Improper access control in Siemens products - CVE-2023-37194
Published: October 11, 2023
Vulnerability identifier: #VU81914
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2023-37194
CWE-ID: CWE-284
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Siemens
Affected software:
SIMATIC CP 1604
SIMATIC CP 1616
SIMATIC CP 1623
SIMATIC CP 1628
SIMATIC CP 1626
SIMATIC CP 1604
SIMATIC CP 1616
SIMATIC CP 1623
SIMATIC CP 1628
SIMATIC CP 1626
Detailed vulnerability description
The vulnerability allows a remote user to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions within the direct memory access (DMA). A remote administrator can bypass implemented security restrictions and gain unauthorized access to the application.
How to mitigate CVE-2023-37194
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.