Full Report
Several industrial products contain an out of bounds read vulnerability that could allow an attacker to cause a Blue Screen of Death (BSOD) crash of the underlying Windows kernel, leading to denial of service condition. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends countermeasures for products where fixes are not, or not yet available.
Analysis Summary
# Vulnerability: Out of Bounds Read in Siemens Industrial Products
## CVE Details
- **CVE ID:** CVE-2023-46280
- **CVSS Score:** 6.5 (Medium) via CVSS v3.1 / 8.2 (High) via CVSS v4.0
- **CWE:** CWE-125 (Out-of-bounds Read)
## Affected Systems
- **Products:**
- Security Configuration Tool (SCT)
- SIMATIC Automation Tool
- SIMATIC BATCH (V9.1)
- SIMATIC NET PC Software (V16, V17, V18, V19)
- SIMATIC PCS 7 (V9.1)
- SIMATIC PDM (V9.2)
- SIMATIC Route Control (V9.1)
- SIMATIC S7-PCT
- SIMATIC STEP 7 V5
- SIMATIC WinCC (V7.5, V8.0)
- SIMATIC WinCC Runtime (Advanced, Professional V16-V19)
- SINUMERIK PLC Programming Tool
- TIA Portal (V17, V18)
- **Versions:** Multiple versions prior to late 2024 updates (see Remediation for specific versions).
- **Configurations:** Systems running affected Siemens software on Windows-based operating systems.
## Vulnerability Description
Affected Siemens industrial applications contain an out-of-bounds read flaw. Because these applications interact closely with system drivers or kernel-level components, a specially crafted input can trigger a read operation beyond the intended memory buffer. This memory corruption leads to a Blue Screen of Death (BSOD) crash of the underlying Windows kernel.
## Exploitation
- **Status:** PoC available (Proof of Concept)
- **Complexity:** Low
- **Attack Vector:** Local (Requires local access to the system to trigger the flaw)
## Impact
- **Confidentiality:** None
- **Integrity:** None
- **Availability:** High (Results in total denial of service via system crash)
## Remediation
### Patches
Siemens recommends updating to the following versions or later:
- **SIMATIC Automation Tool:** V5.0 SP2
- **SIMATIC BATCH V9.1:** V9.1 SP2 Upd5
- **SIMATIC NET PC Software:** V16 Update 8, V18 SP1, or V19 Update 2
- **SIMATIC PCS 7 V9.1:** V9.1 SP2 UC05
- **SIMATIC PDM V9.2:** V9.2 SP2 Upd3
- **SIMATIC Route Control V9.1:** V9.1 SP2 Upd3
- **SIMATIC S7-PCT:** V3.5 SP3 Update 6
- **SIMATIC STEP 7 V5:** V5.7 SP3
- **TIA Portal V18:** V18 Update 4
*Note: For SCT and SIMATIC NET PC Software V17, no fix is currently planned or available.*
### Workarounds
- Restrict physical and interactive access to affected workstations to authorized personnel only.
- Implement a principle of least privilege for local users.
## Detection
- **Indicators of Compromise:** Unexpected system reboots or Blue Screen of Death (BSOD) events associated with the execution of Siemens industrial software.
- **Detection methods and tools:** Monitor Windows Event Logs for BugCheck codes and system crashes. Use endpoint protection tools to monitor for unusual memory access patterns by the affected Siemens processes.
## References
- **Vendor Advisory:** [https://cert-portal.siemens.com/productcert/html/ssa-962515.html](https://cert-portal.siemens.com/productcert/html/ssa-962515.html)
- **Siemens ProductCERT:** [https://www.siemens.com/cert/advisories](https://www.siemens.com/cert/advisories)
- **Support Links:**
- [https://support.industry.siemens.com/cs/ww/en/view/98161300/](https://support.industry.siemens.com/cs/ww/en/view/98161300/)
- [https://support.industry.siemens.com/cs/ww/en/view/109812242/](https://support.industry.siemens.com/cs/ww/en/view/109812242/)