Denial of Service Vulnerability in SIMATIC MV540 and MV550 Products by Siemens
CVE-2023-36521

8.6HIGH

Key Information:

Vendor: Siemens
Status: Simatic Mv540 H; Simatic Mv540 S; Simatic Mv550 H; Simatic Mv550 S
Vendor: CVE Published:; 11 July 2023

Summary

A vulnerability has been identified in several Siemens SIMATIC products, including the MV540 and MV550 series, where the result synchronization server may allow attackers to trigger a denial of service. This vulnerability affects all versions prior to V3.3.4. When the result server is enabled, malicious actors could exploit this flaw to disrupt all socket-based communications within the affected systems, severely impacting operational integrity.

Affected Version(s)

SIMATIC MV540 H All versions < V3.3.4

SIMATIC MV540 S All versions < V3.3.4

SIMATIC MV550 H All versions < V3.3.4

References

https://cert-portal.siemens.com/productcert/pdf/ssa-56132...

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jul 11, 2023
Vulnerability Reserved
Jun 22, 2023