Denial of Service Vulnerability in Siemens SIMATIC Products
CVE-2023-28827

5.9MEDIUM

Key Information:

Vendor: Siemens
Status: Simatic Cp 1242-7 V2 (incl. Siplus Variants); Simatic Cp 1243-1 (incl. Siplus Variants); Simatic Cp 1243-1 Dnp3 (incl. Siplus Variants); Simatic Cp 1243-1 Iec (incl. Siplus Variants)
Vendor: CVE Published:; 10 September 2024

Summary

A vulnerability has been found in multiple Siemens SIMATIC products due to the web server's failure to properly handle specific requests. This issue may cause a timeout in the watchdog system, leading to an unwanted cleanup of pointers. Consequently, a remote attacker could exploit this vulnerability to generate a denial of service condition, potentially disrupting operations and impacting system availability.

Affected Version(s)

SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) 0

SIMATIC CP 1243-1 (incl. SIPLUS variants) 0

SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) 0

References

https://cert-portal.siemens.com/productcert/html/ssa-4238...

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 10, 2024
Vulnerability Reserved
Mar 24, 2023