Multiple vulnerabilities in SIMATIC CP Devices



Risk Low
Patch available NO
Number of vulnerabilities 2
CVE-ID CVE-2023-37194
CVE-2023-37195
CWE-ID CWE-284
CWE-400
Exploitation vector Network
Public exploit N/A
Vulnerable software
SIMATIC CP 1604
Hardware solutions / Routers & switches, VoIP, GSM, etc

SIMATIC CP 1616
Hardware solutions / Routers & switches, VoIP, GSM, etc

SIMATIC CP 1623
Hardware solutions / Firmware

SIMATIC CP 1628
Hardware solutions / Firmware

SIMATIC CP 1626
Server applications / SCADA systems

Vendor Siemens

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Improper access control

EUVDB-ID: #VU81914

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-37194

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote user to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions within the direct memory access (DMA). A remote administrator can bypass implemented security restrictions and gain unauthorized access to the application.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

SIMATIC CP 1604: All versions

SIMATIC CP 1616: All versions

SIMATIC CP 1623: All versions

SIMATIC CP 1626: All versions

SIMATIC CP 1628: All versions

CPE2.3 External links

http://cert-portal.siemens.com/productcert/pdf/ssa-784849.pdf


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Resource exhaustion

EUVDB-ID: #VU81915

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-37195

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources. A local administrator can trigger resource exhaustion and perform a denial of service (DoS) attack.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

SIMATIC CP 1604: All versions

SIMATIC CP 1616: All versions

SIMATIC CP 1623: All versions

SIMATIC CP 1626: All versions

SIMATIC CP 1628: All versions

CPE2.3 External links

http://cert-portal.siemens.com/productcert/pdf/ssa-784849.pdf


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###