CVE-2023-38380

Name of the Vulnerable Software and Affected Versions SIMATIC CP 1242-7 V2 versions prior to V3.4.29 SIMATIC CP 1243-1 versions prior to V3.4.29 SIMATIC CP 1243-1 DNP3 versions prior to V3.4.29 SIMATIC CP 1243-1 IEC versions prior to V3.4.29 SIMATIC CP 1243-7 LTE versions prior to V3.4.29 SIMATIC CP 1243-8 IRC versions prior to V3.4.29 SIMATIC CP 1542SP-1 versions prior to V2.3 SIMATIC CP 1542SP-1 IRC versions prior to V2.3 SIMATIC CP 1543-1 versions prior to V3.0.37 SIMATIC CP 1543SP-1 versions prior to V2.3 SINAMICS S210 versions 6.1 through 6.1 before HF2 SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL versions prior to V2.3 SIPLUS ET 200SP CP 1543SP-1 ISEC versions prior to V2.3 SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL versions prior to V2.3 SIPLUS NET CP 1543-1 versions prior to V3.0.37

Description The web server implementation of the affected products does not correctly release allocated memory after it has been used. An attacker with network access could use this issue to cause a denial-of-service condition in the web server of the affected product.

Recommendations For SIMATIC CP 1242-7 V2 versions prior to V3.4.29, update to version V3.4.29 or later. For SIMATIC CP 1243-1 versions prior to V3.4.29, update to version V3.4.29 or later. For SIMATIC CP 1243-1 DNP3 versions, apply the recommended fix from the manufacturer. For SIMATIC CP 1243-1 IEC versions prior to V3.4.29, update to version V3.4.29 or later. For SIMATIC CP 1243-7 LTE versions prior to V3.4.29, update to version V3.4.29 or later. For SIMATIC CP 1243-8 IRC versions prior to V3.4.29, update to version V3.4.29 or later. For SIMATIC CP 1542SP-1 versions prior to V2.3, update to version V2.3 or later. For SIMATIC CP 1542SP-1 IRC versions prior to V2.3, update to version V2.3 or later. For SIMATIC CP 1543-1 versions prior to V3.0.37, update to version V3.0.37 or later. For SIMATIC CP 1543SP-1 versions prior to V2.3, update to version V2.3 or later. For SINAMICS S210 versions 6.1 through 6.1 before HF2, apply the HF2 update. For SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL versions prior to V2.3, update to version V2.3 or later. For SIPLUS ET 200SP CP 1543SP-1 ISEC versions prior to V2.3, update to version V2.3 or later. For SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL versions prior to V2.3, update to version V2.3 or later. For SIPLUS NET CP 1543-1 versions prior to V3.0.37, update to version V3.0.37 or later.