Risk | Low |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2023-28829 |
CWE-ID | CWE-477 |
Exploitation vector | Local network |
Public exploit | N/A |
Vulnerable software |
SIMATIC NET PC Software Server applications / SCADA systems SIMATIC PCS 7 Server applications / SCADA systems SINAUT Software ST7sc Server applications / SCADA systems Siemens SIMATIC WinCC Server applications / SCADA systems |
Vendor | Siemens |
Security Bulletin
This security bulletin contains one low risk vulnerability.
EUVDB-ID: #VU77319
Risk: Low
CVSSv3.1: 3.4 [CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-28829
CWE-ID:
CWE-477 - Use of Obsolete Function
Exploit availability: No
DescriptionThe vulnerability allows a remote user to compromise the target system.
The vulnerability exists due to due to use of obsolete function. A remote administrator on the local network can bypass authentication process on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSIMATIC NET PC Software: 14 - 15
SIMATIC PCS 7: 8.2 - 9.1
SINAUT Software ST7sc: All versions
Siemens SIMATIC WinCC: before 8.0
CPE2.3http://cert-portal.siemens.com/productcert/pdf/ssa-508677.pdf
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.