CVE-2023-32735

CWE-502 — Deserialization of Untrusted Data3 documents3 sources

Severity

7.0HIGH

EPSS

0.1%

top 82.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Simatic Step 7 Safety V16 Siemens Simatic Step 7 Safety V17 Siemens Simatic Step 7 Safety V18 +24 more

Timeline

PublishedJul 9

Description

A vulnerability has been identified in SIMATIC STEP 7 Safety V16 (All versions < V16 Update 7), SIMATIC STEP 7 Safety V17 (All versions < V17 Update 7), SIMATIC STEP 7 Safety V18 (All versions < V18 Update 2), SIMATIC STEP 7 V16 (All versions < V16 Update 7), SIMATIC STEP 7 V17 (All versions < V17 Update 7), SIMATIC STEP 7 V18 (All versions < V18 Update 2), SIMATIC WinCC Unified V16 (All versions < V16 Update 7), SIMATIC WinCC Unified V17 (All versions < V17 Update 7), SIMATIC WinCC Unified V18 …

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages27 packages

▶CVEListV5siemens/simatic_step_7_safety_v16< V16 Update 7

▶CVEListV5siemens/simatic_step_7_safety_v17< V17 Update 7

▶CVEListV5siemens/simatic_step_7_safety_v18< V18 Update 2

▶CVEListV5siemens/simatic_wincc_unified_v16< V16 Update 7

▶CVEListV5siemens/simatic_wincc_unified_v17< V17 Update 7

🔴Vulnerability Details

CVEList

CVE-2023-32735: A vulnerability has been identified in SIMATIC STEP 7 Safety V16 (All versions < V16 Update 7), SIMATIC STEP 7 Safety V17 (All versions < V17 Update 7↗2024-07-09

▶

GHSA

GHSA-27hg-xg89-rq4f: A vulnerability has been identified in SIMATIC STEP 7 Safety V16 (All versions < V16 Update 7), SIMATIC STEP 7 Safety V17 (All versions < V17 Update 7↗2024-07-09

▶