Denial of Service Vulnerability in Siemens SIMATIC MV Series Products
CVE-2023-35920
7.5HIGH
Key Information:
- Vendor
- Siemens
- Vendor
- CVE Published:
- 11 July 2023
Summary
A vulnerability exists in the Siemens SIMATIC MV series, where the devices fail to process specifically crafted IP packets. This allows an unauthenticated remote attacker to potentially trigger a denial of service condition. For affected devices, a manual restart is required to return to normal operation. It is crucial for users to evaluate their systems and take the necessary measures to mitigate this vulnerability.
Affected Version(s)
SIMATIC MV540 H All versions < V3.3.4
SIMATIC MV540 S All versions < V3.3.4
SIMATIC MV550 H All versions < V3.3.4
References
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved