the target device.

Risk And Classification

Problem Types: CWE-476

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Hardware	Siemens	Siprotec 5 6md85	cp200	All	All	All
Hardware	Siemens	Siprotec 5 6md85	cp300	All	All	All
Operating System	Siemens	Siprotec 5 6md85 Firmware	All	All	All	All
Hardware	Siemens	Siprotec 5 6md86	cp200	All	All	All
Hardware	Siemens	Siprotec 5 6md86	cp300	All	All	All
Operating System	Siemens	Siprotec 5 6md86 Firmware	All	All	All	All
Hardware	Siemens	Siprotec 5 6md89	cp300	All	All	All
Operating System	Siemens	Siprotec 5 6md89 Firmware	All	All	All	All
Hardware	Siemens	Siprotec 5 6mu85	cp300	All	All	All
Operating System	Siemens	Siprotec 5 6mu85 Firmware	All	All	All	All
Hardware	Siemens	Siprotec 5 7ke85	cp200	All	All	All
Hardware	Siemens	Siprotec 5 7ke85	cp300	All	All	All
Operating System	Siemens	Siprotec 5 7ke85 Firmware	All	All	All	All
Hardware	Siemens	Siprotec 5 7sa82	cp100	All	All	All
Hardware	Siemens	Siprotec 5 7sa82	cp150	All	All	All
Operating System	Siemens	Siprotec 5 7sa82 Firmware	All	All	All	All
Hardware	Siemens	Siprotec 5 7sa84	cp200	All	All	All
Operating System	Siemens	Siprotec 5 7sa84 Firmware	All	All	All	All
Hardware	Siemens	Siprotec 5 7sa86	cp200	All	All	All
Hardware	Siemens	Siprotec 5 7sa86	cp300	All	All	All
Operating System	Siemens	Siprotec 5 7sa86 Firmware	All	All	All	All
Hardware	Siemens	Siprotec 5 7sa87	cp200	All	All	All
Hardware	Siemens	Siprotec 5 7sa87	cp300	All	All	All
Operating System	Siemens	Siprotec 5 7sa87 Firmware	All	All	All	All
Hardware	Siemens	Siprotec 5 7sd82	cp100	All	All	All
Hardware	Siemens	Siprotec 5 7sd82	cp150	All	All	All
Operating System	Siemens	Siprotec 5 7sd82 Firmware	All	All	All	All
Hardware	Siemens	Siprotec 5 7sd84	cp200	All	All	All
Operating System	Siemens	Siprotec 5 7sd84 Firmware	All	All	All	All
Hardware	Siemens	Siprotec 5 7sd86	cp200	All	All	All
Hardware	Siemens	Siprotec 5 7sd86	cp300	All	All	All
Operating System	Siemens	Siprotec 5 7sd86 Firmware	All	All	All	All
Hardware	Siemens	Siprotec 5 7sd87	cp200	All	All	All
Hardware	Siemens	Siprotec 5 7sd87	cp300	All	All	All
Operating System	Siemens	Siprotec 5 7sd87 Firmware	All	All	All	All
Hardware	Siemens	Siprotec 5 7sj81	cp100	All	All	All
Hardware	Siemens	Siprotec 5 7sj81	cp150	All	All	All
Operating System	Siemens	Siprotec 5 7sj81 Firmware	All	All	All	All
Hardware	Siemens	Siprotec 5 7sj82	cp100	All	All	All
Hardware	Siemens	Siprotec 5 7sj82	cp150	All	All	All
Operating System	Siemens	Siprotec 5 7sj82 Firmware	All	All	All	All
Hardware	Siemens	Siprotec 5 7sj85	cp200	All	All	All
Hardware	Siemens	Siprotec 5 7sj85	cp300	All	All	All
Operating System	Siemens	Siprotec 5 7sj85 Firmware	All	All	All	All
Hardware	Siemens	Siprotec 5 7sj86	cp200	All	All	All
Hardware	Siemens	Siprotec 5 7sj86	cp300	All	All	All
Operating System	Siemens	Siprotec 5 7sj86 Firmware	All	All	All	All
Hardware	Siemens	Siprotec 5 7sk82	cp100	All	All	All
Hardware	Siemens	Siprotec 5 7sk82	cp150	All	All	All
Operating System	Siemens	Siprotec 5 7sk82 Firmware	All	All	All	All
Hardware	Siemens	Siprotec 5 7sk85	cp200	All	All	All
Hardware	Siemens	Siprotec 5 7sk85	cp300	All	All	All
Operating System	Siemens	Siprotec 5 7sk85 Firmware	All	All	All	All
Hardware	Siemens	Siprotec 5 7sl82	cp100	All	All	All
Hardware	Siemens	Siprotec 5 7sl82	cp150	All	All	All
