CVE-2023-36521

Description

A vulnerability has been identified in SIMATIC MV540 H (All versions < V3.3.4), SIMATIC MV540 S (All versions < V3.3.4), SIMATIC MV550 H (All versions < V3.3.4), SIMATIC MV550 S (All versions < V3.3.4), SIMATIC MV560 U (All versions < V3.3.4), SIMATIC MV560 X (All versions < V3.3.4). The result synchronization server of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation of all socket-based communication of the affected products if the result server is enabled.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

None

Integrity

None

Availability

High

Physical

Changed

Affected products

Siemens / SIMATIC MV540 HAll versions < V3.3.4 – All versions < V3.3.4
Siemens / SIMATIC MV540 SAll versions < V3.3.4 – All versions < V3.3.4
Siemens / SIMATIC MV550 HAll versions < V3.3.4 – All versions < V3.3.4
Siemens / SIMATIC MV550 SAll versions < V3.3.4 – All versions < V3.3.4
Siemens / SIMATIC MV560 UAll versions < V3.3.4 – All versions < V3.3.4
Siemens / SIMATIC MV560 XAll versions < V3.3.4 – All versions < V3.3.4

References

MISChttps://cert-portal.siemens.com/productcert/pdf/ssa-561322.pdf