CVE-2023-37482

Description

The login functionality of the web server in affected devices does not normalize the response times of login attempts. An unauthenticated remote attacker could exploit this side-channel information to distinguish between valid and invalid usernames.

CVSS breakdown

Affected products

• Siemens / SIMATIC Drive Controller CPU 1504D TFV3.1.0 – V3.1.2
• Siemens / SIMATIC Drive Controller CPU 1507D TFV3.1.0 – V3.1.2
• Siemens / SIMATIC ET 200SP CPU 1510SP-1 PNV3.1.0 – V3.1.2
• Siemens / SIMATIC ET 200SP CPU 1510SP F-1 PNV3.1.0 – V3.1.2
• Siemens / SIMATIC ET 200SP CPU 1512SP-1 PNV3.1.0 – V3.1.2
• Siemens / SIMATIC ET 200SP CPU 1512SP F-1 PNV3.1.0 – V3.1.2
• Siemens / SIMATIC ET 200SP CPU 1514SP-2 PNV3.1.0 – V3.1.2
• Siemens / SIMATIC ET 200SP CPU 1514SP F-2 PNV3.1.0 – V3.1.2
• Siemens / SIMATIC ET 200SP CPU 1514SPT-2 PNV3.1.0 – V3.1.2
• Siemens / SIMATIC ET 200SP CPU 1514SPT F-2 PNV3.1.0 – V3.1.2
• Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)V30.1.0 – V31.1.4
• Siemens / SIMATIC S7-1200 CPU 1211C AC/DC/Rly0 – V4.7
• Siemens / SIMATIC S7-1200 CPU 1211C DC/DC/DC0 – V4.7
• Siemens / SIMATIC S7-1200 CPU 1211C DC/DC/Rly0 – V4.7
• Siemens / SIMATIC S7-1200 CPU 1212C AC/DC/Rly0 – V4.7
• Siemens / SIMATIC S7-1200 CPU 1212C DC/DC/DC0 – V4.7
• Siemens / SIMATIC S7-1200 CPU 1212C DC/DC/Rly0 – V4.7
• Siemens / SIMATIC S7-1200 CPU 1212FC DC/DC/DC0 – V4.7
• Siemens / SIMATIC S7-1200 CPU 1212FC DC/DC/Rly0 – V4.7
• Siemens / SIMATIC S7-1200 CPU 1214C AC/DC/Rly0 – V4.7
• Siemens / SIMATIC S7-1200 CPU 1214C DC/DC/DC0 – V4.7
• Siemens / SIMATIC S7-1200 CPU 1214C DC/DC/Rly0 – V4.7
• Siemens / SIMATIC S7-1200 CPU 1214FC DC/DC/DC0 – V4.7
• Siemens / SIMATIC S7-1200 CPU 1214FC DC/DC/Rly0 – V4.7
• Siemens / SIMATIC S7-1200 CPU 1215C AC/DC/Rly0 – V4.7
• Siemens / SIMATIC S7-1200 CPU 1215C DC/DC/DC0 – V4.7
• Siemens / SIMATIC S7-1200 CPU 1215C DC/DC/Rly0 – V4.7
• Siemens / SIMATIC S7-1200 CPU 1215FC DC/DC/DC0 – V4.7
• Siemens / SIMATIC S7-1200 CPU 1215FC DC/DC/Rly0 – V4.7
• Siemens / SIMATIC S7-1200 CPU 1217C DC/DC/DC0 – V4.7
• Siemens / SIMATIC S7-1500 CPU 1511-1 PNV3.1.0 – V3.1.2
• Siemens / SIMATIC S7-1500 CPU 1511C-1 PNV3.1.0 – V3.1.2
• Siemens / SIMATIC S7-1500 CPU 1511F-1 PNV3.1.0 – V3.1.2
• Siemens / SIMATIC S7-1500 CPU 1511T-1 PNV3.1.0 – V3.1.2
• Siemens / SIMATIC S7-1500 CPU 1511TF-1 PNV3.1.0 – V3.1.2
• Siemens / SIMATIC S7-1500 CPU 1512C-1 PNV3.1.0 – V3.1.2
• Siemens / SIMATIC S7-1500 CPU 1513-1 PNV3.1.0 – V3.1.2
• Siemens / SIMATIC S7-1500 CPU 1513F-1 PNV3.1.0 – V3.1.2
• Siemens / SIMATIC S7-1500 CPU 1513pro-2 PNV3.1.0 – V3.1.2
• Siemens / SIMATIC S7-1500 CPU 1513pro F-2 PNV3.1.0 – V3.1.2
• Siemens / SIMATIC S7-1500 CPU 1513R-1 PNV3.1.0 – V3.1.2
• Siemens / SIMATIC S7-1500 CPU 1515-2 PNV3.1.0 – V3.1.2
• Siemens / SIMATIC S7-1500 CPU 1515F-2 PNV3.1.0 – V3.1.2
• Siemens / SIMATIC S7-1500 CPU 1515R-2 PNV3.1.0 – V3.1.2
• Siemens / SIMATIC S7-1500 CPU 1515T-2 PNV3.1.0 – V3.1.2
• Siemens / SIMATIC S7-1500 CPU 1515TF-2 PNV3.1.0 – V3.1.2
