A vulnerability has been identified in SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-1 (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-7 LTE (All versions < V3.4.29), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions < V2.3), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions < V2.3), SIMATIC CP 1543-1 (6GK7543-1AX00-0XE0) (All versions < V3.0.37), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) (All versions < V2.3), SINAMICS S210 (6SL5...) (All versions >= V6.1 < V6.1 HF2), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) (All versions < V2.3), SIPLUS NET CP 1543-1 (6AG1543-1AX00-2XE0) (All versions < V3.0.37). The webserver implementation of the affected products does not correctly release allocated memory after it has been used. An attacker with network access could use this vulnerability to cause a denial-of-service condition in the webserver of the affected product.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Siemens
  • 6ag1543-1ax00-2xe0
  • 6ag1543-1ax00-2xe0 Firmware
  • 6gk7243-8rx30-0xe0
  • 6gk7243-8rx30-0xe0 Firmware
  • 6gk7543-1ax00-0xe0
  • 6gk7543-1ax00-0xe0 Firmware
  • Simatic Cp 1242-7 V2
  • Simatic Cp 1242-7 V2 Firmware
  • Simatic Cp 1243-1
  • Simatic Cp 1243-1 Dnp3
  • Simatic Cp 1243-1 Dnp3 Firmware
  • Simatic Cp 1243-1 Firmware
  • Simatic Cp 1243-1 Iec
  • Simatic Cp 1243-1 Iec Firmware
  • Simatic Cp 1243-7 Lte
  • Simatic Cp 1243-7 Lte Firmware
  • Sinamics S210
  • Sinamics S210 Firmware

Configuration 1 [-]

AND
cpe:2.3:o:siemens:6gk7243-8rx30-0xe0_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:6gk7243-8rx30-0xe0:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:o:siemens:6gk7543-1ax00-0xe0_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:6gk7543-1ax00-0xe0:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:siemens:6ag1543-1ax00-2xe0_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:6ag1543-1ax00-2xe0:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:siemens:simatic_cp_1242-7_v2_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_cp_1242-7_v2:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:siemens:simatic_cp_1243-1_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_cp_1243-1:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:o:siemens:simatic_cp_1243-1_dnp3_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_cp_1243-1_dnp3:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:o:siemens:simatic_cp_1243-1_iec_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_cp_1243-1_iec:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
cpe:2.3:o:siemens:simatic_cp_1243-7_lte_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_cp_1243-7_lte:*:*:*:*:*:*:*:*

Configuration 9 [-]

AND
OR cpe:2.3:o:siemens:sinamics_s210_firmware:5.1:-:*:*:*:*:*:*
cpe:2.3:o:siemens:sinamics_s210_firmware:5.1:sp1:*:*:*:*:*:*
cpe:2.3:o:siemens:sinamics_s210_firmware:5.1:sp1_hotfix8:*:*:*:*:*:*
cpe:2.3:o:siemens:sinamics_s210_firmware:5.2:-:*:*:*:*:*:*
cpe:2.3:o:siemens:sinamics_s210_firmware:5.2:hotfix2:*:*:*:*:*:*
cpe:2.3:o:siemens:sinamics_s210_firmware:5.2:hotfix5:*:*:*:*:*:*
cpe:2.3:o:siemens:sinamics_s210_firmware:5.2:hotfix6:*:*:*:*:*:*
cpe:2.3:o:siemens:sinamics_s210_firmware:5.2:hotfix7:*:*:*:*:*:*
cpe:2.3:o:siemens:sinamics_s210_firmware:5.2:sp3:*:*:*:*:*:*
cpe:2.3:o:siemens:sinamics_s210_firmware:5.2:sp3_hotfix3:*:*:*:*:*:*
cpe:2.3:o:siemens:sinamics_s210_firmware:5.2:sp3_hotfix5:*:*:*:*:*:*
cpe:2.3:o:siemens:sinamics_s210_firmware:5.2:sp3_hotfix6:*:*:*:*:*:*
cpe:2.3:o:siemens:sinamics_s210_firmware:5.2:sp3_hotfix9:*:*:*:*:*:*
cpe:2.3:o:siemens:sinamics_s210_firmware:6.1:-:*:*:*:*:*:*
cpe:2.3:o:siemens:sinamics_s210_firmware:6.1:hotfix1:*:*:*:*:*:*
cpe:2.3:h:siemens:sinamics_s210:-:*:*:*:*:*:*:*

No data.

References
Link Providers
https://cert-portal.siemens.com/productcert/html/ssa-139628.html cve-icon cve-icon
https://cert-portal.siemens.com/productcert/html/ssa-625862.html cve-icon cve-icon
https://cert-portal.siemens.com/productcert/html/ssa-693975.html cve-icon cve-icon
https://cert-portal.siemens.com/productcert/pdf/ssa-693975.pdf cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: siemens

Published: 2023-12-12T11:26:36.173Z

Updated: 2024-08-02T17:39:13.213Z

Reserved: 2023-07-17T13:06:36.758Z

Link: CVE-2023-38380

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-12-12T12:15:11.477

Modified: 2024-06-11T12:15:10.630

Link: CVE-2023-38380

cve-icon Redhat

No data.