← Back

CVE-2023-51440

nvd nist
Published: Feb 13, 2024Modified: Dec 16, 2024

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

A vulnerability has been identified in SIMATIC CP 343-1 (6GK7343-1EX30-0XE0) (All versions), SIMATIC CP 343-1 Lean (6GK7343-1CX10-0XE0) (All versions), SIPLUS NET CP 343-1 (6AG1343-1EX30-7XE0) (All versions), SIPLUS NET CP 343-1 Lean (6AG1343-1CX10-2XE0) (All versions). Affected products incorrectly validate TCP sequence numbers. This could allow an unauthenticated remote attacker to create a denial of service condition by injecting spoofed TCP RST packets.

Affected (4)

Siemens
4 products
Simatic Cp 343 1 Firmware
Simatic Cp 343 1 Lean Firmware
Siplus Net Cp 343 1 Firmware
Siplus Net Cp 343 1 Lean Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Simatic Cp 343 1 Firmware
All versions
Running on/withPlatform Versions
Siemens
Simatic Cp 343 1
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Simatic Cp 343 1 Lean Firmware
All versions
Running on/withPlatform Versions
Siemens
Simatic Cp 343 1 Lean
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Siplus Net Cp 343 1 Firmware
All versions
Running on/withPlatform Versions
Siemens
Siplus Net Cp 343 1
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Siplus Net Cp 343 1 Lean Firmware
All versions
Running on/withPlatform Versions
Siemens
Siplus Net Cp 343 1 Lean
All versions

Related CWEs

CWE-940
Improper Verification of Source of a Communication Channel
The product establishes a communication channel to handle an incoming request that has been initiated by an actor, but it does not properly verify that the request is coming from the expected origin.

References (2)

Source: productcert@siemens.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.