CVE-2023-4911

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC S7-1500 CPU family Vulnerabilities: Missing Encryption of Sensitive Data, Out-of-bounds Read, Use After Free, Stack-based Buffer Overflow, Incorrect Provision of Specified Functionality, Out-of-bounds Write, Incorrect Calculation of Buffer Size, Heap-based Buffer Overflow, External Control of File Name or Path, Uncontrolled Resource Consumption, Improper Input Validation, Truncation of Security-relevant Information, Missing Critical Step in Authentication, Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Access of Resource Using Incompatible Type ('Type Confusion'), Signal Handler Race Condition, Inefficient Algorithmic Complexity, Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition'), NULL Pointer Dereference, Reachable Assertion, Return of Pointer Value Outside of Expected Range, Improper Handling of Length Parameter Inconsistency, Integer Overflow or Wraparound, Improper Locking, Improper Validation of Array Index, Buffer Underwrite ('Buffer Underflow'), Use of Uninitialized Resource, Detection of Error Condition Without Action, Premature Release of Resource During Expected Lifetime 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to affect the confidentiality, integrity, or availability of affected devices. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0): V3.1.5 and...