Denial of service in Siemens SIMATIC Products



Risk Medium
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2023-28831
CWE-ID CWE-190
Exploitation vector Network
Public exploit N/A
Vulnerable software
 SIMATIC S7-1200 CPU family
Hardware solutions / Firmware

SIMATIC S7-1500 Software Controller V3
Hardware solutions / Firmware

SIMATIC S7-1500 CPU 1511-1 PN
Hardware solutions / Firmware

SIMATIC S7-1500 CPU 1511C-1 PN
Hardware solutions / Firmware

SIMATIC S7-1500 CPU 1511F-1 PN
Hardware solutions / Firmware

SIMATIC S7-1500 CPU 1511T-1 PN
Hardware solutions / Firmware

SIMATIC S7-1500 CPU 1511TF-1 PN
Hardware solutions / Firmware

SIMATIC S7-1500 CPU 1512C-1 PN
Hardware solutions / Firmware

SIMATIC S7-1500 CPU 1512SP F-1 PN
Hardware solutions / Firmware

SIMATIC S7-1500 CPU 1512SP-1 PN
Hardware solutions / Firmware

SIMATIC S7-1500 CPU 1513-1 PN
Hardware solutions / Firmware

SIMATIC S7-1500 CPU 1513F-1 PN
Hardware solutions / Firmware

SIMATIC S7-1500 CPU 1513R-1 PN
Hardware solutions / Firmware

SIMATIC S7-1500 CPU 1514SP F-2 PN
Hardware solutions / Firmware

SIMATIC S7-1500 CPU 1514SP-2 PN
Hardware solutions / Firmware

SIMATIC S7-1500 CPU 1514SPT F-2 PN
Hardware solutions / Firmware

SIMATIC S7-1500 CPU 1514SPT-2 PN
Hardware solutions / Firmware

SIMATIC S7-1500 CPU 1515-2 PN
Hardware solutions / Firmware

SIMATIC S7-1500 CPU 1515F-2 PN
Hardware solutions / Firmware

SIMATIC S7-1500 CPU 1515R-2 PN
Hardware solutions / Firmware

SIMATIC S7-1500 CPU 1515T-2 PN
Hardware solutions / Firmware

SIMATIC S7-1500 CPU 1515TF-2 PN
Hardware solutions / Firmware

SIMATIC S7-1500 CPU 1516-3 PN/DP
Hardware solutions / Firmware

SIMATIC S7-1500 CPU 1516F-3 PN/DP
Hardware solutions / Firmware

SIMATIC S7-1500 CPU 1516T-3 PN/DP
Hardware solutions / Firmware

SIMATIC S7-1500 CPU 1516TF-3 PN/DP
Hardware solutions / Firmware

SIMATIC S7-1500 CPU 1517-3 PN/DP
Hardware solutions / Firmware

SIMATIC S7-1500 CPU 1517F-3 PN/DP
Hardware solutions / Firmware

SIMATIC S7-1500 CPU 1517H-3 PN
Hardware solutions / Firmware

SIMATIC S7-1500 CPU 1517T-3 PN/DP
Hardware solutions / Firmware

SIMATIC S7-1500 CPU 1517TF-3 PN/DP
Hardware solutions / Firmware

SIMATIC S7-1500 CPU 1518-4 PN/DP
Hardware solutions / Firmware

SIMATIC S7-1500 CPU 1518-4 PN/DP MFP
Hardware solutions / Firmware

SIMATIC S7-1500 CPU 1518F-4 PN/DP
Hardware solutions / Firmware

SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP
Hardware solutions / Firmware

SIMATIC S7-1500 CPU 1518HF-4 PN
Hardware solutions / Firmware

SIMATIC S7-1500 CPU 1518T-4 PN/DP
Hardware solutions / Firmware

SIMATIC S7-1500 CPU 1518TF-4 PN/DP
Hardware solutions / Firmware

SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODK
Hardware solutions / Firmware

SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODK
Hardware solutions / Firmware

SIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PN
Hardware solutions / Firmware

SIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PN
Hardware solutions / Firmware

SIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PN
Hardware solutions / Firmware

SIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PN
Hardware solutions / Firmware

