Lucene search

PRIOn knowledge basePRION:CVE-2023-36521

HistoryJul 11, 2023 - 10:15 a.m.

Code injection

2023-07-1110:15:00

PRIOn knowledge base

www.prio-n.com

vulnerability

simatic mv540

simatic mv550

simatic mv560

denial of service

code injection

7.3 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.1%

JSON

A vulnerability has been identified in SIMATIC MV540 H (All versions < V3.3.4), SIMATIC MV540 S (All versions < V3.3.4), SIMATIC MV550 H (All versions < V3.3.4), SIMATIC MV550 S (All versions < V3.3.4), SIMATIC MV560 U (All versions < V3.3.4), SIMATIC MV560 X (All versions < V3.3.4). The result synchronization server of the affected products contains a
vulnerability that may lead to a denial of service condition. An attacker may
cause a denial of service situation of all socket-based communication of the
affected products if the result server is enabled.

CPENameOperatorVersion
simatic_mv540_h_firmwarelt3.3.4
simatic_mv540_s_firmwarelt3.3.4
simatic_mv550_h_firmwarelt3.3.4
simatic_mv550_s_firmwarelt3.3.4
simatic_mv560_u_firmwarelt3.3.4
simatic_mv560_x_firmwarelt3.3.4

Name	Operator	Version
simatic_mv540_h_firmware	lt	3.3.4
simatic_mv540_s_firmware	lt	3.3.4
simatic_mv550_h_firmware	lt	3.3.4
simatic_mv550_s_firmware	lt	3.3.4
simatic_mv560_u_firmware	lt	3.3.4
simatic_mv560_x_firmware	lt	3.3.4

References

cert-portal.siemens.com/productcert/pdf/ssa-561322.pdf