CVE-2023-28827: Null Pointer Dereference
First published: Tue Sep 10 2024(Updated: )
A vulnerability has been identified in SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-1 (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-7 LTE (All versions < V3.5.20), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions < V3.5.20), SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions), SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions), SIMATIC WinCC Runtime Advanced (All versions), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions < V2.4.8), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions < V2.4.8). The web server of the affected devices do not properly handle certain requests, causing a timeout in the watchdog, which could lead to the clean up of pointers. This could allow a remote attacker to cause a denial of service condition in the system.
Credit: productcert@siemens.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Siemens SIMATIC NET CP 1242-7 | <3.5.20 | |
| Siemens Simatic Net CP 1243-1 | <3.5.20 | |
| Siemens Simatic Net CP 1243-1 | <3.5.20 | |
| siemens simatic cp 1243-1 | <3.5.20 | |
| Siemens SIMATIC CP 1243-7 LTE EU Firmware | <3.5.20 | |
| Siemens Simatic Net CP 1243-8 IRC Firmware | <3.5.20 | |
| Siemens SIMATIC HMI Comfort Panel | <= | |
| Siemens SIMATIC IPC DiagBase Firmware | <= | |
| siemens SIMATIC IPC DiagMonitor firmware | <= | |
| Siemens SIMATIC WinCC Runtime Advanced | <= | |
| Siemens Simatic TIM 1531 IRC Firmware | <2.4.8 | |
| Siemens TIM 1531 IRC Firmware | <2.4.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2023-28827?
CVE-2023-28827 has been classified as a high severity vulnerability.
How do I fix CVE-2023-28827?
To fix CVE-2023-28827, update affected Siemens devices to versions 3.5.20 or later.
What products are affected by CVE-2023-28827?
CVE-2023-28827 affects various Siemens products including SIMATIC CP 1242-7, SIMATIC CP 1243-1, and their SIPLUS variants.
What types of vulnerabilities are included in CVE-2023-28827?
CVE-2023-28827 includes vulnerabilities that could allow unauthorized access to the affected SIMATIC devices.
When was CVE-2023-28827 disclosed?
CVE-2023-28827 was disclosed as part of ongoing security assessments by Siemens and relevant authorities.
- agent/references
- agent/weakness
- agent/type
- agent/description
- agent/first-publish-date
- agent/severity
- agent/author
- agent/event
- collector/nvd-api
- source/NVD
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/siemens
- canonical/siemens simatic net cp 1242-7
- canonical/siemens simatic net cp 1243-1
- canonical/siemens simatic cp 1243-1
- canonical/siemens simatic cp 1243-7 lte eu firmware
- canonical/siemens simatic net cp 1243-8 irc firmware
- canonical/siemens simatic hmi comfort panel
- canonical/siemens simatic ipc diagbase firmware
- canonical/siemens simatic ipc diagmonitor firmware
- canonical/siemens simatic wincc runtime advanced
- canonical/siemens simatic tim 1531 irc firmware
- canonical/siemens tim 1531 irc firmware