CVE-2023-37195

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-37195
A vulnerability has been identified in SIMATIC CP 1604 (All versions), SIMATIC CP 1616 (All versions), SIMATIC CP 1623 (All versions), SIMATIC CP 1626 (All versions), SIMATIC CP 1628 (All versions). Affected devices insufficiently control continuous mapping of direct memory access (DMA) requests. This could allow local attackers with administrative privileges to cause a denial of service situation on the host. A physical power cycle is required to get the system working again.

4.4 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-784849.pdf Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:siemens:simatic_cp_1604_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_cp_1604:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:siemens:simatic_cp_1616_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_cp_1616:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:siemens:simatic_cp_1623_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_cp_1623:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:siemens:simatic_cp_1626_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_cp_1626:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:siemens:simatic_cp_1628_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_cp_1628:-:*:*:*:*:*:*:*
History

16 Oct 2023, 18:31

Type Values Removed Values Added
CPE cpe:2.3:h:siemens:simatic_cp_1623:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_cp_1626:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simatic_cp_1628_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_cp_1616:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simatic_cp_1604_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simatic_cp_1616_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_cp_1604:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simatic_cp_1623_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simatic_cp_1626_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_cp_1628:-:*:*:*:*:*:*:*
First Time Siemens simatic Cp 1616
Siemens simatic Cp 1604
Siemens simatic Cp 1626
Siemens simatic Cp 1628 Firmware
Siemens simatic Cp 1623
Siemens simatic Cp 1626 Firmware
Siemens simatic Cp 1623 Firmware
Siemens simatic Cp 1628
Siemens
Siemens simatic Cp 1604 Firmware
Siemens simatic Cp 1616 Firmware
References (MISC) https://cert-portal.siemens.com/productcert/pdf/ssa-784849.pdf - (MISC) https://cert-portal.siemens.com/productcert/pdf/ssa-784849.pdf - Vendor Advisory

10 Oct 2023, 11:15

Type Values Removed Values Added
New CVE
Information

Published : 2023-10-10 11:15

Updated : 2023-12-10 15:14

NVD link : CVE-2023-37195

Mitre link : CVE-2023-37195

CVE.ORG link : CVE-2023-37195

JSON object : View

Products Affected

siemens

  • simatic_cp_1626_firmware
  • simatic_cp_1628
  • simatic_cp_1626
  • simatic_cp_1623_firmware
  • simatic_cp_1616_firmware
  • simatic_cp_1616
  • simatic_cp_1623
  • simatic_cp_1604_firmware
  • simatic_cp_1604
  • simatic_cp_1628_firmware
CWE
CWE-400

Uncontrolled Resource Consumption