Out of Bounds Read Vulnerability in SIMATIC and TIA Portal Products by Siemens
CVE-2023-46280

6.5MEDIUM

Key Information:

Vendor

Siemens
Status
Security Configuration Tool (sct)
Simatic Automation Tool
Simatic Batch V9.1
Simatic Net Pc Software V16
Vendor
CVE Published:
14 May 2024

What is CVE-2023-46280?

An out of bounds read vulnerability has been identified in multiple Siemens products, including the SIMATIC and TIA Portal series. This flaw can potentially lead to the crashing of the Windows kernel, resulting in a Blue Screen of Death (BSOD) error. Attackers could exploit this vulnerability to destabilize systems, impacting operational efficiency and safety within industrial environments. It is crucial for users of these products to be aware of this vulnerability and to implement necessary mitigations as outlined by Siemens.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Security Configuration Tool (SCT) 0

SIMATIC Automation Tool 0

SIMATIC BATCH V9.1 0

References

https://cert-portal.siemens.com/productcert/html/ssa-9625...
https://cert-portal.siemens.com/productcert/html/ssa-7843...
https://cert-portal.siemens.com/productcert/html/ssa-3311...

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.