Vulnerabilities > CVE-2023-28829 - Unspecified vulnerability in Siemens products

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

siemens

NVD

Published: 2023-06-13

Updated: 2023-07-05

Summary

A vulnerability has been identified in SIMATIC NET PC Software V14 (All versions), SIMATIC NET PC Software V15 (All versions), SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC WinCC (All versions < V8.0), SINAUT Software ST7sc (All versions). Before SIMATIC WinCC V8, legacy OPC services (OPC DA (Data Access), OPC HDA (Historical Data Access), and OPC AE (Alarms & Events)) were used per default. These services were designed on top of the Windows ActiveX and DCOM mechanisms and do not implement state-of-the-art security mechanisms for authentication and encryption of contents.

Vulnerable Configurations

Part	Description	Count
Application	Siemens Siemens Simatic PCS 7 9.0 Siemens Simatic PCS 7 9.1 Siemens Simatic PCS 7 8.2 Siemens Simatic NET PC Software 15.0 Siemens Simatic NET PC Software 14.0 Siemens Simatic Wincc - Siemens Simatic Wincc 6.2 Siemens Simatic Wincc 7.0 Siemens Simatic Wincc 7.1 Siemens Simatic Wincc 7.2 Siemens Simatic Wincc 7.3 Siemens Simatic Wincc 7.4 Siemens Simatic Wincc 7.5 Siemens Simatic Wincc 7.5.1 Siemens Sinaut St7Sc *	60

References

https://cert-portal.siemens.com/productcert/pdf/ssa-508677.pdf