CVE-2023-48363

Name of the Vulnerable Software and Affected Versions OpenPCS 7 versions prior to V9.1 SP2 UC05 SIMATIC BATCH versions prior to V9.1 SP2 UC05 SIMATIC PCS 7 versions prior to V9.1 SP2 UC05 SIMATIC Route Control versions prior to V9.1 SP2 UC05 SIMATIC WinCC Runtime Professional version V18 through V18 Update 3 SIMATIC WinCC Runtime Professional version V19 through V19 Update 1 SIMATIC WinCC version V7.4 SIMATIC WinCC version V7.5 through V7.5 SP2 Update 14 SIMATIC WinCC version V8.0 through V8.0 Update 3

Description A vulnerability has been identified in the implementation of the RPC communication protocol in the affected products. The issue is related to the improper handling of certain unorganized RPC messages, which could allow an attacker to cause a denial of service condition in the RPC server. The vulnerability is also associated with pointer dereference errors. An attacker could exploit this vulnerability to cause a denial of service.

Recommendations For OpenPCS 7 versions prior to V9.1 SP2 UC05, update to V9.1 SP2 UC05 or later. For SIMATIC BATCH versions prior to V9.1 SP2 UC05, update to V9.1 SP2 UC05 or later. For SIMATIC PCS 7 versions prior to V9.1 SP2 UC05, update to V9.1 SP2 UC05 or later. For SIMATIC Route Control versions prior to V9.1 SP2 UC05, update to V9.1 SP2 UC05 or later. For SIMATIC WinCC Runtime Professional version V18, update to V18 Update 4 or later. For SIMATIC WinCC Runtime Professional version V19, update to V19 Update 2 or later. For SIMATIC WinCC version V7.4, consider disabling the RPC communication protocol until a patch is available. For SIMATIC WinCC version V7.5, update to V7.5 SP2 Update 15 or later. For SIMATIC WinCC version V8.0, update to V8.0 Update 4 or later.