CVE-2023-48364

🗓️ 13 Feb 2024 08:59:56Reported by siemensType

A vulnerability in multiple SIMATIC products due to improper handling of RPC messages

Reporter	Title	Published	Views	Family All 13
BDU FSTEC	The vulnerability in the implementation of the RPC (Remote Procedure Call) protocol of Siemens’ process control systems such as SIMATIC PCS 7, OpenPCS 7, and Siemens’ SCADA system SIMATIC WinCC allows a attacker to trigger maintenance failures.	15 Apr 202400:00	–	bdu_fstec
Circl	CVE-2023-48364	13 Feb 202410:21	–	circl
CNNVD	Siemens SIMATIC WinCC和Siemens SIMATIC PCS 安全漏洞	13 Feb 202400:00	–	cnnvd
CNVD	Multiple Siemens Products Null Pointer Dereference Vulnerability (CNVD-2024-09314)	21 Feb 202400:00	–	cnvd
Cvelist	CVE-2023-48364	13 Feb 202408:59	–	cvelist
EUVD	EUVD-2023-52418	3 Oct 202520:07	–	euvd
ICS	Siemens SIMATIC WinCC, OpenPCS	13 Feb 202400:00	–	ics
NCSC	Vulnerabilities fixed in Siemens products	13 Feb 202400:00	–	ncsc
NVD	CVE-2023-48364	13 Feb 202409:15	–	nvd
OSV	CVE-2023-48364	13 Feb 202409:15	–	osv

NVD

Node

siemens openpcs_7Range≤9.1

siemens simatic_batchRange≤9.1

siemens simatic_pcs_7Range≤9.1

siemens simatic_route_controlRange≤9.1

siemens simatic_winccMatch7.4

siemens simatic_winccMatch7.5

siemens simatic_winccMatch8.0

siemens simatic_wincc_runtime_professionalRange≤18

siemens simatic_wincc_runtime_professionalMatch19

[
  {
    "vendor": "Siemens",
    "product": "OpenPCS 7 V9.1",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V9.1 SP2 UC05"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMATIC BATCH V9.1",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V9.1 SP2 UC05"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMATIC PCS 7 V9.1",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V9.1 SP2 UC05",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMATIC Route Control V9.1",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V9.1 SP2 UC05"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMATIC WinCC Runtime Professional V18",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V18 Update 4",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMATIC WinCC Runtime Professional V19",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V19 Update 2",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMATIC WinCC V7.4",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "*",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMATIC WinCC V7.5",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V7.5 SP2 Update 15",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMATIC WinCC V8.0",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V8.0 Update 4",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  }
]

Source	Link
cert-portal	www.cert-portal.siemens.com/productcert/html/ssa-753746.html

21 Nov 2024 08:31Current

6.2Medium risk

Vulners AI Score6.2

CVSS 3.16.5

CVSS 47.1

EPSS0.00075

SSVC

CWE-476

vulnerability simatic openpcs 7 simatic batch simatic pcs 7 denial of service nvd rpc protocol