CVE-2023-32736Deserialization of Untrusted Data in Siemens Simatic S7-plcsim V16

CWE-502Deserialization of Untrusted Data3 documents3 sources
Severity
7.0HIGHNVD
EPSS
0.1%
top 81.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
30
Siemens Simatic S7-plcsim V16Siemens Simatic S7-plcsim V17Siemens Simatic Step 7 Safety V16+27 more
Timeline
PublishedNov 12

Description

A vulnerability has been identified in SIMATIC S7-PLCSIM V16 (All versions), SIMATIC S7-PLCSIM V17 (All versions), SIMATIC STEP 7 Safety V16 (All versions), SIMATIC STEP 7 Safety V17 (All versions < V17 Update 8), SIMATIC STEP 7 Safety V18 (All versions < V18 Update 5), SIMATIC STEP 7 V16 (All versions), SIMATIC STEP 7 V17 (All versions < V17 Update 8), SIMATIC STEP 7 V18 (All versions < V18 Update 5), SIMATIC WinCC Unified V16 (All versions), SIMATIC WinCC Unified V17 (All versions < V17 Update

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages30 packages

CVEListV5siemens/simatic_step_7_safety_v17< V17 Update 8
CVEListV5siemens/simatic_step_7_safety_v18< V18 Update 5
CVEListV5siemens/simatic_wincc_unified_v17< V17 Update 8

🔴Vulnerability Details

2
GHSA
GHSA-5355-h7h8-637c: A vulnerability has been identified in SIMATIC S7-PLCSIM V16 (All versions), SIMATIC S7-PLCSIM V17 (All versions), SIMATIC STEP 7 Safety V16 (All vers2024-11-12
CVEList
CVE-2023-32736: A vulnerability has been identified in SIMATIC S7-PLCSIM V16 (All versions), SIMATIC S7-PLCSIM V17 (All versions), SIMATIC STEP 7 Safety V16 (All vers2024-11-12
CVE-2023-32736 — Deserialization of Untrusted Data | cvebase