Vulnetix
Try Vulnetix Request Demo
SSA-264814 PUBLISHED CVSS 5.900000095367432 MEDIUM

Several SIMATIC products are affected by a timing based side channel vulnerability in the OpenSSL RSA Decryption (CVE-2023-4304), as disclosed on 2023-02-07 at https://www.openssl.org/news/secadv/20230207.txt. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where fixes are not, or not yet available.

Risk Scores

CVSS v3.1
5.900000095367432
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C

Affected Products

VendorProductVersions
SIMATIC PDM V9.2
SIMATIC PDM V9.1
SIMATIC S7-300 CPU 314C-2 PN/DP (6ES7314-6EH04-0AB0)
SIMATIC Cloud Connect 7 CC716 (6GK1411-5AC00)
SIMATIC ET 200pro IM 154-8FX PN/DP CPU (6ES7154-8FX00-0AB0)
SIMATIC Process Historian 2022 OPC UA Server
SIMATIC Logon V1.6
SIMATIC ET 200pro IM 154-8 PN/DP CPU (6ES7154-8AB01-0AB0)
SIMATIC ET 200pro IM 154-8F PN/DP CPU (6ES7154-8FB01-0AB0)
SIMATIC ET 200S IM 151-8 PN/DP CPU (6ES7151-8AB01-0AB0)
SIMATIC ET 200S IM 151-8F PN/DP CPU (6ES7151-8FB01-0AB0)
SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)
SIMATIC Drive Controller CPU 1504D TF (6ES7615-4DF10-0AB0)
SIMATIC Drive Controller CPU 1507D TF (6ES7615-7DF10-0AB0)
SIMATIC Cloud Connect 7 CC712 (6GK1411-1AC00)
SIMATIC Process Historian 2020 OPC UA Server
SIMATIC Process Historian 2019 OPC UA Server

Timeline

References

…and 3 more

Open in Interactive Console →