Podatność CVE-2023-38380
Publikacja: 2023-12-12   Modyfikacja: 2023-12-14

Opis:
A vulnerability has been identified in SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-1 (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-7 LTE (All versions), SIMATIC CP 1243-8 IRC (All versions), SIMATIC CP 1543-1 (All versions), SINAMICS S210 (6SL5...) (All versions >= V6.1 < V6.1 HF2), SIPLUS NET CP 1543-1 (All versions). The webserver implementation of the affected products does not correctly release allocated memory after it has been used.

An attacker with network access could use this vulnerability to cause a denial-of-service condition in the webserver of the affected product.

Typ:

CWE-401

 (Improper Release of Memory Before Removing Last Reference ('Memory Leak'))

 Referencje:
https://cert-portal.siemens.com/productcert/pdf/ssa-693975.pdf
Copyright 2024, cxsecurity.com

 

Back to Top