CVE-2023-46285

Name of the Vulnerable Software and Affected Versions Opcenter Execution Foundation versions prior to V2407 Opcenter Quality versions prior to V2312 SIMATIC PCS neo versions prior to V4.1 SINEC NMS versions prior to V2.0 SP1 Totally Integrated Automation Portal (TIA Portal) V14 Totally Integrated Automation Portal (TIA Portal) V15.1 Totally Integrated Automation Portal (TIA Portal) V16 Totally Integrated Automation Portal (TIA Portal) V17 versions prior to V17 Update 8 Totally Integrated Automation Portal (TIA Portal) V18 versions prior to V18 Update 3

Description The affected applications contain an improper input validation issue that could allow an attacker to bring the service into a Denial-of-Service state by sending a specifically crafted message to the 4004/tcp endpoint. The corresponding service is auto-restarted after the crash is detected by a watchdog. This issue may be exploited by a remote attacker to cause a denial of service.

Recommendations For Opcenter Execution Foundation versions prior to V2407, update to version V2407 or later. For Opcenter Quality versions prior to V2312, update to version V2312 or later. For SIMATIC PCS neo versions prior to V4.1, update to version V4.1 or later. For SINEC NMS versions prior to V2.0 SP1, update to version V2.0 SP1 or later. For Totally Integrated Automation Portal (TIA Portal) V14, consider upgrading to a later version with the necessary security fixes. For Totally Integrated Automation Portal (TIA Portal) V15.1, consider upgrading to a later version with the necessary security fixes. For Totally Integrated Automation Portal (TIA Portal) V16, consider upgrading to a later version with the necessary security fixes. For Totally Integrated Automation Portal (TIA Portal) V17 versions prior to V17 Update 8, update to V17 Update 8 or later. For Totally Integrated Automation Portal (TIA Portal) V18 versions prior to V18 Update 3, update to V18 Update 3 or later. As a temporary workaround, consider restricting access to the 4004/tcp endpoint to minimize the risk of exploitation.