CVE-2023-52891

MEDIUM5.3

Description

A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.5), SIMATIC Energy Manager PRO (All versions < V7.5), SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions), SIMIT V10 (All versions), SIMIT V11 (All versions < V11.1). Unified Automation .NET based OPC UA Server SDK before 3.2.2 used in Siemens products are affected by a similar vulnerability as documented in CVE-2023-27321 for the OPC Foundation UA .NET Standard implementation. A successful attack may lead to high load situation and memory exhaustion, and may block the server.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

Affected products

Siemens / SIMATIC Energy Manager Basic0 – V7.5
Siemens / SIMATIC Energy Manager PRO0 – V7.5
Siemens / SIMATIC IPC DiagBase0 – *
Siemens / SIMATIC IPC DiagMonitor0 – *
Siemens / SIMIT V100 – *
Siemens / SIMIT V110 – V11.1

References

MISChttps://cert-portal.siemens.com/productcert/html/ssa-088132.html