CVE-2023-46280
First published: Tue May 14 2024(Updated: )
A vulnerability has been identified in Security Configuration Tool (SCT) (All versions), SIMATIC Automation Tool (All versions < V5.0 SP2), SIMATIC BATCH V9.1 (All versions < V9.1 SP2 Upd5), SIMATIC NET PC Software V16 (All versions < V16 Update 8), SIMATIC NET PC Software V17 (All versions), SIMATIC NET PC Software V18 (All versions < V18 SP1), SIMATIC NET PC Software V19 (All versions < V19 Update 2), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC PDM V9.2 (All versions < V9.2 SP2 Upd3), SIMATIC Route Control V9.1 (All versions < V9.1 SP2 Upd3), SIMATIC S7-PCT (All versions < V3.5 SP3 Update 6), SIMATIC STEP 7 V5 (All versions < V5.7 SP3), SIMATIC WinCC OA V3.17 (All versions), SIMATIC WinCC OA V3.18 (All versions < V3.18 P025), SIMATIC WinCC OA V3.19 (All versions < V3.19 P010), SIMATIC WinCC Runtime Advanced (All versions < V17 Update 8), SIMATIC WinCC Runtime Professional V16 (All versions < V16 Update 6), SIMATIC WinCC Runtime Professional V17 (All versions < V17 Update 8), SIMATIC WinCC Runtime Professional V18 (All versions < V18 Update 4), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 2), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 17), SIMATIC WinCC V8.0 (All versions < V8.0 Update 5), SINAMICS Startdrive (All versions < V19 SP1), SINEC NMS (All versions < V3.0), SINEC NMS (All versions < V3.0 SP1), SINUMERIK ONE virtual (All versions < V6.23), SINUMERIK PLC Programming Tool (All versions < V3.3.12), TIA Portal Cloud Connector (All versions < V2.0), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 4), Totally Integrated Automation Portal (TIA Portal) V19 (All versions < V19 Update 2). The affected applications contain an out of bounds read vulnerability. This could allow an attacker to cause a Blue Screen of Death (BSOD) crash of the underlying Windows kernel.
Credit: productcert@siemens.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Siemens Security Configuration Tool | < | |
| Siemens SIMATIC Automation Tool | <5.0 SP2 | |
| Siemens SIMATIC BATCH | <9.1 SP2 Upd5 | |
| Siemens SIMATIC NET PC Software | <V16 Update 8 | |
| Siemens SIMATIC NET PC Software | < | |
| Siemens SIMATIC NET PC Software | <V18 SP1 | |
| Siemens SIMATIC NET PC Software | <V19 Update 2 | |
| Siemens SIMATIC PCS 7 | <V9.1 SP2 UC05 | |
| Siemens SIMATIC Process Device Manager | <V9.2 SP2 Upd3 | |
| Siemens SIMATIC Route Control | <V9.1 SP2 Upd3 | |
| Siemens SIMATIC S7-PCT | <V3.5 SP3 Update 6 | |
| Siemens SIMATIC STEP 7 | <V5.7 SP3 | |
| Siemens SIMATIC WinCC OA (Open Architecture) | < | |
| Siemens SIMATIC WinCC Open Architecture V3.18 | <V3.18 P025 | |
| Siemens SIMATIC WinCC OA V3.19 | <V3.19 P010 | |
| Siemens SIMATIC WinCC Runtime Advanced | <V17 Update 8 | |
| Siemens SIMATIC WinCC Runtime Professional | <V16 Update 6 | |
| siemens SIMATIC WinCC Runtime Professional V17 | <V17 Update 8 | |
| Siemens SIMATIC WinCC Runtime Professional | <V18 Update 4 | |
| Siemens SIMATIC WinCC Runtime Professional | <V19 Update 2 | |
| Siemens SIMATIC WinCC V7.4 | < | |
| Siemens SIMATIC WinCC V7.5 | <V7.5 SP2 Update 17 | |
| Siemens SIMATIC WinCC V8.0 | <V8.0 Update 5 | |
| Siemens SINAMICS Startdrive | <V19 SP1 | |
| Siemens SINEC NMS | <V3.0 | |
| Siemens SINEC NMS | <V3.0 SP1 | |
| Siemens SINUMERIK ONE Virtual | <V6.23 | |
| Siemens SINUMERIK PLC Programming Tool | <V3.3.12 | |
| Siemens TIA Portal Cloud Connector | <V2.0 | |
| Siemens Totally Integrated Automation Portal (TIA Portal) | <V15.1 | |
| Siemens Totally Integrated Automation Portal (TIA Portal) | <V16 | |
| Siemens Totally Integrated Automation Portal (TIA Portal) | <V17 Update 8 | |
| Siemens Totally Integrated Automation Portal (TIA Portal) | <V18 Update 4 | |
| Siemens Totally Integrated Automation Portal (TIA Portal) | <V19 Update 2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/weakness
- agent/first-publish-date
- agent/type
- agent/author
- agent/event
- agent/severity
- agent/references
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/description
- agent/source
- agent/tags
- agent/softwarecombine
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/siemens
- canonical/siemens security configuration tool
- canonical/siemens simatic automation tool
- canonical/siemens simatic batch
- canonical/siemens simatic net pc software
- canonical/siemens simatic pcs 7
- canonical/siemens simatic process device manager
- canonical/siemens simatic route control
- canonical/siemens simatic s7-pct
- canonical/siemens simatic step 7
- canonical/siemens simatic wincc oa (open architecture)
- canonical/siemens simatic wincc open architecture v3.18
- canonical/siemens simatic wincc oa v3.19
- canonical/siemens simatic wincc runtime advanced
- canonical/siemens simatic wincc runtime professional
- canonical/siemens simatic wincc runtime professional v17
- canonical/siemens simatic wincc v7.4
- canonical/siemens simatic wincc v7.5
- canonical/siemens simatic wincc v8.0
- canonical/siemens sinamics startdrive
- canonical/siemens sinec nms
- canonical/siemens sinumerik one virtual
- canonical/siemens sinumerik plc programming tool
- canonical/siemens tia portal cloud connector
- canonical/siemens totally integrated automation portal (tia portal)