Resource exhaustion in Siemens products - CVE-2023-37195
Published: October 11, 2023
Vulnerability identifier: #VU81915
CSH Severity: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2023-37195
CWE-ID: CWE-400
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
SIMATIC CP 1604
SIMATIC CP 1616
SIMATIC CP 1623
SIMATIC CP 1628
SIMATIC CP 1626
SIMATIC CP 1604
SIMATIC CP 1616
SIMATIC CP 1623
SIMATIC CP 1628
SIMATIC CP 1626
Software vendor:
Siemens
Siemens
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources. A local administrator can trigger resource exhaustion and perform a denial of service (DoS) attack.
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.