Remote Procedure Call Vulnerability in OpenPCS and SIMATIC Products by Siemens
CVE-2023-48364

6.5MEDIUM

Key Information:

Vendor: Siemens
Status: Openpcs 7 V9.1; Simatic Batch V9.1; Simatic Pcs 7 V9.1; Simatic Route Control V9.1
Vendor: CVE Published:; 13 February 2024

What is CVE-2023-48364?

A vulnerability exists in certain Siemens OpenPCS and SIMATIC products due to improper handling of malformed Remote Procedure Call (RPC) messages. This oversight could allow an attacker to exploit the vulnerability, leading to a denial of service condition in the RPC server, thereby impacting the availability and functionality of the affected systems. It is crucial for users to apply the updates provided by Siemens to mitigate potential risks associated with this vulnerability.

Affected Version(s)

OpenPCS 7 V9.1 All versions < V9.1 SP2 UC05

SIMATIC BATCH V9.1 All versions < V9.1 SP2 UC05

SIMATIC PCS 7 V9.1 0

References

https://cert-portal.siemens.com/productcert/html/ssa-7537...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 13, 2024
Vulnerability Reserved
Nov 15, 2023