Out of Bounds Read Vulnerability in SIMATIC and TIA Portal Products by Siemens
CVE-2023-46280

6.5MEDIUM

Key Information:

Vendor
Siemens
Status
Security Configuration Tool (sct)
Simatic Automation Tool
Simatic Batch V9.1
Simatic Net Pc Software V16
Vendor
CVE Published:
14 May 2024

Summary

An out of bounds read vulnerability has been identified in multiple Siemens products, including the SIMATIC and TIA Portal series. This flaw can potentially lead to the crashing of the Windows kernel, resulting in a Blue Screen of Death (BSOD) error. Attackers could exploit this vulnerability to destabilize systems, impacting operational efficiency and safety within industrial environments. It is crucial for users of these products to be aware of this vulnerability and to implement necessary mitigations as outlined by Siemens.

Affected Version(s)

Security Configuration Tool (SCT) 0

SIMATIC Automation Tool 0

SIMATIC BATCH V9.1 0

References

https://cert-portal.siemens.com/productcert/html/ssa-9625...
https://cert-portal.siemens.com/productcert/html/ssa-7843...
https://cert-portal.siemens.com/productcert/html/ssa-3311...

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.