Code Execution Vulnerability in Siemens SIMATIC Devices
CVE-2023-37194

6.7MEDIUM

Key Information:

Vendor: Siemens
Status: Simatic Cp 1604; Simatic Cp 1616; Simatic Cp 1623; Simatic Cp 1626
Vendor: CVE Published:; 10 October 2023

Summary

A significant vulnerability has been discovered in various Siemens SIMATIC devices, which exposes the kernel memory to user-mode through direct memory access (DMA). This exposure allows an attacker with administrative privileges to potentially execute arbitrary code on the host system. This poses a serious risk as it could lead to unauthorized system control and compromise the integrity of the device.

Affected Version(s)

SIMATIC CP 1604 All versions

SIMATIC CP 1616 All versions

SIMATIC CP 1623 All versions

References

https://cert-portal.siemens.com/productcert/pdf/ssa-78484...

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 10, 2023
Vulnerability Reserved
Jun 28, 2023