CVE-2023-36521 - Vulnerability Details

A vulnerability has been identified in SIMATIC MV540 H (All versions < V3.3.4), SIMATIC MV540 S (All versions < V3.3.4), SIMATIC MV550 H (All versions < V3.3.4), SIMATIC MV550 S (All versions < V3.3.4), SIMATIC MV560 U (All versions < V3.3.4), SIMATIC MV560 X (All versions < V3.3.4). The result synchronization server of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation of all socket-based communication of the affected products if the result server is enabled.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Siemens	Simatic Mv540 H Simatic Mv540 H Firmware Simatic Mv540 S Simatic Mv540 S Firmware Simatic Mv550 H Simatic Mv550 H Firmware Simatic Mv550 S Simatic Mv550 S Firmware Simatic Mv560 U Simatic Mv560 U Firmware Simatic Mv560 X Simatic Mv560 X Firmware

Configuration 1 [-]

AND

cpe:2.3:o:siemens:simatic_mv540_h_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_mv540_h:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:siemens:simatic_mv540_s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_mv540_s:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:siemens:simatic_mv550_h_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_mv550_h:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:siemens:simatic_mv550_s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_mv550_s:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:siemens:simatic_mv560_u_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_mv560_u:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:siemens:simatic_mv560_x_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_mv560_x:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://cert-portal.siemens.com/productcert/pdf/ssa-561322.pdf

History

Thu, 21 Nov 2024 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: siemens

Published: 2023-07-11T09:07:13.637Z

Updated: 2024-11-21T14:09:57.839Z

Reserved: 2023-06-22T12:37:24.976Z

Link: CVE-2023-36521

Vulnrichment

Updated: 2024-08-02T16:52:52.404Z

NVD

Status : Modified

Published: 2023-07-11T10:15:10.897

Modified: 2024-11-21T08:09:52.053

Link: CVE-2023-36521

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable yes

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object