Today > | 13 High | 31 Medium | 2 Low vulnerabilities   -   You can now download lists of IOCs here!

CVE-2023-46280

May 14, 2024, 7:18 p.m.

Tags

CWE-125
2024-05-14
CVE-2023-46280
productcert@siemens.com

CVSS Score

6.5 / 10

Product(s) Impacted

S7-PCT

  • All versions

Security Configuration Tool (SCT)

  • All versions

SIMATIC Automation Tool

  • All versions

SIMATIC BATCH V9.1

  • All versions

SIMATIC NET PC Software

  • All versions

SIMATIC PCS 7 V9.1

  • All versions

SIMATIC PDM V9.2

  • All versions

SIMATIC Route Control V9.1

  • All versions

SIMATIC STEP 7 V5

  • All versions

SIMATIC WinCC OA V3.17

  • All versions

SIMATIC WinCC OA V3.18

  • All versions < V3.18 P025

SIMATIC WinCC OA V3.19

  • All versions < V3.19 P010

SIMATIC WinCC Runtime Advanced

  • All versions

SIMATIC WinCC Runtime Professional V16

  • All versions

SIMATIC WinCC Runtime Professional V17

  • All versions

SIMATIC WinCC Runtime Professional V18

  • All versions

SIMATIC WinCC Runtime Professional V19

  • All versions

SIMATIC WinCC Unified PC Runtime

  • All versions

SIMATIC WinCC V7.4

  • All versions

SIMATIC WinCC V7.5

  • All versions

SIMATIC WinCC V8.0

  • All versions

SINAMICS Startdrive

  • All versions < V19 SP1

SINUMERIK ONE virtual

  • All versions < V6.23

SINUMERIK PLC Programming Tool

  • All versions

TIA Portal Cloud Connector

  • All versions < V2.0

Totally Integrated Automation Portal (TIA Portal) V15.1

  • All versions

Totally Integrated Automation Portal (TIA Portal) V16

  • All versions

Totally Integrated Automation Portal (TIA Portal) V17

  • All versions

Totally Integrated Automation Portal (TIA Portal) V18

  • All versions

Totally Integrated Automation Portal (TIA Portal) V19

  • All versions < V19 Update 2

SIMATIC BATCH

  • V9.1
  • All versions

SIMATIC PCS 7

  • V9.1
  • All versions

SIMATIC PDM

  • V9.2
  • All versions

SIMATIC Route Control

  • V9.1
  • All versions

SIMATIC STEP 7

  • V5
  • All versions

SIMATIC WinCC OA

  • V3.17
  • V3.18
  • < V3.18 P025
  • V3.19
  • < V3.19 P010

SIMATIC WinCC Runtime Professional

  • V16
  • V17
  • V18
  • V19
  • All versions

SIMATIC WinCC

  • V7.4
  • V7.5
  • V8.0
  • All versions

SINAMICS Startdrive

  • < V19 SP1
  • All versions

SINUMERIK ONE virtual

  • < V6.23
  • All versions

TIA Portal Cloud Connector

  • < V2.0
  • All versions

Totally Integrated Automation Portal (TIA Portal)

  • V15.1
  • V16
  • V17
  • V18
  • < V19 Update 2
  • All versions

Description

A vulnerability has been identified in S7-PCT (All versions), Security Configuration Tool (SCT) (All versions), SIMATIC Automation Tool (All versions), SIMATIC BATCH V9.1 (All versions), SIMATIC NET PC Software (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC PDM V9.2 (All versions), SIMATIC Route Control V9.1 (All versions), SIMATIC STEP 7 V5 (All versions), SIMATIC WinCC OA V3.17 (All versions), SIMATIC WinCC OA V3.18 (All versions < V3.18 P025), SIMATIC WinCC OA V3.19 (All versions < V3.19 P010), SIMATIC WinCC Runtime Advanced (All versions), SIMATIC WinCC Runtime Professional V16 (All versions), SIMATIC WinCC Runtime Professional V17 (All versions), SIMATIC WinCC Runtime Professional V18 (All versions), SIMATIC WinCC Runtime Professional V19 (All versions), SIMATIC WinCC Unified PC Runtime (All versions), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions), SIMATIC WinCC V8.0 (All versions), SINAMICS Startdrive (All versions < V19 SP1), SINUMERIK ONE virtual (All versions < V6.23), SINUMERIK PLC Programming Tool (All versions), TIA Portal Cloud Connector (All versions < V2.0), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions < V19 Update 2). The affected applications contain an out of bounds read vulnerability. This could allow an attacker to cause a Blue Screen of Death (BSOD) crash of the underlying Windows kernel.

Weaknesses

Date

Published: May 14, 2024, 4:15 p.m.

Last Modified: May 14, 2024, 7:18 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

productcert@siemens.com

CVSS Data

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

Base Score
6.5
Exploitability Score
Impact Score
Base Severity
MEDIUM
CVSS Vector String

The CVSS vector string provides an in-depth view of the vulnerability metrics.

View Vector String

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

References

https://cert-portal.siemens.com/ productcert@siemens.com