Out of Bounds Read Vulnerability in SIMATIC and TIA Portal Products by Siemens
CVE-2023-46280

8.2HIGH

Key Information:

Vendor: Siemens
Status: Security Configuration Tool (sct); Simatic Automation Tool; Simatic Batch V9.1; Simatic Net Pc Software V16
Vendor: CVE Published:; 14 May 2024

What is CVE-2023-46280?

An out of bounds read vulnerability has been identified in multiple Siemens products, including the SIMATIC and TIA Portal series. This flaw can potentially lead to the crashing of the Windows kernel, resulting in a Blue Screen of Death (BSOD) error. Attackers could exploit this vulnerability to destabilize systems, impacting operational efficiency and safety within industrial environments. It is crucial for users of these products to be aware of this vulnerability and to implement necessary mitigations as outlined by Siemens.

Affected Version(s)

Security Configuration Tool (SCT) 0

SIMATIC Automation Tool 0

SIMATIC BATCH V9.1 0

References

https://cert-portal.siemens.com/productcert/html/ssa-9625...

https://cert-portal.siemens.com/productcert/html/ssa-7843...

https://cert-portal.siemens.com/productcert/html/ssa-3311...

CVSS V4

Score:

8.2

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 14, 2024
Vulnerability Reserved
Oct 20, 2023

CVE-2023-46280 Data

JSON