Skip to main content

Simatic Drive Controller Cpu 1504D Tf Firmware CVE-2023-46156

HIGH
Use After Free (CWE-416)
2023-12-12 productcert@siemens.com
Use After Free Denial Of Service Memory Corruption Simatic Drive Controller Cpu 1504D Tf Firmware Simatic Drive Controller Cpu 1507D Tf Firmware Simatic Et 200Sp Open Control 1515Sp Pc2 Firmware Simatic S7 1500 Cpu 1510Sp F 1 Pn Firmware Simatic S7 1500 Cpu 1510Sp 1 Pn Firmware Simatic S7 1500 Cpu 1511 1 Pn Firmware Simatic S7 1500 Cpu 1511C 1 Pn Firmware Simatic S7 1500 Cpu 1511F 1 Pn Firmware Simatic S7 1500 Cpu 1511T 1 Pn Firmware Simatic S7 1500 Cpu 1511Tf 1 Pn Firmware Simatic S7 1500 Cpu 1512C 1 Pn Firmware Simatic S7 1500 Cpu 1512Sp F 1 Pn Firmware Simatic S7 1500 Cpu 1512Sp 1 Pn Firmware Simatic S7 1500 Cpu 1513 1 Pn Firmware Simatic S7 1500 Cpu 1513F 1 Pn Firmware Simatic S7 1500 Cpu 1513R 1 Pn Firmware Simatic S7 1500 Cpu 1514Sp F 2 Pn Firmware Simatic S7 1500 Cpu 1514Sp 2 Pn Firmware Simatic S7 1500 Cpu 1514Spt F 2 Pn Firmware Simatic S7 1500 Cpu 1514Spt 2 Pn Firmware Simatic S7 1500 Cpu 1515 2 Pn Firmware Simatic S7 1500 Cpu 1515F 2 Pn Firmware Simatic S7 1500 Cpu 1515R 2 Pn Firmware Simatic S7 1500 Cpu 1515T 2 Pn Firmware Simatic S7 1500 Cpu 1515Tf 2 Pn Firmware Simatic S7 1500 Cpu 1516 3 Pn Dp Firmware Simatic S7 1500 Cpu 1516F 3 Pn Dp Firmware Simatic S7 1500 Cpu 1516T 3 Pn Dp Firmware Simatic S7 1500 Cpu 1517 3 Pn Dp Firmware Simatic S7 1500 Cpu 1517F 3 Pn Dp Firmware Simatic S7 1500 Cpu 1517H 3 Pn Firmware Simatic S7 1500 Cpu 1517T 3 Pn Dp Firmware Simatic S7 1500 Cpu 1517Tf 3 Pn Dp Firmware Simatic S7 1500 Cpu 1518 4 Pn Dp Firmware Simatic S7 1500 Cpu 1518F 4 Pn Dp Firmware Simatic S7 1500 Cpu 1518Hf 4 Pn Firmware Simatic S7 1500 Cpu 1518T 4 Pn Dp Firmware Simatic S7 1500 Cpu 1518Tf 4 Pn Dp Firmware Simatic S7 1500 Cpu S7 1518 4 Pn Dp Odk Firmware Simatic S7 1500 Cpu S7 1518F 4 Pn Dp Odk Firmware Simatic S7 1500 Et 200Pro Simatic S7 1500 Software Controller Firmware Simatic S7 Plcsim Advanced Firmware Siplus Et 200Sp Cpu 1510Sp F 1 Pn Firmware Siplus Et 200Sp Cpu 1510Sp F 1 Pn Rail Firmware Siplus Et 200Sp Cpu 1510Sp 1 Pn Firmware Siplus Et 200Sp Cpu 1510Sp 1 Pn Rail Firmware Siplus Et 200Sp 1512Sp F 1 Pn Firmware Siplus Et 200Sp Cpu 1512Sp F 1 Pn Rail Firmware Siplus Et 200Sp Cpu 1512Sp 1 Pn Firmware Siplus Et 200Sp Cpu 1512Sp 1 Pn Rail Firmware Siplus S7 1500 Cpu 1511 1 Pn Firmware Siplus S7 1500 Cpu 1511 1 Pn T1 Rail Firmware Siplus S7 1500 Cpu 1511 1 Pn Tx Rail Firmware Siplus S7 1500 Cpu 1511F 1 Pn Firmware Siplus S7 1500 Cpu 1513 1 Pn Firmware Siplus S7 1500 Cpu 1513F 1 Pn Firmware Siplus S7 1500 Cpu 1515F 2 Pn Firmware Siplus S7 1500 Cpu 1515F 2 Pn Rail Firmware Siplus S7 1500 Cpu 1515F 2 Pn T2 Rail Firmware Siplus S7 1500 Cpu 1515R 2 Pn Firmware Siplus S7 1500 Cpu 1515R 2 Pn Tx Rail Firmware Siplus S7 1500 Cpu 1516 3 Pn Dp Firmware Siplus S7 1500 Cpu 1516 3 Pn Dp Tx Rail Firmware Siplus S7 1500 Cpu 1516F 3 Pn Dp Firmware Siplus S7 1500 Cpu 1516F 3 Pn Dp Rail Firmware Siplus S7 1500 Cpu 1517H 3 Pn Firmware Siplus S7 1500 Cpu 1518 4 Pn Dp Firmware Siplus S7 1500 Cpu 1518 4 Pn Dp Mfp Firmware Siplus S7 1500 Cpu 1518F 4 Pn Dp Firmware Siplus S7 1500 Cpu 1518Hf 4 Pn Firmware Sinumerik Mc Firmware Sinumerik One Firmware
7.5
CVSS 3.1 · Vendor: siemens
Share

Severity by source

Vendor (siemens) PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from Vendor (siemens) · only source for this CVE.

CVSS VectorVendor: siemens

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Dec 12, 2023 - 12:15 cve.org
HIGH 7.5

DescriptionCVE.org

Affected devices improperly handle specially crafted packets sent to port 102/tcp. This could allow an attacker to create a denial of service condition. A restart is needed to restore normal operations.

AnalysisAI

Affected devices improperly handle specially crafted packets sent to port 102/tcp. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Use After Free (CWE-416), which allows attackers to access freed memory to execute arbitrary code or crash the application. Affected devices improperly handle specially crafted packets sent to port 102/tcp. This could allow an attacker to create a denial of service condition. A restart is needed to restore normal operations. Affected products include: Siemens Simatic Drive Controller Cpu 1504D Tf Firmware, Siemens Simatic Drive Controller Cpu 1507D Tf Firmware, Siemens Simatic Et 200Sp Open Control 1515Sp Pc2 Firmware, Siemens Simatic S7-1500 Cpu 1510Sp F-1 Pn Firmware, Siemens Simatic S7-1500 Cpu 1510Sp-1 Pn Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use smart pointers or garbage-collected languages. Set pointers to NULL after freeing. Enable memory sanitizers.

Share

CVE-2023-46156 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy