What is the severity of CVE-2023-37194?

The severity of CVE-2023-37194 is medium with a severity value of 6.7.

What is the vulnerability in CVE-2023-37194?

The vulnerability in CVE-2023-37194 is that the kernel memory of affected devices is exposed to user-mode via direct memory access (DMA).

How can I fix CVE-2023-37194?

Siemens has released a firmware update to fix CVE-2023-37194. Please refer to the Siemens product security advisory for more information.

Vulnerability/
CVE-2023-37194

medium

6.7

CWE

284

10/10/2023

16/10/2023

CVE-2023-37194

First published: Tue Oct 10 2023(Updated: )

A vulnerability has been identified in SIMATIC CP 1604 (All versions), SIMATIC CP 1616 (All versions), SIMATIC CP 1623 (All versions), SIMATIC CP 1626 (All versions), SIMATIC CP 1628 (All versions). The kernel memory of affected devices is exposed to user-mode via direct memory access (DMA) which could allow a local attacker with administrative privileges to execute arbitrary code on the host system without any restrictions.

Credit: productcert@siemens.com productcert@siemens.com

Affected Software	Affected Version	How to fix
Siemens Simatic Cp 1604 Firmware
Siemens Simatic Cp 1604
Siemens Simatic Cp 1616 Firmware
Siemens Simatic Cp 1616
Siemens Simatic Cp 1623 Firmware
Siemens Simatic Cp 1623
Siemens Simatic Cp 1626 Firmware
Siemens Simatic Cp 1626
Siemens Simatic Cp 1628 Firmware
Siemens Simatic Cp 1628

Never miss a vulnerability like this again

Reference Links

https://cert-portal.siemens.com/productcert/pdf/ssa-784849.pdf

Frequently Asked Questions

What is the severity of CVE-2023-37194?
The severity of CVE-2023-37194 is medium with a severity value of 6.7.
Which software versions are affected by CVE-2023-37194?
SIMATIC CP 1604 (All versions), SIMATIC CP 1616 (All versions), SIMATIC CP 1623 (All versions), SIMATIC CP 1626 (All versions), SIMATIC CP 1628 (All versions) are affected by CVE-2023-37194.
What is the vulnerability in CVE-2023-37194?
The vulnerability in CVE-2023-37194 is that the kernel memory of affected devices is exposed to user-mode via direct memory access (DMA).
How can I fix CVE-2023-37194?
Siemens has released a firmware update to fix CVE-2023-37194. Please refer to the Siemens product security advisory for more information.

collector/nvd-api
collector/nvd-index
agent/severity
agent/references
agent/weakness
agent/author
agent/tags
agent/type
agent/description
agent/event
agent/softwarecombine
agent/first-publish-date
agent/last-modified-date
vendor/siemens
canonical/siemens simatic cp 1604 firmware
canonical/siemens simatic cp 1604
canonical/siemens simatic cp 1616 firmware
canonical/siemens simatic cp 1616
canonical/siemens simatic cp 1623 firmware
canonical/siemens simatic cp 1623
canonical/siemens simatic cp 1626 firmware
canonical/siemens simatic cp 1626
canonical/siemens simatic cp 1628 firmware
canonical/siemens simatic cp 1628

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.