CVE-2023-50821

CWE-120Classic Buffer Overflow3 documents3 sources
Severity
6.9MEDIUM
EPSS
0.1%
top 84.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Siemens Simatic PCS 7 V9.1Siemens Simatic Wincc Runtime Professional V17Siemens Simatic Wincc Runtime Professional V18+3 more
Timeline
PublishedApr 9

Description

A vulnerability has been identified in SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC04), SIMATIC WinCC Runtime Professional V17 (All versions < V17 Update 8), SIMATIC WinCC Runtime Professional V18 (All versions < V18 Update 4), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 1), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 16), SIMATIC WinCC V8.0 (All versions < V8.0 Update 5). The affected products do not properly validate the input provided in the login dialog box. An

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Packages6 packages

CVEListV5siemens/simatic_wincc_v7.5< V7.5 SP2 Update 16
CVEListV5siemens/simatic_wincc_v8.0< V8.0 Update 5

🔴Vulnerability Details

2
CVEList
CVE-2023-50821: A vulnerability has been identified in SIMATIC PCS 7 V92024-04-09
GHSA
GHSA-m32q-g43c-p863: A vulnerability has been identified in SIMATIC PCS 7 V92024-04-09