Out-of-bounds in Siemens SIMATIC Tools < V5.0 SP2 causes BSOD
CVE-2023-46280 Published on May 14, 2024

A vulnerability has been identified in Security Configuration Tool (SCT) (All versions), SIMATIC Automation Tool (All versions < V5.0 SP2), SIMATIC BATCH V9.1 (All versions < V9.1 SP2 Upd5), SIMATIC NET PC Software V16 (All versions < V16 Update 8), SIMATIC NET PC Software V17 (All versions), SIMATIC NET PC Software V18 (All versions < V18 SP1), SIMATIC NET PC Software V19 (All versions < V19 Update 2), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC PDM V9.2 (All versions < V9.2 SP2 Upd3), SIMATIC Route Control V9.1 (All versions < V9.1 SP2 Upd3), SIMATIC S7-PCT (All versions < V3.5 SP3 Update 6), SIMATIC STEP 7 V5 (All versions < V5.7 SP3), SIMATIC WinCC OA V3.17 (All versions), SIMATIC WinCC OA V3.18 (All versions < V3.18 P025), SIMATIC WinCC OA V3.19 (All versions < V3.19 P010), SIMATIC WinCC Runtime Advanced (All versions < V17 Update 8), SIMATIC WinCC Runtime Professional V16 (All versions < V16 Update 6), SIMATIC WinCC Runtime Professional V17 (All versions < V17 Update 8), SIMATIC WinCC Runtime Professional V18 (All versions < V18 Update 4), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 2), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 17), SIMATIC WinCC V8.0 (All versions < V8.0 Update 5), SINAMICS Startdrive (All versions < V19 SP1), SINEC NMS (All versions < V3.0), SINUMERIK ONE virtual (All versions < V6.23), SINUMERIK PLC Programming Tool (All versions < V3.3.12), TIA Portal Cloud Connector (All versions < V2.0), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 4), Totally Integrated Automation Portal (TIA Portal) V19 (All versions < V19 Update 2), SINEC NMS (All versions < V3.0 SP1). The affected applications contain an out of bounds read vulnerability. This could allow an attacker to cause a Blue Screen of Death (BSOD) crash of the underlying Windows kernel.

NVD

Weakness Type

Out-of-bounds Read

The software reads data past the end, or before the beginning, of the intended buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash. A crash can occur when the code reads a variable amount of data and assumes that a sentinel exists to stop the read operation, such as a NUL in a string. The expected sentinel might not be located in the out-of-bounds memory, causing excessive data to be read, leading to a segmentation fault or a buffer overflow. The software may modify an index or perform pointer arithmetic that references a memory location that is outside of the boundaries of the buffer. A subsequent read operation then produces undefined or unexpected results.

Products Associated with CVE-2023-46280

Want to know whenever a new CVE is published for Siemens products? stack.watch will email you.

Siemens Simatic Pcs 7

Siemens Simatic Step 7

Siemens Simatic Wincc

Siemens Simatic Wincc Runtime Advanced

Siemens Sinec Nms

Siemens Totally Integrated Automation Portal

Affected Versions

Siemens Security Configuration Tool (SCT):

Before * is affected.

Siemens SIMATIC Automation Tool:

Before V5.0 SP2 is affected.

Siemens SIMATIC BATCH V9.1:

Before V9.1 SP2 Upd5 is affected.

Siemens SIMATIC NET PC Software V16:

Before V16 Update 8 is affected.

Siemens SIMATIC NET PC Software V17:

Before * is affected.

Siemens SIMATIC NET PC Software V18:

Before V18 SP1 is affected.

Siemens SIMATIC NET PC Software V19:

Before V19 Update 2 is affected.

Siemens SIMATIC PCS 7 V9.1:

Before V9.1 SP2 UC05 is affected.

Siemens SIMATIC PDM V9.2:

Before V9.2 SP2 Upd3 is affected.

Siemens SIMATIC Route Control V9.1:

Before V9.1 SP2 Upd3 is affected.

Siemens SIMATIC S7-PCT:

Before V3.5 SP3 Update 6 is affected.

Siemens SIMATIC STEP 7 V5:

Before V5.7 SP3 is affected.

Siemens SIMATIC WinCC OA V3.17:

Before * is affected.

Siemens SIMATIC WinCC OA V3.18:

Before V3.18 P025 is affected.

Siemens SIMATIC WinCC OA V3.19:

Before V3.19 P010 is affected.

Siemens SIMATIC WinCC Runtime Advanced:

Before V17 Update 8 is affected.

Siemens SIMATIC WinCC Runtime Professional V16:

Before V16 Update 6 is affected.

Siemens SIMATIC WinCC Runtime Professional V17:

Before V17 Update 8 is affected.

Siemens SIMATIC WinCC Runtime Professional V18:

Before V18 Update 4 is affected.

Siemens SIMATIC WinCC Runtime Professional V19:

Before V19 Update 2 is affected.

Siemens SIMATIC WinCC V7.4:

Before * is affected.

Siemens SIMATIC WinCC V7.5:

Before V7.5 SP2 Update 17 is affected.

Siemens SIMATIC WinCC V8.0:

Before V8.0 Update 5 is affected.

Siemens SINAMICS Startdrive:

Before V19 SP1 is affected.

Siemens SINEC NMS:

Before V3.0 is affected.

Siemens SINUMERIK ONE virtual:

Before V6.23 is affected.

Siemens SINUMERIK PLC Programming Tool:

Before V3.3.12 is affected.

Siemens TIA Portal Cloud Connector:

Before V2.0 is affected.

Siemens Totally Integrated Automation Portal (TIA Portal) V15.1:

Before * is affected.

Siemens Totally Integrated Automation Portal (TIA Portal) V16:

Before * is affected.

Siemens Totally Integrated Automation Portal (TIA Portal) V17:

Before V17 Update 8 is affected.

Siemens Totally Integrated Automation Portal (TIA Portal) V18:

Before V18 Update 4 is affected.

Siemens Totally Integrated Automation Portal (TIA Portal) V19:

Before V19 Update 2 is affected.

Siemens SINEC NMS:

Before V3.0 SP1 is affected.

Exploit Probability

EPSS

0.05%

Percentile

15.55%