CVE-2023-38380

CWE-401Memory LeakCWE-284Improper Access Control4 documents4 sources
Severity
8.7HIGH
EPSS
0.1%
top 70.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
16
Siemens Simatic CP 1242-7 V2 (incl. Siplus Variants)Siemens Simatic CP 1243-1 (incl. Siplus Variants)Siemens Simatic CP 1243-1 Dnp3 (incl. Siplus Variants)+13 more
Timeline
PublishedDec 12

Description

A vulnerability has been identified in SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) (All versions = V6.1 < V6.1 HF2), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) (All versions < V2.3), SIPLUS NET CP 1543-1 (6AG1543-1AX00-2XE0) (All versions < V3.0.37). The webserver implementation of the affected products does not corre

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Packages16 packages

🔴Vulnerability Details

2
GHSA
GHSA-532g-fpxj-7pxx: A vulnerability has been identified in SIMATIC CP 1242-7 V2 (incl2023-12-12
CVEList
CVE-2023-38380: A vulnerability has been identified in SIMATIC CP 1242-7 V2 (incl2023-12-12

📋Vendor Advisories

1
Fortinet
Read-Only users able to add/modify the Interface fields using the API2022-11-02