CVE-2023-27465

Name of the Vulnerable Software and Affected Versions SIMOTION C240 versions 5.4 through 5.5 SP1 SIMOTION C240 PN versions 5.4 through 5.5 SP1 SIMOTION D410-2 DP versions 5.4 through 5.5 SP1 SIMOTION D410-2 DP/PN versions 5.4 through 5.5 SP1 SIMOTION D425-2 DP versions 5.4 through 5.5 SP1 SIMOTION D425-2 DP/PN versions 5.4 through 5.5 SP1 SIMOTION D435-2 DP versions 5.4 through 5.5 SP1 SIMOTION D435-2 DP/PN versions 5.4 through 5.5 SP1 SIMOTION D445-2 DP/PN versions 5.4 and later SIMOTION D455-2 DP/PN versions 5.4 through 5.5 SP1 SIMOTION P320-4 E versions 5.4 and later SIMOTION P320-4 S versions 5.4 and later

Description The issue is related to the lack of protection for certain services relevant for debugging when the device is operated with Security Level Low. This could allow an unauthenticated attacker to extract confidential technology object (TO) configuration from the device. The vulnerability is associated with the absence of protection for service data, which may enable an attacker to gain unauthorized access to protected information.

Recommendations For SIMOTION C240 versions 5.4 through 5.5 SP1, consider disabling the debugging services when not in use to minimize the risk of exploitation. For SIMOTION C240 PN versions 5.4 through 5.5 SP1, restrict access to the device when operated with Security Level Low. For SIMOTION D410-2 DP versions 5.4 through 5.5 SP1, avoid using the device for sensitive operations until a fix is available. For SIMOTION D410-2 DP/PN versions 5.4 through 5.5 SP1, limit access to the device's configuration data. For SIMOTION D425-2 DP versions 5.4 through 5.5 SP1, consider implementing additional security measures to protect the technology object configuration. For SIMOTION D425-2 DP/PN versions 5.4 through 5.5 SP1, restrict access to the device's services. For SIMOTION D435-2 DP versions 5.4 through 5.5 SP1, avoid using the device with Security Level Low. For SIMOTION D435-2 DP/PN versions 5.4 through 5.5 SP1, consider disabling the vulnerable services. For SIMOTION D445-2 DP/PN versions 5.4 and later, restrict access to the device's configuration data. For SIMOTION D455-2 DP/PN versions 5.4 through 5.5 SP1, limit access to the device's services. For SIMOTION P320-4 E versions 5.4 and later, consider implementing additional security measures to protect the technology object configuration. For SIMOTION P320-4 S versions 5.4 and later, avoid using the device for sensitive operations until a fix is available.