CVE-2023-36521

A vulnerability has been identified in SIMATIC MV540 H (All versions < V3.3.4), SIMATIC MV540 S (All versions < V3.3.4), SIMATIC MV550 H (All versions < V3.3.4), SIMATIC MV550 S (All versions < V3.3.4), SIMATIC MV560 U (All versions < V3.3.4), SIMATIC MV560 X (All versions < V3.3.4). The result synchronization server of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation of all socket-based communication of the affected products if the result server is enabled.

CVSS v3 8.6 HIGH

8.6^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 4.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-561322.pdf	Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-561322.pdf	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:siemens:simatic_mv540_h_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_mv540_h:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:siemens:simatic_mv540_s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_mv540_s:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:siemens:simatic_mv550_h_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_mv550_h:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:siemens:simatic_mv550_s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_mv550_s:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:siemens:simatic_mv560_u_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_mv560_u:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:siemens:simatic_mv560_x_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_mv560_x:-:*:*:*:*:*:*:*

History

21 Nov 2024, 08:09

Type	Values Removed	Values Added
References	~~() https://cert-portal.siemens.com/productcert/pdf/ssa-561322.pdf - Vendor Advisory~~	() https://cert-portal.siemens.com/productcert/pdf/ssa-561322.pdf - Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~7.5~~	v2 : unknown v3 : 8.6

19 Jul 2023, 15:21

Type	Values Removed	Values Added
First Time		Siemens simatic Mv540 H Siemens Siemens simatic Mv540 H Firmware Siemens simatic Mv550 S Firmware Siemens simatic Mv550 H Firmware Siemens simatic Mv540 S Siemens simatic Mv560 U Firmware Siemens simatic Mv560 X Siemens simatic Mv560 X Firmware Siemens simatic Mv560 U Siemens simatic Mv550 H Siemens simatic Mv550 S Siemens simatic Mv540 S Firmware
References	~~(MISC) https://cert-portal.siemens.com/productcert/pdf/ssa-561322.pdf -~~	(MISC) https://cert-portal.siemens.com/productcert/pdf/ssa-561322.pdf - Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5
CPE		cpe:2.3:o:siemens:simatic_mv540_s_firmware:::::::: cpe:2.3:o:siemens:simatic_mv560_u_firmware:::::::: cpe:2.3:h:siemens:simatic_mv540_h:-:::::::* cpe:2.3:o:siemens:simatic_mv540_h_firmware:::::::: cpe:2.3:h:siemens:simatic_mv560_x:-:::::::* cpe:2.3:h:siemens:simatic_mv550_s:-:::::::* cpe:2.3:h:siemens:simatic_mv550_h:-:::::::* cpe:2.3:o:siemens:simatic_mv550_h_firmware:::::::: cpe:2.3:h:siemens:simatic_mv560_u:-:::::::* cpe:2.3:o:siemens:simatic_mv550_s_firmware:::::::: cpe:2.3:o:siemens:simatic_mv560_x_firmware:::::::: cpe:2.3:h:siemens:simatic_mv540_s:-:::::::*
CWE		CWE-770

11 Jul 2023, 10:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-07-11 10:15

Updated : 2024-11-21 08:09

NVD link : CVE-2023-36521

Mitre link : CVE-2023-36521

CVE.ORG link : CVE-2023-36521

JSON object : View

Products Affected

siemens

simatic_mv550_h
simatic_mv540_h
simatic_mv550_h_firmware
simatic_mv560_x_firmware
simatic_mv540_h_firmware
simatic_mv540_s_firmware
simatic_mv560_u_firmware
simatic_mv540_s
simatic_mv560_u
simatic_mv550_s_firmware
simatic_mv560_x
simatic_mv550_s

CWE

CWE-770

Allocation of Resources Without Limits or Throttling

8.6 /10