CVE-2023-48364

Name of the Vulnerable Software and Affected Versions OpenPCS 7 versions prior to V9.1 SP2 UC05 SIMATIC BATCH versions prior to V9.1 SP2 UC05 SIMATIC PCS 7 versions prior to V9.1 SP2 UC05 SIMATIC Route Control versions prior to V9.1 SP2 UC05 SIMATIC WinCC Runtime Professional V18 versions prior to V18 Update 4 SIMATIC WinCC Runtime Professional V19 versions prior to V19 Update 2 SIMATIC WinCC V7.4 (all versions) SIMATIC WinCC V7.5 versions prior to V7.5 SP2 Update 15 SIMATIC WinCC V8.0 versions prior to V8.0 Update 4

Description A vulnerability has been identified in the implementation of the RPC (Remote Procedure call) communication protocol in the affected products. The issue is related to errors in handling certain malformed RPC messages and pointer dereferencing errors. This could allow an attacker to cause a denial of service condition in the RPC server.

Recommendations For OpenPCS 7 versions prior to V9.1 SP2 UC05, update to V9.1 SP2 UC05 or later. For SIMATIC BATCH versions prior to V9.1 SP2 UC05, update to V9.1 SP2 UC05 or later. For SIMATIC PCS 7 versions prior to V9.1 SP2 UC05, update to V9.1 SP2 UC05 or later. For SIMATIC Route Control versions prior to V9.1 SP2 UC05, update to V9.1 SP2 UC05 or later. For SIMATIC WinCC Runtime Professional V18 versions prior to V18 Update 4, update to V18 Update 4 or later. For SIMATIC WinCC Runtime Professional V19 versions prior to V19 Update 2, update to V19 Update 2 or later. For SIMATIC WinCC V7.4, consider disabling the RPC communication protocol until a patch is available. For SIMATIC WinCC V7.5 versions prior to V7.5 SP2 Update 15, update to V7.5 SP2 Update 15 or later. For SIMATIC WinCC V8.0 versions prior to V8.0 Update 4, update to V8.0 Update 4 or later.