Operating System	Siemens	Siprotec 5 7sl82 Firmware	All	All	All	All
Hardware	Siemens	Siprotec 5 7sl86	cp200	All	All	All
Hardware	Siemens	Siprotec 5 7sl86	cp300	All	All	All
Operating System	Siemens	Siprotec 5 7sl86 Firmware	All	All	All	All
Hardware	Siemens	Siprotec 5 7sl87	cp200	All	All	All
Hardware	Siemens	Siprotec 5 7sl87	cp300	All	All	All
Operating System	Siemens	Siprotec 5 7sl87 Firmware	All	All	All	All
Hardware	Siemens	Siprotec 5 7ss85	cp200	All	All	All
Hardware	Siemens	Siprotec 5 7ss85	cp300	All	All	All
Operating System	Siemens	Siprotec 5 7ss85 Firmware	All	All	All	All
Hardware	Siemens	Siprotec 5 7st85	cp200	All	All	All
Hardware	Siemens	Siprotec 5 7st85	cp300	All	All	All
Operating System	Siemens	Siprotec 5 7st85 Firmware	All	All	All	All
Hardware	Siemens	Siprotec 5 7st86	cp300	All	All	All
Operating System	Siemens	Siprotec 5 7st86 Firmware	All	All	All	All
Hardware	Siemens	Siprotec 5 7sx82	cp150	All	All	All
Operating System	Siemens	Siprotec 5 7sx82 Firmware	All	All	All	All
Hardware	Siemens	Siprotec 5 7sx85	cp300	All	All	All
Operating System	Siemens	Siprotec 5 7sx85 Firmware	All	All	All	All
Hardware	Siemens	Siprotec 5 7um85	cp300	All	All	All
Operating System	Siemens	Siprotec 5 7um85 Firmware	All	All	All	All
Hardware	Siemens	Siprotec 5 7ut82	cp100	All	All	All
Hardware	Siemens	Siprotec 5 7ut82	cp150	All	All	All
Operating System	Siemens	Siprotec 5 7ut82 Firmware	All	All	All	All
Hardware	Siemens	Siprotec 5 7ut85	cp200	All	All	All
Hardware	Siemens	Siprotec 5 7ut85	cp300	All	All	All
Operating System	Siemens	Siprotec 5 7ut85 Firmware	All	All	All	All
Hardware	Siemens	Siprotec 5 7ut86	cp200	All	All	All
Hardware	Siemens	Siprotec 5 7ut86	cp300	All	All	All
Operating System	Siemens	Siprotec 5 7ut86 Firmware	All	All	All	All
Hardware	Siemens	Siprotec 5 7ut87	cp200	All	All	All
Hardware	Siemens	Siprotec 5 7ut87	cp300	All	All	All
Operating System	Siemens	Siprotec 5 7ut87 Firmware	All	All	All	All
Hardware	Siemens	Siprotec 5 7ve85	cp300	All	All	All
Operating System	Siemens	Siprotec 5 7ve85 Firmware	All	All	All	All
Hardware	Siemens	Siprotec 5 7vk87	cp200	All	All	All
Hardware	Siemens	Siprotec 5 7vk87	cp300	All	All	All
Operating System	Siemens	Siprotec 5 7vk87 Firmware	All	All	All	All
Hardware	Siemens	Siprotec 5 7vu85	cp300	All	All	All
Operating System	Siemens	Siprotec 5 7vu85 Firmware	All	All	All	All
Hardware	Siemens	Siprotec 5 Communication Module Ethba2el	-	All	All	All
Operating System	Siemens	Siprotec 5 Communication Module Ethba2el Firmware	All	All	All	All
Hardware	Siemens	Siprotec 5 Communication Module Ethbb2fo	-	All	All	All
Operating System	Siemens	Siprotec 5 Communication Module Ethbb2fo Firmware	All	All	All	All
Hardware	Siemens	Siprotec 5 Communication Module Ethbd2fo	-	All	All	All
Operating System	Siemens	Siprotec 5 Communication Module Ethbd2fo Firmware	All	All	All	All
Hardware	Siemens	Siprotec 5 Compact 7sx800	cp050	All	All	All
Operating System	Siemens	Siprotec 5 Compact 7sx800 Firmware	All	All	All	All

References

Reference	Source	Link	Tags
cert-portal.siemens.com/productcert/pdf/ssa-322980.pdf	MISC	cert-portal.siemens.com	Vendor Advisory
cert-portal.siemens.com/productcert/html/ssa-322980.html		cert-portal.siemens.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.