CVE-2023-37195

Published: Oct 10, 2023Modified: Nov 21, 2024

4.4

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Exploitability: 0.8 / Impact: 3.6

Source: productcert@siemens.com (Secondary)

Description

A vulnerability has been identified in SIMATIC CP 1604 (All versions), SIMATIC CP 1616 (All versions), SIMATIC CP 1623 (All versions), SIMATIC CP 1626 (All versions), SIMATIC CP 1628 (All versions). Affected devices insufficiently control continuous mapping of direct memory access (DMA) requests. This could allow local attackers with administrative privileges to cause a denial of service situation on the host. A physical power cycle is required to get the system working again.

Affected (5)

Products: Siemens: Simatic Cp 1604 Firmware, Simatic Cp 1616 Firmware, Simatic Cp 1623 Firmware, Simatic Cp 1626 Firmware, Simatic Cp 1628 Firmware

Siemens

5 products

Simatic Cp 1604 Firmware

Simatic Cp 1616 Firmware

Simatic Cp 1623 Firmware

Simatic Cp 1626 Firmware

Simatic Cp 1628 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Simatic Cp 1604 Firmware	All versions

Running on/with	Platform Versions
Siemens Simatic Cp 1604	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Simatic Cp 1616 Firmware	All versions

Running on/with	Platform Versions
Siemens Simatic Cp 1616	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Simatic Cp 1623 Firmware	All versions

Running on/with	Platform Versions
Siemens Simatic Cp 1623	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Simatic Cp 1626 Firmware	All versions

Running on/with	Platform Versions
Siemens Simatic Cp 1626	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Simatic Cp 1628 Firmware	All versions

Running on/with	Platform Versions
Siemens Simatic Cp 1628	All versions

Related CWEs

CWE-400

Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (2)

https://cert-portal.siemens.com/productcert/pdf/ssa-784849.pdf

Source: productcert@siemens.com

Vendor Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-784849.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.