SSA-779936 — Vulnetix

SSA-779936 PUBLISHED CVSS 6.5 MEDIUM

Affected applications do not properly restrict the .NET BinaryFormatter when deserializing user-controllable input. This could allow an attacker to cause a type confusion and execute arbitrary code within the affected application. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where fixes are not, or not yet available.

Risk Scores

CVSS v3.1

6.5

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

Affected Products

Vendor	Product	Versions
	SIMOCODE ES V18
	SIMATIC STEP 7 V17
	SIMATIC STEP 7 V16
	SIMATIC WinCC V16
	SIMATIC WinCC V17
	SIMOCODE ES V16
	SIMOTION SCOUT TIA V5.4 SP1
	SIMOCODE ES V17
	SIMATIC WinCC V18
	SIMATIC WinCC Unified V17
	SIMATIC STEP 7 V18
	SIMATIC WinCC Unified V16
	SINAMICS Startdrive V17
	SIMATIC STEP 7 Safety V16
	SIMATIC STEP 7 Safety V18
	SIMOTION SCOUT TIA V5.5 SP1
	SIMATIC WinCC Unified V18
	SIMATIC STEP 7 Safety V17
	SIMOTION SCOUT TIA V5.4 SP3
	SINAMICS Startdrive V16

Timeline

Jul 9, 2024 CVE Published

References

Open in Interactive Console →