CVE-2023-35921

Summary

A vulnerability has been identified in SIMATIC MV540 H (All versions < V3.3.4), SIMATIC MV540 S (All versions < V3.3.4), SIMATIC MV550 H (All versions < V3.3.4), SIMATIC MV550 S (All versions < V3.3.4), SIMATIC MV560 U (All versions < V3.3.4), SIMATIC MV560 X (All versions < V3.3.4). Affected devices cannot properly process specially crafted Ethernet frames sent to the devices. This could allow an unauthenticated remote attacker to cause a denial of service condition. The affected devices must be restarted manually.

Affected Software

VendorProductVersion RangeStatus
SiemensSIMATIC MV540 HAll versions < V3.3.4affected
SiemensSIMATIC MV540 SAll versions < V3.3.4affected
SiemensSIMATIC MV550 HAll versions < V3.3.4affected
SiemensSIMATIC MV550 SAll versions < V3.3.4affected
SiemensSIMATIC MV560 UAll versions < V3.3.4affected
SiemensSIMATIC MV560 XAll versions < V3.3.4affected

Weaknesses

  • CWE-400: CWE-400: Uncontrolled Resource Consumption

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References