Lucene search
China National Vulnerability DatabaseCNVD-2023-75576HistoryOct 11, 2023 - 12:00 a.m.
Siemens SIMATIC CP Device Improper Access Control Vulnerability
2023-10-1100:00:00
China National Vulnerability Database
www.cnvd.org.cn
4
siemens
simatic
cp
devices
dma
vulnerability
improper access control
The SIMATIC CP 1623, CP 1626 and CP 1628 are PCI express cards for connection to industrial Ethernet. the SIMATIC CP 1604 and CP 1616 are PCI/PCI-104 cards for the connection of field devices to PROFINET industrial Ethernet. The Siemens SIMATIC CP devices suffer from an Improper Access Control vulnerability due to the kernel memory of the affected devices being exposed in user mode via Direct Memory Access (DMA), which can be exploited by an attacker to execute arbitrary code on the host system without any restrictions.
Related
cvelist
cvelist
CVE-2023-37194
2023-10-10 10:21:22
nvd
nvd
CVE-2023-37194
2023-10-10 11:15:11
prion
prion
Design/Logic Flaw
2023-10-10 11:15:00
cve
cve
CVE-2023-37194
2023-10-10 11:15:11
nessus
nessus
Siemens SIMATIC CP products Improper Access Control (CVE-2023-37194)
2024-02-20 00:00:00
ics
ics
Siemens SIMATIC CP products
2023-10-12 12:00:00