CVE-2023-52891
First published: Tue Jul 09 2024(Updated: )
A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.5), SIMATIC Energy Manager PRO (All versions < V7.5), SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions), SIMIT V10 (All versions), SIMIT V11 (All versions < V11.1). Unified Automation .NET based OPC UA Server SDK before 3.2.2 used in Siemens products are affected by a similar vulnerability as documented in CVE-2023-27321 for the OPC Foundation UA .NET Standard implementation. A successful attack may lead to high load situation and memory exhaustion, and may block the server.
Credit: productcert@siemens.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Siemens Simatic Energy Manager Basic | <7.5 | |
| Siemens Simatic Energy Manager Pro | <7.5 | |
| Siemens SIMATIC IPC DiagBase Firmware | ||
| siemens SIMATIC IPC DiagMonitor firmware | ||
| Siemens SIMIT V10 | ||
| Siemens SIMIT | <11.1 | |
| Unified Automation .NET based OPC UA Server SDK | <3.2.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2023-52891?
CVE-2023-52891 is classified as a high-severity vulnerability.
How do I fix CVE-2023-52891?
To remediate CVE-2023-52891, upgrade the affected software to version 7.5 or later for SIMATIC Energy Manager Basic and PRO, and to version 11.1 for SIMIT V11.
Which products are affected by CVE-2023-52891?
CVE-2023-52891 affects Siemens SIMATIC Energy Manager Basic, SIMATIC Energy Manager PRO, SIMATIC IPC DiagBase, SIMATIC IPC DiagMonitor, and SIMIT versions older than specified.
Is CVE-2023-52891 a remote vulnerability?
Yes, CVE-2023-52891 can potentially be exploited remotely.
What could happen if I do not address CVE-2023-52891?
If CVE-2023-52891 is not addressed, it could lead to unauthorized access and impact the integrity and availability of the affected systems.
- agent/weakness
- agent/type
- agent/references
- agent/first-publish-date
- agent/description
- agent/severity
- agent/author
- agent/event
- collector/nvd-api
- source/NVD
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- agent/softwarecombine
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/siemens
- canonical/siemens simatic energy manager basic
- canonical/siemens simatic energy manager pro
- canonical/siemens simatic ipc diagbase firmware
- canonical/siemens simatic ipc diagmonitor firmware
- canonical/siemens simit v10
- canonical/siemens simit
- vendor/unified automation
- canonical/unified automation .net based opc ua server sdk