Integer overflow in Siemens Other software

#VU80852 Integer overflow in Siemens Other software

Published: 2023-09-18

Vulnerability identifier: #VU80852

Vulnerability risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-28831

CWE-ID: CWE-190

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
SIMATIC S7-1200 CPU family
Hardware solutions / Firmware
SIMATIC S7-1500 Software Controller V3
Hardware solutions / Firmware
SIMATIC S7-1500 CPU 1511-1 PN
Hardware solutions / Firmware
SIMATIC S7-1500 CPU 1511C-1 PN
Hardware solutions / Firmware
SIMATIC S7-1500 CPU 1511F-1 PN
Hardware solutions / Firmware
SIMATIC S7-1500 CPU 1511T-1 PN
Hardware solutions / Firmware
SIMATIC S7-1500 CPU 1511TF-1 PN
Hardware solutions / Firmware
SIMATIC S7-1500 CPU 1512C-1 PN
Hardware solutions / Firmware
SIMATIC S7-1500 CPU 1512SP F-1 PN
Hardware solutions / Firmware
SIMATIC S7-1500 CPU 1512SP-1 PN
Hardware solutions / Firmware
SIMATIC S7-1500 CPU 1513-1 PN
Hardware solutions / Firmware
SIMATIC S7-1500 CPU 1513F-1 PN
Hardware solutions / Firmware
SIMATIC S7-1500 CPU 1513R-1 PN
Hardware solutions / Firmware
SIMATIC S7-1500 CPU 1514SP F-2 PN
Hardware solutions / Firmware
SIMATIC S7-1500 CPU 1514SP-2 PN
Hardware solutions / Firmware
SIMATIC S7-1500 CPU 1514SPT F-2 PN
Hardware solutions / Firmware
SIMATIC S7-1500 CPU 1514SPT-2 PN
Hardware solutions / Firmware
SIMATIC S7-1500 CPU 1515-2 PN
Hardware solutions / Firmware
SIMATIC S7-1500 CPU 1515F-2 PN
Hardware solutions / Firmware
SIMATIC S7-1500 CPU 1515R-2 PN
Hardware solutions / Firmware
SIMATIC S7-1500 CPU 1515T-2 PN
Hardware solutions / Firmware
SIMATIC S7-1500 CPU 1515TF-2 PN
Hardware solutions / Firmware
SIMATIC S7-1500 CPU 1516-3 PN/DP
Hardware solutions / Firmware
SIMATIC S7-1500 CPU 1516F-3 PN/DP
Hardware solutions / Firmware
SIMATIC S7-1500 CPU 1516T-3 PN/DP
Hardware solutions / Firmware
SIMATIC S7-1500 CPU 1516TF-3 PN/DP
Hardware solutions / Firmware
SIMATIC S7-1500 CPU 1517-3 PN/DP
Hardware solutions / Firmware
SIMATIC S7-1500 CPU 1517F-3 PN/DP
Hardware solutions / Firmware
SIMATIC S7-1500 CPU 1517H-3 PN
Hardware solutions / Firmware
SIMATIC S7-1500 CPU 1517T-3 PN/DP
Hardware solutions / Firmware
SIMATIC S7-1500 CPU 1517TF-3 PN/DP
Hardware solutions / Firmware
SIMATIC S7-1500 CPU 1518-4 PN/DP
Hardware solutions / Firmware
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP
Hardware solutions / Firmware
SIMATIC S7-1500 CPU 1518F-4 PN/DP
Hardware solutions / Firmware
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP
Hardware solutions / Firmware
SIMATIC S7-1500 CPU 1518HF-4 PN
Hardware solutions / Firmware
SIMATIC S7-1500 CPU 1518T-4 PN/DP
Hardware solutions / Firmware
SIMATIC S7-1500 CPU 1518TF-4 PN/DP
Hardware solutions / Firmware
SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODK
Hardware solutions / Firmware
SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODK
Hardware solutions / Firmware
SIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PN
Hardware solutions / Firmware
SIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PN
Hardware solutions / Firmware
SIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PN
Hardware solutions / Firmware
SIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PN
