CVE-2023-37195

Name of the Vulnerable Software and Affected Versions SIMATIC CP 1604 versions all SIMATIC CP 1616 versions all SIMATIC CP 1623 versions all SIMATIC CP 1626 versions all SIMATIC CP 1628 versions all

Description The issue is related to insufficient control of access to memory DMA, which could allow an attacker to cause a denial of service situation on the host. This can be exploited by local attackers with administrative privileges. A physical power cycle is required to restore system functionality.

Recommendations For SIMATIC CP 1604, consider restricting access to the DMA mapping functionality until a patch is available. For SIMATIC CP 1616, avoid using administrative privileges for local attackers to minimize the risk of exploitation. For SIMATIC CP 1623, restrict the use of continuous DMA requests to prevent denial of service situations. For SIMATIC CP 1626, disable the DMA mapping feature temporarily to prevent exploitation. For SIMATIC CP 1628, limit local access to the system to prevent attackers with administrative privileges from causing a denial of service.