SIMATIC S7-1500 Software Controller V2
Hardware solutions / Firmware

SIPLUS ET 200SP CPU 1510SP F-1 PN
Hardware solutions / Firmware

SIPLUS ET 200SP CPU 1510SP F-1 PN RAIL
Hardware solutions / Firmware

SIPLUS ET 200SP CPU 1510SP-1 PN
Hardware solutions / Firmware

SIPLUS ET 200SP CPU 1510SP-1 PN RAIL
Hardware solutions / Firmware

SIPLUS ET 200SP CPU 1512SP F-1 PN
Hardware solutions / Firmware

SIPLUS ET 200SP CPU 1512SP F-1 PN RAIL
Hardware solutions / Firmware

SIPLUS ET 200SP CPU 1512SP-1 PN
Hardware solutions / Firmware

SIPLUS ET 200SP CPU 1512SP-1 PN RAIL
Hardware solutions / Firmware

SIPLUS S7-1500 CPU 1511-1 PN
Hardware solutions / Firmware

SIPLUS S7-1500 CPU 1511-1 PN T1 RAIL
Hardware solutions / Firmware

SIPLUS S7-1500 CPU 1511-1 PN TX RAIL
Hardware solutions / Firmware

SIPLUS S7-1500 CPU 1511F-1 PN
Hardware solutions / Firmware

SIPLUS S7-1500 CPU 1513-1 PN
Hardware solutions / Firmware

SIPLUS S7-1500 CPU 1513F-1 PN
Hardware solutions / Firmware

SIPLUS S7-1500 CPU 1515F-2 PN
Hardware solutions / Firmware

SIPLUS S7-1500 CPU 1515F-2 PN RAIL
Hardware solutions / Firmware

SIPLUS S7-1500 CPU 1515F-2 PN T2 RAIL
Hardware solutions / Firmware

SIPLUS S7-1500 CPU 1515R-2 PN
Hardware solutions / Firmware

SIPLUS S7-1500 CPU 1515R-2 PN TX RAIL
Hardware solutions / Firmware

SIPLUS S7-1500 CPU 1516-3 PN/DP
Hardware solutions / Firmware

SIPLUS S7-1500 CPU 1516-3 PN/DP RAIL
Hardware solutions / Firmware

SIPLUS S7-1500 CPU 1516-3 PN/DP TX RAIL
Hardware solutions / Firmware

SIPLUS S7-1500 CPU 1516F-3 PN/DP
Hardware solutions / Firmware

SIPLUS S7-1500 CPU 1516F-3 PN/DP RAIL
Hardware solutions / Firmware

SIPLUS S7-1500 CPU 1517H-3 PN
Hardware solutions / Firmware

SIPLUS S7-1500 CPU 1518-4 PN/DP
Hardware solutions / Firmware

SIPLUS S7-1500 CPU 1518-4 PN/DP MFP
Hardware solutions / Firmware

SIPLUS S7-1500 CPU 1518F-4 PN/DP
Hardware solutions / Firmware

SIPLUS S7-1500 CPU 1518HF-4 PN
Hardware solutions / Firmware

SIMATIC Drive Controller CPU 1504D TF
Hardware solutions / Firmware

SIMATIC Drive Controller CPU 1507D TF
Hardware solutions / Firmware

SIMATIC S7-1500 CPU 1510SP F-1 PN
Hardware solutions / Firmware

SIMATIC S7-1500 CPU 1510SP-1 PN
Hardware solutions / Firmware

SIMATIC S7-PLCSIM Advanced
Server applications / SCADA systems

SIMATIC ET 200SP Open Controller CPU 1515SP PC2
Server applications / SCADA systems

SIMATIC Cloud Connect 7 CC712
Other software / Other software solutions

SIMATIC Cloud Connect 7 CC716
Other software / Other software solutions

Vendor Siemens

Security Bulletin

This security bulletin contains one medium risk vulnerability.

1) Integer overflow

EUVDB-ID: #VU80852

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-28831

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to integer overflow in the ANSI C OPC UA SDK. A remote attacker can pass specially crafted data to the application, trigger integer overflow and cause a denial of service condition on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