• Siemens / SIMATIC S7-1500 CPU 1516-3 PN/DPV3.1.0 – V3.1.2
• Siemens / SIMATIC S7-1500 CPU 1516F-3 PN/DPV3.1.0 – V3.1.2
• Siemens / SIMATIC S7-1500 CPU 1516pro-2 PNV3.1.0 – V3.1.2
• Siemens / SIMATIC S7-1500 CPU 1516pro F-2 PNV3.1.0 – V3.1.2
• Siemens / SIMATIC S7-1500 CPU 1516T-3 PN/DPV3.1.0 – V3.1.2
• Siemens / SIMATIC S7-1500 CPU 1516TF-3 PN/DPV3.1.0 – V3.1.2
• Siemens / SIMATIC S7-1500 CPU 1517-3 PN/DPV3.1.0 – V3.1.2
• Siemens / SIMATIC S7-1500 CPU 1517F-3 PN/DPV3.1.0 – V3.1.2
• Siemens / SIMATIC S7-1500 CPU 1517H-3 PNV3.1.0 – V3.1.2
• Siemens / SIMATIC S7-1500 CPU 1517T-3 PN/DPV3.1.0 – V3.1.2
• Siemens / SIMATIC S7-1500 CPU 1517TF-3 PN/DPV3.1.0 – V3.1.2
• Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DPV3.1.0 – V3.1.2
• Siemens / SIMATIC S7-1500 CPU 1518-4 PN/DP MFPV3.1.0 – V3.1.2
• Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DPV3.1.0 – V3.1.2
• Siemens / SIMATIC S7-1500 CPU 1518F-4 PN/DP MFPV3.1.0 – V3.1.2
• Siemens / SIMATIC S7-1500 CPU 1518HF-4 PNV3.1.0 – V3.1.2
• Siemens / SIMATIC S7-1500 CPU 1518T-4 PN/DPV3.1.0 – V3.1.2
• Siemens / SIMATIC S7-1500 CPU 1518TF-4 PN/DPV3.1.0 – V3.1.2
• Siemens / SIMATIC S7-1500 Software Controller CPU 1507S F V3V30.1.0 – V31.1.4
• Siemens / SIMATIC S7-1500 Software Controller CPU 1507S V3V30.1.0 – V31.1.4
• Siemens / SIMATIC S7-1500 Software Controller CPU 1508S F V3V30.1.0 – V31.1.4
• Siemens / SIMATIC S7-1500 Software Controller CPU 1508S TF V3V30.1.0 – V31.1.4
• Siemens / SIMATIC S7-1500 Software Controller CPU 1508S T V3V30.1.0 – V31.1.4
• Siemens / SIMATIC S7-1500 Software Controller CPU 1508S V3V30.1.0 – V31.1.4
• Siemens / SIMATIC S7-1500 Software Controller Linux V3V30.1.0 – V31.1.4
• Siemens / SIMATIC S7-PLCSIM AdvancedV6.0 – V7.0
• Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY0 – V4.7
• Siemens / SIPLUS S7-1200 CPU 1212C DC/DC/DC0 – V4.7
• Siemens / SIPLUS S7-1200 CPU 1212C DC/DC/DC RAIL0 – V4.7
• Siemens / SIPLUS S7-1200 CPU 1212 DC/DC/RLY0 – V4.7
• Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY0 – V4.7
• Siemens / SIPLUS S7-1200 CPU 1214C DC/DC/DC RAIL0 – V4.7
• Siemens / SIPLUS S7-1200 CPU 1214 DC/DC/DC0 – V4.7
• Siemens / SIPLUS S7-1200 CPU 1214 DC/DC/RLY0 – V4.7
• Siemens / SIPLUS S7-1200 CPU 1214FC DC/DC/DC0 – V4.7
• Siemens / SIPLUS S7-1200 CPU 1214FC DC/DC/RLY0 – V4.7
• Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY0 – V4.7
• Siemens / SIPLUS S7-1200 CPU 1215C DC/DC/DC0 – V4.7
• Siemens / SIPLUS S7-1200 CPU 1215 DC/DC/DC0 – V4.7
• Siemens / SIPLUS S7-1200 CPU 1215 DC/DC/RLY0 – V4.7
• Siemens / SIPLUS S7-1200 CPU 1215FC DC/DC/DC0 – V4.7
• Siemens / SIPLUS S7-1500 CPU 1517H-3 PNV3.1.0 – V3.1.2
• Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DPV3.1.0 – V3.1.2
• Siemens / SIPLUS S7-1500 CPU 1518-4 PN/DP MFPV3.1.0 – V3.1.2
• Siemens / SIPLUS S7-1500 CPU 1518F-4 PN/DPV3.1.0 – V3.1.2
• Siemens / SIPLUS S7-1500 CPU 1518HF-4 PNV3.1.0 – V3.1.2

References

• MISChttps://cert-portal.siemens.com/productcert/html/ssa-195895.html