CVE-2023-51440

Summary

A vulnerability has been identified in SIMATIC CP 343-1 (6GK7343-1EX30-0XE0) (All versions), SIMATIC CP 343-1 Lean (6GK7343-1CX10-0XE0) (All versions), SIPLUS NET CP 343-1 (6AG1343-1EX30-7XE0) (All versions), SIPLUS NET CP 343-1 Lean (6AG1343-1CX10-2XE0) (All versions). Affected products incorrectly validate TCP sequence numbers. This could allow an unauthenticated remote attacker to create a denial of service condition by injecting spoofed TCP RST packets.

Affected Software

VendorProductVersion RangeStatus
SiemensSIMATIC CP 343-1All versionsaffected
SiemensSIMATIC CP 343-1 LeanAll versionsaffected
SiemensSIPLUS NET CP 343-1All versionsaffected
SiemensSIPLUS NET CP 343-1 LeanAll versionsaffected

Weaknesses

  • CWE-940: CWE-940: Improper Verification of Source of a Communication Channel

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References