CVE-2023-46280
May 14, 2024, 7:18 p.m.
6.5
Medium
Description
A vulnerability has been identified in S7-PCT (All versions), Security Configuration Tool (SCT) (All versions), SIMATIC Automation Tool (All versions), SIMATIC BATCH V9.1 (All versions), SIMATIC NET PC Software (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC PDM V9.2 (All versions), SIMATIC Route Control V9.1 (All versions), SIMATIC STEP 7 V5 (All versions), SIMATIC WinCC OA V3.17 (All versions), SIMATIC WinCC OA V3.18 (All versions < V3.18 P025), SIMATIC WinCC OA V3.19 (All versions < V3.19 P010), SIMATIC WinCC Runtime Advanced (All versions), SIMATIC WinCC Runtime Professional V16 (All versions), SIMATIC WinCC Runtime Professional V17 (All versions), SIMATIC WinCC Runtime Professional V18 (All versions), SIMATIC WinCC Runtime Professional V19 (All versions), SIMATIC WinCC Unified PC Runtime (All versions), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions), SIMATIC WinCC V8.0 (All versions), SINAMICS Startdrive (All versions < V19 SP1), SINUMERIK ONE virtual (All versions < V6.23), SINUMERIK PLC Programming Tool (All versions), TIA Portal Cloud Connector (All versions < V2.0), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions < V19 Update 2). The affected applications contain an out of bounds read vulnerability. This could allow an attacker to cause a Blue Screen of Death (BSOD) crash of the underlying Windows kernel.
Product(s) Impacted
| Product | Versions |
|---|---|
| S7-PCT |
|
| Security Configuration Tool (SCT) |
|
| SIMATIC Automation Tool |
|
| SIMATIC BATCH V9.1 |
|
| SIMATIC NET PC Software |
|
| SIMATIC PCS 7 V9.1 |
|
| SIMATIC PDM V9.2 |
|
| SIMATIC Route Control V9.1 |
|
| SIMATIC STEP 7 V5 |
|
| SIMATIC WinCC OA V3.17 |
|
| SIMATIC WinCC OA V3.18 |
|
| SIMATIC WinCC OA V3.19 |
|
| SIMATIC WinCC Runtime Advanced |
|
| SIMATIC WinCC Runtime Professional V16 |
|
| SIMATIC WinCC Runtime Professional V17 |
|
| SIMATIC WinCC Runtime Professional V18 |
|
| SIMATIC WinCC Runtime Professional V19 |
|
| SIMATIC WinCC Unified PC Runtime |
|
| SIMATIC WinCC V7.4 |
|
| SIMATIC WinCC V7.5 |
|
| SIMATIC WinCC V8.0 |
|
| SINAMICS Startdrive |
|
| SINUMERIK ONE virtual |
|
| SINUMERIK PLC Programming Tool |
|
| TIA Portal Cloud Connector |
|
| Totally Integrated Automation Portal (TIA Portal) V15.1 |
|
| Totally Integrated Automation Portal (TIA Portal) V16 |
|
| Totally Integrated Automation Portal (TIA Portal) V17 |
|
| Totally Integrated Automation Portal (TIA Portal) V18 |
|
| Totally Integrated Automation Portal (TIA Portal) V19 |
|
| SIMATIC BATCH |
|
| SIMATIC PCS 7 |
|
| SIMATIC PDM |
|
| SIMATIC Route Control |
|
| SIMATIC STEP 7 |
|
| SIMATIC WinCC OA |
|
| SIMATIC WinCC Runtime Professional |
|
| SIMATIC WinCC |
|
| SINAMICS Startdrive |
|
| SINUMERIK ONE virtual |
|
| TIA Portal Cloud Connector |
|
| Totally Integrated Automation Portal (TIA Portal) |
|
Weaknesses
Common security weaknesses mapped to this vulnerability.
Tags
CVSS Score
CVSS Data - 3.1
- Attack Vector: LOCAL
- Attack Complexity: LOW
- Privileges Required: LOW
- Scope: CHANGED
- Confidentiality Impact: NONE
- Integrity Impact: NONE
- Availability Impact: HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Timeline
Published: May 14, 2024, 4:15 p.m.
Last Modified: May 14, 2024, 7:18 p.m.
Last Modified: May 14, 2024, 7:18 p.m.
Status : Awaiting Analysis
CVE has been recently published to the CVE List and has been received by the NVD.
More infoSource
productcert@siemens.com
*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.