PT-2024-3810 · Siemens · Simatic Net Pc+17
Byunghyun Kang
+5
·
Published
2024-05-14
·
Updated
2024-12-10
·
CVE-2023-46280
CVSS v3.1
6.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Security Configuration Tool (SCT) versions prior to V5.0 SP2
SIMATIC Automation Tool versions prior to V5.0 SP2
SIMATIC BATCH V9.1 versions prior to V9.1 SP2 Upd5
SIMATIC NET PC Software V16 versions prior to V16 Update 8
SIMATIC NET PC Software V17 versions prior to the latest version
SIMATIC NET PC Software V18 versions prior to V18 SP1
SIMATIC NET PC Software V19 versions prior to V19 Update 2
SIMATIC PCS 7 V9.1 versions prior to V9.1 SP2 UC05
SIMATIC PDM V9.2 versions prior to V9.2 SP2 Upd3
SIMATIC Route Control V9.1 versions prior to V9.1 SP2 Upd3
SIMATIC S7-PCT versions prior to V3.5 SP3 Update 6
SIMATIC STEP 7 V5 versions prior to V5.7 SP3
SIMATIC WinCC OA V3.17 versions prior to the latest version
SIMATIC WinCC OA V3.18 versions prior to V3.18 P025
SIMATIC WinCC OA V3.19 versions prior to V3.19 P010
SIMATIC WinCC Runtime Advanced versions prior to V17 Update 8
SIMATIC WinCC Runtime Professional V16 versions prior to V16 Update 6
SIMATIC WinCC Runtime Professional V17 versions prior to V17 Update 8
SIMATIC WinCC Runtime Professional V18 versions prior to V18 Update 4
SIMATIC WinCC Runtime Professional V19 versions prior to V19 Update 2
SIMATIC WinCC V7.4 versions prior to the latest version
SIMATIC WinCC V7.5 versions prior to V7.5 SP2 Update 17
SIMATIC WinCC V8.0 versions prior to V8.0 Update 5
SINAMICS Startdrive versions prior to V19 SP1
SINEC NMS versions prior to V3.0 SP1
SINUMERIK ONE virtual versions prior to V6.23
SINUMERIK PLC Programming Tool versions prior to V3.3.12
TIA Portal Cloud Connector versions prior to V2.0
Totally Integrated Automation Portal (TIA Portal) V15.1 versions prior to the latest version
Totally Integrated Automation Portal (TIA Portal) V16 versions prior to the latest version
Totally Integrated Automation Portal (TIA Portal) V17 versions prior to V17 Update 8
Totally Integrated Automation Portal (TIA Portal) V18 versions prior to V18 Update 4
Totally Integrated Automation Portal (TIA Portal) V19 versions prior to V19 Update 2
Description
The issue is related to an out of bounds read vulnerability in the affected applications. This could allow an attacker to cause a Blue Screen of Death (BSOD) crash of the underlying Windows kernel. The vulnerability is associated with reading beyond the boundaries of memory, which may lead to a denial of service.
Recommendations
For Security Configuration Tool (SCT) versions prior to V5.0 SP2, update to V5.0 SP2 or later.
For SIMATIC Automation Tool versions prior to V5.0 SP2, update to V5.0 SP2 or later.
For SIMATIC BATCH V9.1 versions prior to V9.1 SP2 Upd5, update to V9.1 SP2 Upd5 or later.
For SIMATIC NET PC Software V16 versions prior to V16 Update 8, update to V16 Update 8 or later.
For SIMATIC NET PC Software V17, update to the latest version.
For SIMATIC NET PC Software V18 versions prior to V18 SP1, update to V18 SP1 or later.
For SIMATIC NET PC Software V19 versions prior to V19 Update 2, update to V19 Update 2 or later.
For SIMATIC PCS 7 V9.1 versions prior to V9.1 SP2 UC05, update to V9.1 SP2 UC05 or later.
For SIMATIC PDM V9.2 versions prior to V9.2 SP2 Upd3, update to V9.2 SP2 Upd3 or later.
For SIMATIC Route Control V9.1 versions prior to V9.1 SP2 Upd3, update to V9.1 SP2 Upd3 or later.
For SIMATIC S7-PCT versions prior to V3.5 SP3 Update 6, update to V3.5 SP3 Update 6 or later.
For SIMATIC STEP 7 V5 versions prior to V5.7 SP3, update to V5.7 SP3 or later.
For SIMATIC WinCC OA V3.17, update to the latest version.
For SIMATIC WinCC OA V3.18 versions prior to V3.18 P025, update to V3.18 P025 or later.
For SIMATIC WinCC OA V3.19 versions prior to V3.19 P010, update to V3.19 P010 or later.
For SIMATIC WinCC Runtime Advanced versions prior to V17 Update 8, update to V17 Update 8 or later.
For SIMATIC WinCC Runtime Professional V16 versions prior to V16 Update 6, update to V16 Update 6 or later.
For SIMATIC WinCC Runtime Professional V17 versions prior to V17 Update 8, update to V17 Update 8 or later.
For SIMATIC WinCC Runtime Professional V18 versions prior to V18 Update 4, update to V18 Update 4 or later.
For SIMATIC WinCC Runtime Professional V19 versions prior to V19 Update 2, update to V19 Update 2 or later.
For SIMATIC WinCC V7.4, update to the latest version.
For SIMATIC WinCC V7.5 versions prior to V7.5 SP2 Update 17, update to V7.5 SP2 Update 17 or later.
For SIMATIC WinCC V8.0 versions prior to V8.0 Update 5, update to V8.0 Update 5 or later.
For SINAMICS Startdrive versions prior to V19 SP1, update to V19 SP1 or later.
For SINEC NMS versions prior to V3.0 SP1, update to V3.0 SP1 or later.
For SINUMERIK ONE virtual versions prior to V6.23, update to V6.23 or later.
For SINUMERIK PLC Programming Tool versions prior to V3.3.12, update to V3.3.12 or later.
For TIA Portal Cloud Connector versions prior to V2.0, update to V2.0 or later.
For Totally Integrated Automation Portal (TIA Portal) V15.1, update to the latest version.
For Totally Integrated Automation Portal (TIA Portal) V16, update to the latest version.
For Totally Integrated Automation Portal (TIA Portal) V17 versions prior to V17 Update 8, update to V17 Update 8 or later.
For Totally Integrated Automation Portal (TIA Portal) V18 versions prior to V18 Update 4, update to V18 Update 4 or later.
For Totally Integrated Automation Portal (TIA Portal) V19 versions prior to V19 Update 2, update to V19 Update 2 or later.
Fix
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Simatic Automation Tool
Simatic Batch
Simatic Net Pc
Simatic Pcs 7
Simatic Pdm
Simatic Route Control
Simatic Pcs7
Simatic Step 7
Simatic Wincc
Simatic Wincc Runtime Advanced
Simatic Wincc Runtime Professional
Sinamics Startdrive
Sinec Nms
Sinumerik One
Sinumerik Plc Programming Tool
Security Configuration Tool
Tia Portal Cloud Connector
Totally Integrated Automation Portal