Out of Bounds Write Vulnerability in Siemens Automation Products
CVE-2023-46284

7.5HIGH

Key Information:

Vendor: Siemens
Status: Opcenter Execution Foundation; Opcenter Quality; Simatic Pcs Neo; Sinec Nms
Vendor: CVE Published:; 12 December 2023

Summary

A significant out of bounds write vulnerability exists in various Siemens automation products, including Opcenter Execution Foundation and the Totally Integrated Automation Portal. This vulnerability arises when specific requests are processed on designated TCP ports (4002 and 4004), leading to a potential application crash. The affected services are designed to auto-restart following a crash, which may allow an attacker to exploit the application further. Timely updates to the latest versions are crucial for mitigating this risk.

Affected Version(s)

Opcenter Execution Foundation 0

Opcenter Quality 0

SIMATIC PCS neo 0

References

https://cert-portal.siemens.com/productcert/pdf/ssa-99958...

https://cert-portal.siemens.com/productcert/html/ssa-9995...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 12, 2023
Vulnerability Reserved
Oct 20, 2023