CVE-2023-50821

Name of the Vulnerable Software and Affected Versions SIMATIC PCS 7 versions prior to V9.1 SP2 UC04 SIMATIC WinCC Runtime Professional versions prior to V17 Update 8 SIMATIC WinCC Runtime Professional versions prior to V18 Update 4 SIMATIC WinCC Runtime Professional versions prior to V19 Update 1 SIMATIC WinCC versions prior to V7.5 SP2 Update 16 SIMATIC WinCC versions prior to V8.0 Update 5

Description The issue is related to improper input validation in the login dialog box, which could allow an attacker to cause a persistent denial of service condition. Additionally, the vulnerability is associated with a buffer copy without checking the size of the input data, potentially enabling an attacker to trigger a denial of service.

Recommendations For SIMATIC PCS 7 versions prior to V9.1 SP2 UC04, update to V9.1 SP2 UC04 or later. For SIMATIC WinCC Runtime Professional versions prior to V17 Update 8, update to V17 Update 8 or later. For SIMATIC WinCC Runtime Professional versions prior to V18 Update 4, update to V18 Update 4 or later. For SIMATIC WinCC Runtime Professional versions prior to V19 Update 1, update to V19 Update 1 or later. For SIMATIC WinCC versions prior to V7.5 SP2 Update 16, update to V7.5 SP2 Update 16 or later. For SIMATIC WinCC versions prior to V8.0 Update 5, update to V8.0 Update 5 or later.