Back

CVE-2023-46280

May 14, 2024, 7:18 p.m.

Awaiting Analysis
CVE has been recently published to the CVE List and has been received by the NVD.

Products

S7-PCT

  • All versions

Security Configuration Tool (SCT)

  • All versions

SIMATIC Automation Tool

  • All versions

SIMATIC BATCH V9.1

  • All versions

SIMATIC NET PC Software

  • All versions

SIMATIC PCS 7 V9.1

  • All versions

SIMATIC PDM V9.2

  • All versions

SIMATIC Route Control V9.1

  • All versions

SIMATIC STEP 7 V5

  • All versions

SIMATIC WinCC OA V3.17

  • All versions

SIMATIC WinCC OA V3.18

  • All versions < V3.18 P025

SIMATIC WinCC OA V3.19

  • All versions < V3.19 P010

SIMATIC WinCC Runtime Advanced

  • All versions

SIMATIC WinCC Runtime Professional V16

  • All versions

SIMATIC WinCC Runtime Professional V17

  • All versions

SIMATIC WinCC Runtime Professional V18

  • All versions

SIMATIC WinCC Runtime Professional V19

  • All versions

SIMATIC WinCC Unified PC Runtime

  • All versions

SIMATIC WinCC V7.4

  • All versions

SIMATIC WinCC V7.5

  • All versions

SIMATIC WinCC V8.0

  • All versions

SINAMICS Startdrive

  • All versions < V19 SP1

SINUMERIK ONE virtual

  • All versions < V6.23

SINUMERIK PLC Programming Tool

  • All versions

TIA Portal Cloud Connector

  • All versions < V2.0

Totally Integrated Automation Portal (TIA Portal) V15.1

  • All versions

Totally Integrated Automation Portal (TIA Portal) V16

  • All versions

Totally Integrated Automation Portal (TIA Portal) V17

  • All versions

Totally Integrated Automation Portal (TIA Portal) V18

  • All versions

Totally Integrated Automation Portal (TIA Portal) V19

  • All versions < V19 Update 2

SIMATIC BATCH

  • V9.1
  • All versions

SIMATIC PCS 7

  • V9.1
  • All versions

SIMATIC PDM

  • V9.2
  • All versions

SIMATIC Route Control

  • V9.1
  • All versions

SIMATIC STEP 7

  • V5
  • All versions

SIMATIC WinCC OA

  • V3.17
  • V3.18
  • < V3.18 P025
  • V3.19
  • < V3.19 P010

SIMATIC WinCC Runtime Professional

  • V16
  • V17
  • V18
  • V19
  • All versions

SIMATIC WinCC

  • V7.4
  • V7.5
  • V8.0
  • All versions

SINAMICS Startdrive

  • < V19 SP1
  • All versions

SINUMERIK ONE virtual

  • < V6.23
  • All versions

TIA Portal Cloud Connector

  • < V2.0
  • All versions

Totally Integrated Automation Portal (TIA Portal)

  • V15.1
  • V16
  • V17
  • V18
  • < V19 Update 2
  • All versions

Source

productcert@siemens.com

Tags

CWE-125
2024-05-14
CVE-2023-46280
productcert@siemens.com

CVE-2023-46280 details

Published : May 14, 2024, 4:15 p.m.
Last Modified : May 14, 2024, 7:18 p.m.

Description

A vulnerability has been identified in S7-PCT (All versions), Security Configuration Tool (SCT) (All versions), SIMATIC Automation Tool (All versions), SIMATIC BATCH V9.1 (All versions), SIMATIC NET PC Software (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC PDM V9.2 (All versions), SIMATIC Route Control V9.1 (All versions), SIMATIC STEP 7 V5 (All versions), SIMATIC WinCC OA V3.17 (All versions), SIMATIC WinCC OA V3.18 (All versions < V3.18 P025), SIMATIC WinCC OA V3.19 (All versions < V3.19 P010), SIMATIC WinCC Runtime Advanced (All versions), SIMATIC WinCC Runtime Professional V16 (All versions), SIMATIC WinCC Runtime Professional V17 (All versions), SIMATIC WinCC Runtime Professional V18 (All versions), SIMATIC WinCC Runtime Professional V19 (All versions), SIMATIC WinCC Unified PC Runtime (All versions), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions), SIMATIC WinCC V8.0 (All versions), SINAMICS Startdrive (All versions < V19 SP1), SINUMERIK ONE virtual (All versions < V6.23), SINUMERIK PLC Programming Tool (All versions), TIA Portal Cloud Connector (All versions < V2.0), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions < V19 Update 2). The affected applications contain an out of bounds read vulnerability. This could allow an attacker to cause a Blue Screen of Death (BSOD) crash of the underlying Windows kernel.

CVSS Score

1 2 3 4 5 6.5 7 8 9 10

Weakness

Weakness Name Description

CVSS Data

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

Base Score

6.5

Exploitability Score

Impact Score

Base Severity

MEDIUM

Vector String : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

References

URL Source
https://cert-portal.siemens.com/productcert/html/ssa-962515.html productcert@siemens.com
This website uses the NVD API, but is not approved or certified by it.