CVE-2023-48364 — MEDIUM (6.5)

Q: How severe is CVE-2023-48364?

CVE-2023-48364 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-48364?

Check the references section above for vendor advisories and patch information. Affected products include: Siemens Openpcs 7, Siemens Simatic Batch, Siemens Simatic Pcs 7, Siemens Simatic Route Control, Siemens Simatic Wincc.

Vulnerability Description

A vulnerability has been identified in OpenPCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC BATCH V9.1 (All versions < V9.1 SP2 UC05), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC Route Control V9.1 (All versions < V9.1 SP2 UC05), SIMATIC WinCC Runtime Professional V18 (All versions < V18 Update 4), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 2), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 15), SIMATIC WinCC V8.0 (All versions < V8.0 Update 4). The implementation of the RPC (Remote Procedure call) communication protocol in the affected products do not properly handle certain malformed RPC messages. An attacker could use this vulnerability to cause a denial of service condition in the RPC server.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Siemens	Openpcs 7	<= 9.1
Siemens	Simatic Batch	<= 9.1
Siemens	Simatic Pcs 7	<= 9.1
Siemens	Simatic Route Control	<= 9.1
Siemens	Simatic Wincc	7.4
Siemens	Simatic Wincc Runtime Professional	<= 18

Related Weaknesses (CWE)

CWE-476

References

https://cert-portal.siemens.com/productcert/html/ssa-753746.htmlVendor Advisory
https://cert-portal.siemens.com/productcert/html/ssa-753746.htmlVendor Advisory

FAQ

What is CVE-2023-48364?

CVE-2023-48364 is a vulnerability with a CVSS score of 6.5 (MEDIUM). A vulnerability has been identified in OpenPCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC BATCH V9.1 (All versions < V9.1 SP2 UC05), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC Rout...

How severe is CVE-2023-48364?

CVE-2023-48364 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-48364?

Check the references section above for vendor advisories and patch information. Affected products include: Siemens Openpcs 7, Siemens Simatic Batch, Siemens Simatic Pcs 7, Siemens Simatic Route Control, Siemens Simatic Wincc.