SIMATIC S7-1200 CPU family: All versions

SIMATIC S7-1500 Software Controller V3: All versions

SIMATIC S7-PLCSIM Advanced: All versions

SIMATIC ET 200SP Open Controller CPU 1515SP PC2: before 21.9.7

SIMATIC S7-1500 CPU 1511-1 PN: before 2.9.7

SIMATIC S7-1500 CPU 1511C-1 PN: before 2.9.7

SIMATIC S7-1500 CPU 1511F-1 PN: before 2.9.7

SIMATIC S7-1500 CPU 1511T-1 PN: before 2.9.7

SIMATIC S7-1500 CPU 1511TF-1 PN: before 2.9.7

SIMATIC S7-1500 CPU 1512C-1 PN: before 2.9.7

SIMATIC S7-1500 CPU 1512SP F-1 PN: before 2.9.7

SIMATIC S7-1500 CPU 1512SP-1 PN: before 2.9.7

SIMATIC S7-1500 CPU 1513-1 PN: before 2.9.7

SIMATIC S7-1500 CPU 1513F-1 PN: before 2.9.7

SIMATIC S7-1500 CPU 1513R-1 PN: before 2.9.7

SIMATIC S7-1500 CPU 1514SP F-2 PN: before 3.0.3

SIMATIC S7-1500 CPU 1514SP-2 PN: before 3.0.3

SIMATIC S7-1500 CPU 1514SPT F-2 PN: before 3.0.3

SIMATIC S7-1500 CPU 1514SPT-2 PN: before 3.0.3

SIMATIC S7-1500 CPU 1515-2 PN: before 2.9.7

SIMATIC S7-1500 CPU 1515F-2 PN: before 2.9.7

SIMATIC S7-1500 CPU 1515R-2 PN: before 2.9.7

SIMATIC S7-1500 CPU 1515T-2 PN: before 2.9.7

SIMATIC S7-1500 CPU 1515TF-2 PN: before 2.9.7

SIMATIC S7-1500 CPU 1516-3 PN/DP: before 2.9.7

SIMATIC S7-1500 CPU 1516F-3 PN/DP: before 2.9.7

SIMATIC S7-1500 CPU 1516T-3 PN/DP: before 3.0.3

SIMATIC S7-1500 CPU 1516TF-3 PN/DP: before 3.0.3

SIMATIC S7-1500 CPU 1517-3 PN/DP: before 3.0.3

SIMATIC S7-1500 CPU 1517F-3 PN/DP: before 3.0.3

SIMATIC S7-1500 CPU 1517H-3 PN: before 3.0.3

SIMATIC S7-1500 CPU 1517T-3 PN/DP: before 3.0.3

SIMATIC S7-1500 CPU 1517TF-3 PN/DP: before 3.0.3

SIMATIC S7-1500 CPU 1518-4 PN/DP: before 3.0.3

SIMATIC S7-1500 CPU 1518-4 PN/DP MFP: before 3.0.3

SIMATIC S7-1500 CPU 1518F-4 PN/DP: before 3.0.3

SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP: before 3.0.3

SIMATIC S7-1500 CPU 1518HF-4 PN: before 3.0.3

SIMATIC S7-1500 CPU 1518T-4 PN/DP: before 3.0.3

SIMATIC S7-1500 CPU 1518TF-4 PN/DP: before 3.0.3

SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODK: before 2.9.7

SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODK: before 2.9.7

SIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PN: before 2.9.7

SIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PN: before 2.9.7

SIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PN: before 2.9.7

SIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PN: before 2.9.7

SIMATIC S7-1500 Software Controller V2: before 21.9.7

SIPLUS ET 200SP CPU 1510SP F-1 PN: before 2.9.7

SIPLUS ET 200SP CPU 1510SP F-1 PN RAIL: before 2.9.7

SIPLUS ET 200SP CPU 1510SP-1 PN: before 2.9.7

SIPLUS ET 200SP CPU 1510SP-1 PN RAIL: before 2.9.7

SIPLUS ET 200SP CPU 1512SP F-1 PN: before 2.9.7

SIPLUS ET 200SP CPU 1512SP F-1 PN RAIL: before 2.9.7

SIPLUS ET 200SP CPU 1512SP-1 PN: before 2.9.7

SIPLUS ET 200SP CPU 1512SP-1 PN RAIL: before 2.9.7

SIPLUS S7-1500 CPU 1511-1 PN: before 2.9.7

SIPLUS S7-1500 CPU 1511-1 PN T1 RAIL: before 2.9.7

SIPLUS S7-1500 CPU 1511-1 PN TX RAIL: before 2.9.7

SIPLUS S7-1500 CPU 1511F-1 PN: before 2.9.7

SIPLUS S7-1500 CPU 1513-1 PN: before 2.9.7

SIPLUS S7-1500 CPU 1513F-1 PN: before 2.9.7

SIPLUS S7-1500 CPU 1515F-2 PN: before 2.9.7

SIPLUS S7-1500 CPU 1515F-2 PN RAIL: before 2.9.7

SIPLUS S7-1500 CPU 1515F-2 PN T2 RAIL: before 2.9.7

SIPLUS S7-1500 CPU 1515R-2 PN: before 2.9.7

SIPLUS S7-1500 CPU 1515R-2 PN TX RAIL: before 2.9.7

SIPLUS S7-1500 CPU 1516-3 PN/DP: before 2.9.7

SIPLUS S7-1500 CPU 1516-3 PN/DP RAIL: before 2.9.7

SIPLUS S7-1500 CPU 1516-3 PN/DP TX RAIL: before 2.9.7

SIPLUS S7-1500 CPU 1516F-3 PN/DP: before 2.9.7

SIPLUS S7-1500 CPU 1516F-3 PN/DP RAIL: before 2.9.7

SIPLUS S7-1500 CPU 1517H-3 PN: before 3.0.3

SIPLUS S7-1500 CPU 1518-4 PN/DP: before 3.0.3

SIPLUS S7-1500 CPU 1518-4 PN/DP MFP: before 3.0.3

SIPLUS S7-1500 CPU 1518F-4 PN/DP: before 3.0.3

SIPLUS S7-1500 CPU 1518HF-4 PN: before 3.0.3

SIMATIC Cloud Connect 7 CC712: before 2.2

SIMATIC Cloud Connect 7 CC716: before 2.2

SIMATIC Drive Controller CPU 1504D TF: before 2.9.7

SIMATIC Drive Controller CPU 1507D TF: before 2.9.7

SIMATIC S7-1500 CPU 1510SP F-1 PN: before 2.9.7

SIMATIC S7-1500 CPU 1510SP-1 PN: before 2.9.7

CPE2.3 External links

https://cert-portal.siemens.com/productcert/pdf/ssa-711309.pdf


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###