N/A

A vulnerability has been identified in SIMATIC NET CP 342-5 (incl. SIPLUS variants) (All versions), SIMATIC NET CP 343-1 Advanced (incl. SIPLUS variants) (All versions < V3.0.44), SIMATIC NET CP 343-1 Lean (incl. SIPLUS variants) (All versions < V3.1.1), SIMATIC NET CP 343-1 Standard (incl. SIPLUS variants) (All versions < V3.1.1), SIMATIC NET CP 443-1 Advanced (incl. SIPLUS variants) (All versions < V3.2.9), SIMATIC NET CP 443-1 Standard (incl. SIPLUS variants) (All versions < V3.2.9), SIMATIC NET CP 443-5 Basic (incl. SIPLUS variants) (All versions), SIMATIC NET CP 443-5 Extended (All versions), TIM 3V-IE / TIM 3V-IE Advanced (incl. SIPLUS NET variants) (All versions < V2.6.0), TIM 3V-IE DNP3 (incl. SIPLUS NET variants) (All versions < V3.1.0), TIM 4R-IE (incl. SIPLUS NET variants) (All versions < V2.6.0), TIM 4R-IE DNP3 (incl. SIPLUS NET variants) (All versions < V3.1.0). The implemented access protection level enforcement of the affected communication processors (CP) could possibly allow unauthenticated users to perform administrative operations on the CPs if network access (port 102/TCP) is available and the CPs' configuration was stored on their corresponding CPUs.

N/A

N/A

Siemens多款产品 权限许可和访问控制问题漏洞

Siemens SIMATIC ET 200AL等都是德国西门子（Siemens）公司的产品。SIMATIC ET 200AL是一款分布式I/O系统模块。SIMATIC ET 200M是一款用于高密度通道应用的控制柜的模块化I/O系统模块。Siemens SIMATIC S7-300 F是一款过程控制器。 多款Siemens SIMATIC产品中存在安全漏洞。远程攻击者可借助TCP 102端口上的会话利用该漏洞获取管理员访问权限。以下产品及版本受到影响：Siemens SIMATIC CP 343-1 A

N/A

N/A