CVE-2023-36521

Summary

A vulnerability has been identified in SIMATIC MV540 H (All versions < V3.3.4), SIMATIC MV540 S (All versions < V3.3.4), SIMATIC MV550 H (All versions < V3.3.4), SIMATIC MV550 S (All versions < V3.3.4), SIMATIC MV560 U (All versions < V3.3.4), SIMATIC MV560 X (All versions < V3.3.4). The result synchronization server of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation of all socket-based communication of the affected products if the result server is enabled.

Affected Software

VendorProductVersion RangeStatus
SiemensSIMATIC MV540 HAll versions < V3.3.4affected
SiemensSIMATIC MV540 SAll versions < V3.3.4affected
SiemensSIMATIC MV550 HAll versions < V3.3.4affected
SiemensSIMATIC MV550 SAll versions < V3.3.4affected
SiemensSIMATIC MV560 UAll versions < V3.3.4affected
SiemensSIMATIC MV560 XAll versions < V3.3.4affected

Weaknesses

  • CWE-770: CWE-770: Allocation of Resources Without Limits or Throttling

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References