Remote Procedure Call Vulnerability in OpenPCS and SIMATIC Products by Siemens
CVE-2023-48364

6.5MEDIUM

Key Information:

Vendor

Siemens
Status
Openpcs 7 V9.1
Simatic Batch V9.1
Simatic Pcs 7 V9.1
Simatic Route Control V9.1
Vendor
CVE Published:
13 February 2024

What is CVE-2023-48364?

A vulnerability exists in certain Siemens OpenPCS and SIMATIC products due to improper handling of malformed Remote Procedure Call (RPC) messages. This oversight could allow an attacker to exploit the vulnerability, leading to a denial of service condition in the RPC server, thereby impacting the availability and functionality of the affected systems. It is crucial for users to apply the updates provided by Siemens to mitigate potential risks associated with this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

OpenPCS 7 V9.1 All versions < V9.1 SP2 UC05

SIMATIC BATCH V9.1 All versions < V9.1 SP2 UC05

SIMATIC PCS 7 V9.1 0

References

https://cert-portal.siemens.com/productcert/html/ssa-7537...

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.