SIMATIC STEP 7 BinaryFormatter Type Confusion (v<Update 7)
CVE-2023-32735 Published on July 9, 2024

A vulnerability has been identified in SIMATIC STEP 7 Safety V16 (All versions < V16 Update 7), SIMATIC STEP 7 Safety V17 (All versions < V17 Update 7), SIMATIC STEP 7 Safety V18 (All versions < V18 Update 2), SIMATIC STEP 7 V16 (All versions < V16 Update 7), SIMATIC STEP 7 V17 (All versions < V17 Update 7), SIMATIC STEP 7 V18 (All versions < V18 Update 2), SIMATIC WinCC Unified V16 (All versions < V16 Update 7), SIMATIC WinCC Unified V17 (All versions < V17 Update 7), SIMATIC WinCC Unified V18 (All versions < V18 Update 2), SIMATIC WinCC V16 (All versions < V16.7), SIMATIC WinCC V17 (All versions < V17.7), SIMATIC WinCC V18 (All versions < V18 Update 2), SIMOCODE ES V16 (All versions < V16 Update 7), SIMOCODE ES V17 (All versions < V17 Update 7), SIMOCODE ES V18 (All versions < V18 Update 2), SIMOTION SCOUT TIA V5.4 SP1 (All versions), SIMOTION SCOUT TIA V5.4 SP3 (All versions), SIMOTION SCOUT TIA V5.5 SP1 (All versions), SINAMICS Startdrive V16 (All versions), SINAMICS Startdrive V17 (All versions), SINAMICS Startdrive V18 (All versions), SIRIUS Safety ES V17 (All versions < V17 Update 7), SIRIUS Safety ES V18 (All versions < V18 Update 2), SIRIUS Soft Starter ES V17 (All versions < V17 Update 7), SIRIUS Soft Starter ES V18 (All versions < V18 Update 2), Soft Starter ES V16 (All versions < V16 Update 7), TIA Portal Cloud V3.0 (All versions < V18 Update 2). Affected applications do not properly restrict the .NET BinaryFormatter when deserializing hardware configuration profiles. This could allow an attacker to cause a type confusion and execute arbitrary code within the affected application. This is the same issue that exists for .NET BinaryFormatter https://docs.microsoft.com/en-us/visualstudio/code-quality/ca2300.

NVD

Weakness Type

What is a Marshaling, Unmarshaling Vulnerability?

The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

CVE-2023-32735 has been classified to as a Marshaling, Unmarshaling vulnerability or weakness.


Products Associated with CVE-2023-32735

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2023-32735 are published in Siemens Simatic Step 7:

Siemens Simatic Step 7
 

Affected Versions

Siemens SIMATIC STEP 7 Safety V16: Siemens SIMATIC STEP 7 Safety V17: Siemens SIMATIC STEP 7 Safety V18: Siemens SIMATIC STEP 7 V16: Siemens SIMATIC STEP 7 V17: Siemens SIMATIC STEP 7 V18: Siemens SIMATIC WinCC Unified V16: Siemens SIMATIC WinCC Unified V17: Siemens SIMATIC WinCC Unified V18: Siemens SIMATIC WinCC V16: Siemens SIMATIC WinCC V17: Siemens SIMATIC WinCC V18: Siemens SIMOCODE ES V16: Siemens SIMOCODE ES V17: Siemens SIMOCODE ES V18: Siemens SIMOTION SCOUT TIA V5.4 SP1: Siemens SIMOTION SCOUT TIA V5.4 SP3: Siemens SIMOTION SCOUT TIA V5.5 SP1: Siemens SINAMICS Startdrive V16: Siemens SINAMICS Startdrive V17: Siemens SINAMICS Startdrive V18: Siemens SIRIUS Safety ES V17: Siemens SIRIUS Safety ES V18: Siemens SIRIUS Soft Starter ES V17: Siemens SIRIUS Soft Starter ES V18: Siemens Soft Starter ES V16: Siemens TIA Portal Cloud V3.0: siemens simatic_step_7_safety: siemens simatic_step_7_safety: siemens simatic_step_7_safety: siemens simatic_step_7: siemens simatic_step_7: siemens simatic_step_7: siemens simatic_wincc_unified: siemens simatic_wincc_unified: siemens simatic_wincc_unified: siemens simatic_wincc: siemens simatic_wincc: siemens simocode_es: siemens simocode_es: siemens simocode_es: siemens simotion_scout_tia: siemens simotion_scout_tia: siemens simotion_scout_tia: siemens sinamics_startdrive: siemens sinamics_startdrive: siemens sirius_safety_es: siemens sirius_safety_es: siemens sirius_soft_starter_es: siemens sirius_soft_starter_es: siemens soft_starter_es: siemens tia_portal_cloud_v3.0:

Exploit Probability

EPSS
0.06%
Percentile
17.90%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.