Hardware solutions / Firmware
SIMATIC S7-1500 Software Controller V2
Hardware solutions / Firmware
SIPLUS ET 200SP CPU 1510SP F-1 PN
Hardware solutions / Firmware
SIPLUS ET 200SP CPU 1510SP F-1 PN RAIL
Hardware solutions / Firmware
SIPLUS ET 200SP CPU 1510SP-1 PN
Hardware solutions / Firmware
SIPLUS ET 200SP CPU 1510SP-1 PN RAIL
Hardware solutions / Firmware
SIPLUS ET 200SP CPU 1512SP F-1 PN
Hardware solutions / Firmware
SIPLUS ET 200SP CPU 1512SP F-1 PN RAIL
Hardware solutions / Firmware
SIPLUS ET 200SP CPU 1512SP-1 PN
Hardware solutions / Firmware
SIPLUS ET 200SP CPU 1512SP-1 PN RAIL
Hardware solutions / Firmware
SIPLUS S7-1500 CPU 1511-1 PN
Hardware solutions / Firmware
SIPLUS S7-1500 CPU 1511-1 PN T1 RAIL
Hardware solutions / Firmware
SIPLUS S7-1500 CPU 1511-1 PN TX RAIL
Hardware solutions / Firmware
SIPLUS S7-1500 CPU 1511F-1 PN
Hardware solutions / Firmware
SIPLUS S7-1500 CPU 1513-1 PN
Hardware solutions / Firmware
SIPLUS S7-1500 CPU 1513F-1 PN
Hardware solutions / Firmware
SIPLUS S7-1500 CPU 1515F-2 PN
Hardware solutions / Firmware
SIPLUS S7-1500 CPU 1515F-2 PN RAIL
Hardware solutions / Firmware
SIPLUS S7-1500 CPU 1515F-2 PN T2 RAIL
Hardware solutions / Firmware
SIPLUS S7-1500 CPU 1515R-2 PN
Hardware solutions / Firmware
SIPLUS S7-1500 CPU 1515R-2 PN TX RAIL
Hardware solutions / Firmware
SIPLUS S7-1500 CPU 1516-3 PN/DP
Hardware solutions / Firmware
SIPLUS S7-1500 CPU 1516-3 PN/DP RAIL
Hardware solutions / Firmware
SIPLUS S7-1500 CPU 1516-3 PN/DP TX RAIL
Hardware solutions / Firmware
SIPLUS S7-1500 CPU 1516F-3 PN/DP
Hardware solutions / Firmware
SIPLUS S7-1500 CPU 1516F-3 PN/DP RAIL
Hardware solutions / Firmware
SIPLUS S7-1500 CPU 1517H-3 PN
Hardware solutions / Firmware
SIPLUS S7-1500 CPU 1518-4 PN/DP
Hardware solutions / Firmware
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP
Hardware solutions / Firmware
SIPLUS S7-1500 CPU 1518F-4 PN/DP
Hardware solutions / Firmware
SIPLUS S7-1500 CPU 1518HF-4 PN
Hardware solutions / Firmware
SIMATIC Drive Controller CPU 1504D TF
Hardware solutions / Firmware
SIMATIC Drive Controller CPU 1507D TF
Hardware solutions / Firmware
SIMATIC S7-1500 CPU 1510SP F-1 PN
Hardware solutions / Firmware
SIMATIC S7-1500 CPU 1510SP-1 PN
Hardware solutions / Firmware
SIMATIC S7-PLCSIM Advanced
Server applications / SCADA systems
SIMATIC ET 200SP Open Controller CPU 1515SP PC2
Server applications / SCADA systems
SIMATIC Cloud Connect 7 CC712
Other software / Other software solutions
SIMATIC Cloud Connect 7 CC716
Other software / Other software solutions

Vendor: Siemens

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to integer overflow in the ANSI C OPC UA SDK. A remote attacker can pass specially crafted data to the application, trigger integer overflow and cause a denial of service condition on the target system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

SIMATIC S7-1200 CPU family: All versions

SIMATIC S7-1500 Software Controller V3: All versions

SIMATIC S7-PLCSIM Advanced: All versions

External links
http://cert-portal.siemens.com/productcert/pdf/ssa-711309.pdf

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Siemens SINUMERIK ONE and SINUMERIK MC

Denial of service in Siemens SIMATIC Products