CVE-2023-32736

Name of the Vulnerable Software and Affected Versions SIMATIC S7-PLCSIM versions 16 through 17 SIMATIC S7-PLCSIM version 18 SIMATIC STEP 7 Safety versions 16 through 17 SIMATIC STEP 7 Safety version 18 SIMATIC STEP 7 versions 16 through 17 SIMATIC STEP 7 version 18 SIMATIC WinCC Unified versions 16 through 17 SIMATIC WinCC Unified version 18 SIMATIC WinCC versions 16 through 17 SIMATIC WinCC version 18 SIMOCODE ES versions 16 through 17 SIMOCODE ES version 18 SIMOTION SCOUT TIA version 5.4 SP1 SIMOTION SCOUT TIA version 5.4 SP3 SIMOTION SCOUT TIA version 5.5 SP1 SINAMICS Startdrive versions 16 through 18 SIRIUS Safety ES versions 17 through 18 SIRIUS Soft Starter ES versions 17 through 18 TIA Portal Cloud versions 16 through 17 TIA Portal Cloud version 18

Description A vulnerability has been identified in the affected products, which do not properly sanitize user-controllable input when parsing user settings. This could allow an attacker to cause a type confusion and execute arbitrary code within the affected application.

Recommendations For SIMATIC S7-PLCSIM versions 16 through 17, update to a version that includes the necessary security patches. For SIMATIC S7-PLCSIM version 18, update to a version that includes the necessary security patches. For SIMATIC STEP 7 Safety versions 16 through 17, update to version 17 Update 8 or later. For SIMATIC STEP 7 Safety version 18, update to version 18 Update 5 or later. For SIMATIC STEP 7 versions 16 through 17, update to version 17 Update 8 or later. For SIMATIC STEP 7 version 18, update to version 18 Update 5 or later. For SIMATIC WinCC Unified versions 16 through 17, update to version 17 Update 8 or later. For SIMATIC WinCC Unified version 18, update to version 18 SP5 or later. For SIMATIC WinCC versions 16 through 17, update to version 17 Update 8 or later. For SIMATIC WinCC version 18, update to version 18 SP5 or later. For SIMOCODE ES versions 16 through 17, update to version 17 Update 8 or later. For SIMOCODE ES version 18, ensure you have the latest security patches. For SIMOTION SCOUT TIA version 5.4 SP1, update to a version that includes the necessary security patches. For SIMOTION SCOUT TIA version 5.4 SP3, update to a version that includes the necessary security patches. For SIMOTION SCOUT TIA version 5.5 SP1, update to a version that includes the necessary security patches. For SINAMICS Startdrive versions 16 through 18, update to a version that includes the necessary security patches. For SIRIUS Safety ES versions 17 through 18, update to a version that includes the necessary security patches. For SIRIUS Soft Starter ES versions 17 through 18, update to a version that includes the necessary security patches. For TIA Portal Cloud versions 16 through 17, update to version 4.6.0.1 or later. For TIA Portal Cloud version 18, update to version 4.6.1.0 or later.