CVE-2023-35921

Name of the Vulnerable Software and Affected Versions SIMATIC MV540 H versions prior to V3.3.4 SIMATIC MV540 S versions prior to V3.3.4 SIMATIC MV550 H versions prior to V3.3.4 SIMATIC MV550 S versions prior to V3.3.4 SIMATIC MV560 U versions prior to V3.3.4 SIMATIC MV560 X versions prior to V3.3.4

Description The issue is related to an uncontrolled resource consumption when processing Ethernet frames, which could allow a remote attacker to cause a denial of service condition by sending specially crafted Ethernet frames to the devices. Affected devices cannot properly process these frames and must be restarted manually.

Recommendations For SIMATIC MV540 H versions prior to V3.3.4, update to version V3.3.4 or later. For SIMATIC MV540 S versions prior to V3.3.4, update to version V3.3.4 or later. For SIMATIC MV550 H versions prior to V3.3.4, update to version V3.3.4 or later. For SIMATIC MV550 S versions prior to V3.3.4, update to version V3.3.4 or later. For SIMATIC MV560 U versions prior to V3.3.4, update to version V3.3.4 or later. For SIMATIC MV560 X versions prior to V3.3.4, update to version V3.3.4 or later.