CVE-2023-32735

Name of the Vulnerable Software and Affected Versions: SIMATIC STEP 7 Safety versions prior to V16 Update 7 SIMATIC STEP 7 Safety versions prior to V17 Update 7 SIMATIC STEP 7 Safety versions prior to V18 Update 2 SIMATIC STEP 7 versions prior to V16 Update 7 SIMATIC STEP 7 versions prior to V17 Update 7 SIMATIC STEP 7 versions prior to V18 Update 2 SIMATIC WinCC Unified versions prior to V16 Update 7 SIMATIC WinCC Unified versions prior to V17 Update 7 SIMATIC WinCC Unified versions prior to V18 Update 2 SIMATIC WinCC versions prior to V16.7 SIMATIC WinCC versions prior to V17.7 SIMATIC WinCC versions prior to V18 Update 2 SIMOCODE ES versions prior to V16 Update 7 SIMOCODE ES versions prior to V17 Update 7 SIMOCODE ES versions prior to V18 Update 2 SIMOTION SCOUT TIA V5.4 SP1 SIMOTION SCOUT TIA V5.4 SP3 SIMOTION SCOUT TIA V5.5 SP1 SINAMICS Startdrive versions prior to V16 Update 7 SINAMICS Startdrive versions prior to V17 Update 7 SINAMICS Startdrive versions prior to V18 Update 2 SIRIUS Safety ES versions prior to V17 Update 7 SIRIUS Safety ES versions prior to V18 Update 2 SIRIUS Soft Starter ES versions prior to V17 Update 7 SIRIUS Soft Starter ES versions prior to V18 Update 2 Soft Starter ES versions prior to V16 Update 7 TIA Portal Cloud V3.0 versions prior to V18 Update 2

Description: The issue is related to the deserialization mechanism in the Configuration Handler component of the Totally Integrated Automation Portal (TIA Portal) software. Affected applications do not properly restrict the .NET BinaryFormatter when deserializing hardware configuration profiles, which could allow an attacker to cause a type confusion and execute arbitrary code within the affected application.

Recommendations: For SIMATIC STEP 7 Safety versions prior to V16 Update 7, update to V16 Update 7 or later. For SIMATIC STEP 7 Safety versions prior to V17 Update 7, update to V17 Update 7 or later. For SIMATIC STEP 7 Safety versions prior to V18 Update 2, update to V18 Update 2 or later. For SIMATIC STEP 7 versions prior to V16 Update 7, update to V16 Update 7 or later. For SIMATIC STEP 7 versions prior to V17 Update 7, update to V17 Update 7 or later. For SIMATIC STEP 7 versions prior to V18 Update 2, update to V18 Update 2 or later. For SIMATIC WinCC Unified versions prior to V16 Update 7, update to V16 Update 7 or later. For SIMATIC WinCC Unified versions prior to V17 Update 7, update to V17 Update 7 or later. For SIMATIC WinCC Unified versions prior to V18 Update 2, update to V18 Update 2 or later. For SIMATIC WinCC versions prior to V16.7, update to V16.7 or later. For SIMATIC WinCC versions prior to V17.7, update to V17.7 or later. For SIMATIC WinCC versions prior to V18 Update 2, update to V18 Update 2 or later. For SIMOCODE ES versions prior to V16 Update 7, update to V16 Update 7 or later. For SIMOCODE ES versions prior to V17 Update 7, update to V17 Update 7 or later. For SIMOCODE ES versions prior to V18 Update 2, update to V18 Update 2 or later. For SIMOTION SCOUT TIA V5.4 SP1, update to a newer version that contains a fix for this issue. For SIMOTION SCOUT TIA V5.4 SP3, update to a newer version that contains a fix for this issue. For SIMOTION SCOUT TIA V5.5 SP1, update to a newer version that contains a fix for this issue. For SINAMICS Startdrive versions prior to V16 Update 7, update to V16 Update 7 or later. For SINAMICS Startdrive versions prior to V17 Update 7, update to V17 Update 7 or later. For SINAMICS Startdrive versions prior to V18 Update 2, update to V18 Update 2 or later. For SIRIUS Safety ES versions prior to V17 Update 7, update to V17 Update 7 or later. For SIRIUS Safety ES versions prior to V18 Update 2, update to V18 Update 2 or later. For SIRIUS Soft Starter ES versions prior to V17 Update 7, update to V17 Update 7 or later. For SIRIUS Soft Starter ES versions prior to V18 Update 2, update to V18 Update 2 or later. For Soft Starter ES versions prior to V16 Update 7, update to V16 Update 7 or later. For TIA Portal Cloud V3.0 versions prior to V18 Update 2, update to V18 Update 2 or later.