CVE-2023-32736

Published Nov 12, 2024

Last updated 5 days ago

CVSS high 7.0

Overview

Description
A vulnerability has been identified in SIMATIC S7-PLCSIM V16 (All versions), SIMATIC S7-PLCSIM V17 (All versions), SIMATIC STEP 7 Safety V16 (All versions), SIMATIC STEP 7 Safety V17 (All versions < V17 Update 8), SIMATIC STEP 7 Safety V18 (All versions < V18 Update 5), SIMATIC STEP 7 V16 (All versions), SIMATIC STEP 7 V17 (All versions < V17 Update 8), SIMATIC STEP 7 V18 (All versions < V18 Update 5), SIMATIC WinCC Unified V16 (All versions), SIMATIC WinCC Unified V17 (All versions < V17 Update 8), SIMATIC WinCC Unified V18 (All versions < V18 Update 5), SIMATIC WinCC V16 (All versions), SIMATIC WinCC V17 (All versions < V17 Update 8), SIMATIC WinCC V18 (All versions < V18 Update 5), SIMOCODE ES V16 (All versions), SIMOCODE ES V17 (All versions < V17 Update 8), SIMOCODE ES V18 (All versions), SIMOTION SCOUT TIA V5.4 SP1 (All versions), SIMOTION SCOUT TIA V5.4 SP3 (All versions), SIMOTION SCOUT TIA V5.5 SP1 (All versions), SINAMICS Startdrive V16 (All versions), SINAMICS Startdrive V17 (All versions), SINAMICS Startdrive V18 (All versions), SIRIUS Safety ES V17 (All versions < V17 Update 8), SIRIUS Safety ES V18 (All versions), SIRIUS Soft Starter ES V17 (All versions < V17 Update 8), SIRIUS Soft Starter ES V18 (All versions), TIA Portal Cloud V16 (All versions), TIA Portal Cloud V17 (All versions < V4.6.0.1), TIA Portal Cloud V18 (All versions < V4.6.1.0). Affected products do not properly sanitize user-controllable input when parsing user settings. This could allow an attacker to cause a type confusion and execute arbitrary code within the affected application.
Source
productcert@siemens.com
NVD status
Awaiting Analysis

Risk scores

CVSS 4.0

Type
Secondary
Base score
7
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
HIGH

CVSS 3.1

Type
Primary
Base score
7.3
Impact score
5.9
Exploitability score
1.3
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

productcert@siemens.com
CWE-502

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

1

  1. CVE-2023-32736 (CVSS:7.3, HIGH) is Awaiting Analysis. A vulnerability has been identified in SIMATIC S7-PLCSIM V16 (All versions), SIMATIC S7-PLCSIM V17 (All versions), SIMAT..https://t.co/vvFOQp7cJF #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre

    @cracbot

    17 Nov 2024

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🚨 CVE-2023-32736 (Published: 2024-11-12) affects Siemens products. Vulnerable versions are at risk! 🛡️ Ensure your systems are secure by applying the latest patches and following remediation guidelines. For detailed info, visit: https://t.co/Zhi2h099qW #CyberSecurity #CVE

    @transilienceai

    13 Nov 2024

    19 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 🚨 CVE-2023-32736 (Published: 2024-11-12) affects specific Siemens products. Ensure your systems are updated to the latest versions to mitigate vulnerabilities. For detailed remediation steps, visit: https://t.co/Zhi2h099qW. Stay secure! #CyberSecurity #Siemens

    @transilienceai

    13 Nov 2024

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. 🚨 CVE-2023-32736 (Published: 2024-11-12) - High severity vulnerability in Siemens products. Affects specific versions. Remediation details can be found here: https://t.co/Zhi2h099qW. Ensure your systems are updated to mitigate risks! #CyberSecurity #Siemens

    @transilienceai

    13 Nov 2024

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. 🚨 CVE-2023-32736 (Published: 2024-11-12) - High severity vulnerability in Siemens products. Affects specific versions. Remediation details can be found here: [Siemens Security Advisory](https://t.co/Zhi2h099qW). Ensure your systems are updated to mitigate risks! #CyberSecurity

    @transilienceai

    13 Nov 2024

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. 🚨 CVE-2023-32736 (Published: 2024-11-12) - High severity vulnerability in Siemens products. Affects specific versions. Remediation details available here: [Siemens Security Advisory](https://t.co/Zhi2h099qW). Ensure your systems are updated to mitigate risks! #CyberSecurity… htt

    @transilienceai

    13 Nov 2024

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. CVE-2023-32736 A vulnerability has been identified in SIMATIC S7-PLCSIM V16 (All versions), SIMATIC S7-PLCSIM V17 (All versions), SIMATIC STEP 7 Safety V16 (All versions), SIMATIC S… https://t.co/iHHyGvBn6z

    @CVEnew

    12 Nov 2024

    306 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

References