← voltar
CVE-2023-46280

CVE-2023-46280

CVSS 8.2 HIGHEPSS 0.3%CWE-125
A vulnerability has been identified in Security Configuration Tool (SCT) (All versions), SIMATIC Automation Tool (All versions < V5.0 SP2), SIMATIC BATCH V9.1 (All versions < V9.1 SP2 Upd5), SIMATIC NET PC Software V16 (All versions < V16 Update 8), SIMATIC NET PC Software V17 (All versions), SIMATIC NET PC Software V18 (All versions < V18 SP1), SIMATIC NET PC Software V19 (All versions < V19 Update 2), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC PDM V9.2 (All versions < V9.2 SP2 Upd3), SIMATIC Route Control V9.1 (All versions < V9.1 SP2 Upd3), SIMATIC S7-PCT (All versions < V3.5 SP3 Update 6), SIMATIC STEP 7 V5 (All versions < V5.7 SP3), SIMATIC WinCC OA V3.17 (All versions), SIMATIC WinCC OA V3.18 (All versions < V3.18 P025), SIMATIC WinCC OA V3.19 (All versions < V3.19 P010), SIMATIC WinCC Runtime Advanced (All versions < V17 Update 8), SIMATIC WinCC Runtime Professional V16 (All versions < V16 Update 6), SIMATIC WinCC Runtime Professional V17 (All versions < V17 Update 8), SIMATIC WinCC Runtime Professional V18 (All versions < V18 Update 4), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 2), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 17), SIMATIC WinCC V8.0 (All versions < V8.0 Update 5), SINAMICS Startdrive (All versions < V19 SP1), SINEC NMS (All versions < V3.0), SINUMERIK ONE virtual (All versions < V6.23), SINUMERIK PLC Programming Tool (All versions < V3.3.12), TIA Portal Cloud Connector (All versions < V2.0), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 4), Totally Integrated Automation Portal (TIA Portal) V19 (All versions < V19 Update 2), SINEC NMS (All versions < V3.0 SP1). The affected applications contain an out of bounds read vulnerability. This could allow an attacker to cause a Blue Screen of Death (BSOD) crash of the underlying Windows kernel.
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H
Produtos afetados
Siemens · Security Configuration Tool (SCT)Siemens · SIMATIC Automation ToolSiemens · SIMATIC BATCH V9.1Siemens · SIMATIC NET PC Software V16Siemens · SIMATIC NET PC Software V17Siemens · SIMATIC NET PC Software V18Siemens · SIMATIC NET PC Software V19Siemens · SIMATIC PCS 7 V9.1Siemens · SIMATIC PDM V9.2Siemens · SIMATIC Route Control V9.1Siemens · SIMATIC S7-PCTSiemens · SIMATIC STEP 7 V5Siemens · SIMATIC WinCC OA V3.17Siemens · SIMATIC WinCC OA V3.18Siemens · SIMATIC WinCC OA V3.19Siemens · SIMATIC WinCC Runtime AdvancedSiemens · SIMATIC WinCC Runtime Professional V16Siemens · SIMATIC WinCC Runtime Professional V17Siemens · SIMATIC WinCC Runtime Professional V18Siemens · SIMATIC WinCC Runtime Professional V19Siemens · SIMATIC WinCC V7.4Siemens · SIMATIC WinCC V7.5Siemens · SIMATIC WinCC V8.0Siemens · SINAMICS StartdriveSiemens · SINEC NMSSiemens · SINUMERIK ONE virtualSiemens · SINUMERIK PLC Programming ToolSiemens · TIA Portal Cloud ConnectorSiemens · Totally Integrated Automation Portal (TIA Portal) V15.1Siemens · Totally Integrated Automation Portal (TIA Portal) V16Siemens · Totally Integrated Automation Portal (TIA Portal) V17Siemens · Totally Integrated Automation Portal (TIA Portal) V18Siemens · Totally Integrated Automation Portal (TIA Portal) V19

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://cert-portal.siemens.com/productcert/html/ssa-331112.htmlhttps://cert-portal.siemens.com/productcert/html/ssa-784301.htmlhttps://cert-portal.siemens.com/productcert/html/ssa-962515.html