CVE-2023-46284

Name of the Vulnerable Software and Affected Versions Opcenter Execution Foundation versions prior to V2407 Opcenter Quality versions prior to V2312 SIMATIC PCS neo versions prior to V4.1 SINEC NMS versions prior to V2.0 SP1 Totally Integrated Automation Portal (TIA Portal) V14 Totally Integrated Automation Portal (TIA Portal) V15.1 Totally Integrated Automation Portal (TIA Portal) V16 Totally Integrated Automation Portal (TIA Portal) V17 versions prior to V17 Update 8 Totally Integrated Automation Portal (TIA Portal) V18 versions prior to V18 Update 3

Description The affected applications contain a vulnerability that allows an out of bounds write past the end of an allocated buffer when handling specific requests on port 4002/tcp and 4004/tcp. This could allow an attacker to crash the application, resulting in a denial of service. The corresponding service is auto-restarted after the crash. The issue is related to a buffer copy without checking the size of the input data, which can be exploited by a remote attacker.

Recommendations For Opcenter Execution Foundation versions prior to V2407, update to version V2407 or later. For Opcenter Quality versions prior to V2312, update to version V2312 or later. For SIMATIC PCS neo versions prior to V4.1, update to version V4.1 or later. For SINEC NMS versions prior to V2.0 SP1, update to version V2.0 SP1 or later. For Totally Integrated Automation Portal (TIA Portal) V14, consider upgrading to a later version with the fix. For Totally Integrated Automation Portal (TIA Portal) V15.1, consider upgrading to a later version with the fix. For Totally Integrated Automation Portal (TIA Portal) V16, consider upgrading to a later version with the fix. For Totally Integrated Automation Portal (TIA Portal) V17 versions prior to V17 Update 8, update to V17 Update 8 or later. For Totally Integrated Automation Portal (TIA Portal) V18 versions prior to V18 Update 3, update to V18 Update 3 or later. As a temporary workaround, consider restricting access to ports 4002/tcp and 4004/tcp to minimize the risk of exploitation.