CVE-2023-25910

Name of the Vulnerable Software and Affected Versions SIMATIC PCS 7 versions prior to V9.1 SP2 UC04 SIMATIC S7-PM versions prior to V5.7 SP1 HF1 SIMATIC S7-PM versions prior to V5.7 SP2 HF1 SIMATIC STEP 7 V5 versions prior to V5.7

Description A vulnerability has been identified in the affected products, which contain a database management system that could allow remote users with low privileges to use embedded functions of the database, potentially impacting the server. An attacker with network access to the server network could leverage these embedded functions to run code with elevated privileges in the database management system's server. The issue is related to incorrect code generation management.

Recommendations For SIMATIC PCS 7 versions prior to V9.1 SP2 UC04, update to V9.1 SP2 UC04 or later. For SIMATIC S7-PM versions prior to V5.7 SP1 HF1, update to V5.7 SP1 HF1 or later. For SIMATIC S7-PM versions prior to V5.7 SP2 HF1, update to V5.7 SP2 HF1 or later. For SIMATIC STEP 7 V5 versions prior to V5.7, update to V5.7 or later.