CVE-2023-46156

CWE-416 — Use After Free3 documents3 sources

Severity

7.5HIGH

EPSS

0.0%

top 91.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

124

Siemens Simatic Drive Controller CPU 1504d TF Siemens Simatic Drive Controller CPU 1507d TF Siemens Simatic ET 200sp Open Controller CPU 1515sp PC2 (incl. Siplus Variants)+121 more

Timeline

PublishedDec 12

Description

Affected devices improperly handle specially crafted packets sent to port 102/tcp. This could allow an attacker to create a denial of service condition. A restart is needed to restore normal operations.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages124 packages

▶CVEListV5siemens/sinumerik_mc< V1.24

▶CVEListV5siemens/sinumerik_one< V6.24

▶CVEListV5siemens/simatic_s7-plcsim_advanced< V6.0

▶CVEListV5siemens/siplus_s7-1500_cpu_1511-1_pn< *

▶CVEListV5siemens/siplus_s7-1500_cpu_1513-1_pn< *

🔴Vulnerability Details

CVEList

CVE-2023-46156: Affected devices improperly handle specially crafted packets sent to port 102/tcp↗2023-12-12

▶

GHSA

GHSA-5fwp-f47r-rg74: Affected devices improperly handle specially crafted packets sent to port 102/tcp↗2023-12-12

▶