Denial of Service Vulnerability in Siemens SIMATIC Products
CVE-2023-30755

4.4MEDIUM

Key Information:

Vendor: Siemens
Status: Simatic Cp 1242-7 V2 (incl. Siplus Variants); Simatic Cp 1243-1 (incl. Siplus Variants); Simatic Cp 1243-1 Dnp3 (incl. Siplus Variants); Simatic Cp 1243-1 Iec (incl. Siplus Variants)
Vendor: CVE Published:; 10 September 2024

Summary

A significant vulnerability exists within a range of Siemens SIMATIC devices that impacts how the integrated web server processes shutdown and reboot requests. This improper handling can result in certain resources not being correctly cleaned up. An attacker with elevated privileges could exploit this vulnerability remotely, potentially leading to a denial of service condition that disrupts the normal operation of the affected systems. Organizations using these products should assess their security posture in relation to this vulnerability and implement appropriate measures to mitigate any risks associated.

Affected Version(s)

SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) 0

SIMATIC CP 1243-1 (incl. SIPLUS variants) 0

SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) 0

References

https://cert-portal.siemens.com/productcert/html/ssa-4238...

CVSS V3.1

Score:

4.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 10, 2024
Vulnerability Reserved
Apr 14, 2023