CVE-2023-46280

CWE-125 — Out-of-bounds Read3 documents3 sources

Severity

8.2HIGH

EPSS

0.1%

top 80.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Security Configuration Tool (sct)Siemens Simatic Automation Tool Siemens Simatic Batch V9.1 +30 more

Timeline

PublishedMay 14

Description

A vulnerability has been identified in Security Configuration Tool (SCT) (All versions), SIMATIC Automation Tool (All versions < V5.0 SP2), SIMATIC BATCH V9.1 (All versions < V9.1 SP2 Upd5), SIMATIC NET PC Software V16 (All versions < V16 Update 8), SIMATIC NET PC Software V17 (All versions), SIMATIC NET PC Software V18 (All versions < V18 SP1), SIMATIC NET PC Software V19 (All versions < V19 Update 2), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC PDM V9.2 (All versions < V9.2 SP2 …

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H

Affected Packages33 packages

▶CVEListV5siemens/simatic_wincc_runtime_professional_v16< V16 Update 6

▶CVEListV5siemens/simatic_wincc_runtime_professional_v17< V17 Update 8

▶CVEListV5siemens/simatic_wincc_runtime_professional_v18< V18 Update 4

▶CVEListV5siemens/simatic_wincc_runtime_professional_v19< V19 Update 2

▶CVEListV5siemens/simatic_wincc_runtime_advanced< V17 Update 8

🔴Vulnerability Details

CVEList

CVE-2023-46280: A vulnerability has been identified in Security Configuration Tool (SCT) (All versions), SIMATIC Automation Tool (All versions < V5↗2024-05-14

▶

GHSA

GHSA-g3gv-9xvr-p3r6: A vulnerability has been identified in S7-PCT (All versions), Security Configuration Tool (SCT) (All versions), SIMATIC Automation Tool (All versions)↗2024-05-14

▶