CVE-2023-52891

Name of the Vulnerable Software and Affected Versions: SIMATIC Energy Manager Basic versions prior to V7.5 SIMATIC Energy Manager PRO versions prior to V7.5 SIMATIC IPC DiagBase (affected versions not specified) SIMATIC IPC DiagMonitor (affected versions not specified) SIMIT V10 (affected versions not specified) SIMIT V11 versions prior to V11.1 Unified Automation .NET based OPC UA Server SDK versions prior to 3.2.2

Description: A vulnerability has been identified that may lead to high load situations and memory exhaustion, potentially blocking the server. The issue is related to improper management of sequential memory allocation. Exploitation of this vulnerability may allow an attacker to cause a denial of service.

Recommendations: For SIMATIC Energy Manager Basic versions prior to V7.5, update to version V7.5 or later. For SIMATIC Energy Manager PRO versions prior to V7.5, update to version V7.5 or later. For SIMIT V11 versions prior to V11.1, update to version V11.1 or later. For Unified Automation .NET based OPC UA Server SDK versions prior to 3.2.2, update to version 3.2.2 or later. At the moment, there is no information about a newer version that contains a fix for SIMATIC IPC DiagBase, SIMATIC IPC DiagMonitor, and SIMIT V10.