CVE-2023-28829
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2023-28829
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability has been identified in SIMATIC NET PC Software V14 (All versions), SIMATIC NET PC Software V15 (All versions), SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC WinCC (All versions < V8.0), SINAUT Software ST7sc (All versions). Before SIMATIC WinCC V8, legacy OPC services (OPC DA (Data Access), OPC HDA (Historical Data Access), and OPC AE (Alarms & Events)) were used per default. These services were designed on top of the Windows ActiveX and DCOM mechanisms and do not implement state-of-the-art security mechanisms for authentication and encryption of contents.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
对废弃函数的使用
Source: NVD (National Vulnerability Database)
Vulnerability Title
Siemens SIMATIC PCS 7 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Siemens SIMATIC PCS 7是德国西门子(Siemens)公司的一套过程控制系统。 Siemens SIMATIC PCS 7存在安全漏洞,该漏洞源于没有为身份验证和加密实施最先进的安全机制。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Siemens | SIMATIC NET PC Software V14 | All versions | - | |
| Siemens | SIMATIC NET PC Software V15 | All versions | - | |
| Siemens | SIMATIC PCS 7 V8.2 | All versions | - | |
| Siemens | SIMATIC PCS 7 V9.0 | All versions | - | |
| Siemens | SIMATIC PCS 7 V9.1 | All versions | - | |
| Siemens | SIMATIC WinCC | All versions < V8.0 | - | |
| Siemens | SINAUT Software ST7sc | All versions | - |
II. Public POCs for CVE-2023-28829
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2023-28829
请登录查看更多情报信息。
Same Patch Batch · Siemens · 2023-06-13 · 15 CVEs total
| CVE-2023-25910 | 10.0 CRITICAL | Siemens SIMATIC PCS 7 代码注入漏洞 |
| CVE-2023-29129 | 9.1 CRITICAL | Siemens Mendix SAML Module 授权问题漏洞 |
| CVE-2023-30897 | 7.8 HIGH | Siemens SIMATIC WinCC 安全漏洞 |
| CVE-2023-33123 | 7.8 HIGH | Siemens JT2Go 缓冲区错误漏洞 |
| CVE-2023-33124 | 7.8 HIGH | Siemens JT2Go 缓冲区错误漏洞 |
| CVE-2023-33919 | 7.2 HIGH | Siemens CP-8031 MASTER MODULE 命令注入漏洞 |
| CVE-2023-33920 | 6.8 MEDIUM | Siemens CP-8031 信任管理问题漏洞 |
| CVE-2023-33921 | 6.8 MEDIUM | Siemens CP-8031 安全漏洞 |
| CVE-2023-30757 | 6.2 MEDIUM | Siemens TIA Portal 安全漏洞 |
| CVE-2023-31238 | 5.5 MEDIUM | Siemens POWER METER SICAM 安全漏洞 |
| CVE-2023-27465 | 4.6 MEDIUM | Siemens SIMOTION 信息泄露漏洞 |
| CVE-2023-30901 | 4.3 MEDIUM | Siemens POWER METER SICAM 跨站请求伪造漏洞 |
| CVE-2023-33121 | 3.3 LOW | Siemens JT2Go 代码问题漏洞 |
| CVE-2023-33122 | 3.3 LOW | Siemens JT2Go 缓冲区错误漏洞 |
IV. Related Vulnerabilities
Same weakness: CWE-477
- CVE-2025-49217
Trend Micro Endpoint Encryption PolicyServer 安全漏洞 - CVE-2025-49216
Trend Micro Endpoint Encryption PolicyServer 安全漏洞 - CVE-2025-49214
Trend Micro Endpoint Encryption PolicyServer 安全漏洞 - CVE-2025-49213
Trend Micro Endpoint Encryption PolicyServer 安全漏洞 - CVE-2025-49212
Trend Micro Endpoint Encryption PolicyServer 安全漏洞
V. Comments for CVE-2023-28829
No comments yet