cbcvebase.
CVE-2023-30756
published 2024-09-10

CVE-2023-30756: A vulnerability has been identified in SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-1 (incl. SIPLUS variants) (All…

high8.2CVSS 4.0
AVNACHATNPRNUINVCNVINVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
A vulnerability has been identified in SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-1 (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-7 LTE (All versions < V3.5.20), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions < V3.5.20), SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions), SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions), SIMATIC WinCC Runtime Advanced (All versions), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions < V2.4.8), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions < V2.4.8). The web server of the affected devices do not properly handle certain errors when using the Expect HTTP request header, resulting in NULL dereference. This could allow a remote attacker with no privileges to cause a denial of service condition in the system.

Affected

12 ranges
VendorProductVersion rangeFixed in
siemenssimatic_cp_1242-7_v2< V3.5.20V3.5.20
siemenssimatic_cp_1243-1< V3.5.20V3.5.20
siemenssimatic_cp_1243-1_dnp3< V3.5.20V3.5.20
siemenssimatic_cp_1243-1_iec< V3.5.20V3.5.20
siemenssimatic_cp_1243-7_lte< V3.5.20V3.5.20
siemenssimatic_cp_1243-8_irc< V3.5.20V3.5.20
siemenssimatic_hmi_comfort_panels
siemenssimatic_ipc_diagbase< **
siemenssimatic_ipc_diagmonitor
siemenssimatic_wincc_runtime_advanced
siemenssiplus_tim_1531_irc< V2.4.8V2.4.8
siemenstim_1531_irc< V2.4.8V2.4.8