Remote Procedure Call Vulnerability in Siemens OpenPCS and SIMATIC Products
CVE-2023-48363

6.5MEDIUM

Key Information:

Vendor: Siemens
Status: Openpcs 7 V9.1; Simatic Batch V9.1; Simatic Pcs 7 V9.1; Simatic Route Control V9.1
Vendor: CVE Published:; 13 February 2024

What is CVE-2023-48363?

A vulnerability exists in certain versions of Siemens OpenPCS and SIMATIC products due to improper handling of specific unorganized Remote Procedure Call (RPC) messages. This flaw can be exploited by an attacker to trigger a denial of service condition in the RPC server, potentially disrupting operations across affected systems. Timely updates to the latest service packs are recommended to mitigate this risk.

Affected Version(s)

OpenPCS 7 V9.1 All versions < V9.1 SP2 UC05

SIMATIC BATCH V9.1 All versions < V9.1 SP2 UC05

SIMATIC PCS 7 V9.1 0

References

https://cert-portal.siemens.com/productcert/html/ssa-7537...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 13, 2024
Vulnerability Reserved
Nov 15, 2023