SSA-088132 — Vulnetix

SSA-088132 PUBLISHED CVSS 5.300000190734863 MEDIUM

Unified Automation .NET based OPC UA Server SDK before 3.2.2 used in Siemens products are affected by a similar vulnerability as documented in CVE-2023-27321 for the OPC Foundation UA .NET Standard implementation. A successful attack may lead to high load situation and memory exhaustion, and may block the server.

Risk Scores

CVSS 3.1

5.300000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected Products

Vendor	Product	Versions
Siemens	SIMIT V10
Siemens	SIMATIC Energy Manager PRO
Siemens	SIMATIC Energy Manager Basic
Siemens	SIMATIC IPC DiagMonitor
Siemens	SIMATIC IPC DiagBase
Siemens	SIMIT V11

Timeline

Jul 9, 2024 CVE Published
Sep 10, 2024 CVE Updated

References

https://cert-portal.siemens.com/productcert/csaf/ssa-088132.json advisory
https://cert-portal.siemens.com/productcert/html/ssa-088132.html advisory
https://support.industry.siemens.com/cs/ww/en/view/109820441/ patch
https://support.industry.siemens.com/cs/ww/en/view/109827289/ patch

Open in Interactive Console →