#VU81914 Improper access control in Siemens products - CVE-2023-37194

Cybersecurity Help s.r.o.

Published: 2023-10-11

Vulnerability identifier: #VU81914

Vulnerability risk: Low

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-37194

CWE-ID: CWE-284

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
SIMATIC CP 1604
Hardware solutions / Routers & switches, VoIP, GSM, etc
SIMATIC CP 1616
Hardware solutions / Routers & switches, VoIP, GSM, etc
SIMATIC CP 1623
Hardware solutions / Firmware
SIMATIC CP 1628
Hardware solutions / Firmware
SIMATIC CP 1626
Server applications / SCADA systems

Vendor: Siemens

Description

The vulnerability allows a remote user to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions within the direct memory access (DMA). A remote administrator can bypass implemented security restrictions and gain unauthorized access to the application.

Mitigation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

SIMATIC CP 1604: All versions

SIMATIC CP 1616: All versions

SIMATIC CP 1623: All versions

SIMATIC CP 1626: All versions

SIMATIC CP 1628: All versions

External links
https://cert-portal.siemens.com/productcert/pdf/ssa-784849.pdf

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in SIMATIC CP Devices