CVE-2023-46156
high-risk
Published 2023-12-12
Affected devices improperly handle specially crafted packets sent to port 102/tcp. This could allow an attacker to create a denial of service condition. A restart is needed to restore normal operations.
Do I need to act?
-
0.03% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10
High
NETWORK
/ LOW complexity
Affected Products (20)
Simatic Drive Controller Cpu 1504D Tf Firmware
Simatic Drive Controller Cpu 1507D Tf Firmware
Simatic Et 200Sp Open Control 1515Sp Pc2 Firmware
Simatic S7-1500 Cpu 1510Sp F-1 Pn Firmware
Simatic S7-1500 Cpu 1510Sp-1 Pn Firmware
Simatic S7-1500 Cpu 1511-1 Pn Firmware
Simatic S7-1500 Cpu 1511C-1 Pn Firmware
Simatic S7-1500 Cpu 1511F-1 Pn Firmware
Simatic S7-1500 Cpu 1511T-1 Pn Firmware
Simatic S7-1500 Cpu 1511Tf-1 Pn Firmware
Simatic S7-1500 Cpu 1512C-1 Pn Firmware
Simatic S7-1500 Cpu 1512Sp F-1 Pn Firmware
Simatic S7-1500 Cpu 1512Sp-1 Pn Firmware
Simatic S7-1500 Cpu 1513-1 Pn Firmware
Simatic S7-1500 Cpu 1513F-1 Pn Firmware
Simatic S7-1500 Cpu 1513R-1 Pn Firmware
Simatic S7-1500 Cpu 1514Sp F-2 Pn Firmware
Simatic S7-1500 Cpu 1514Sp-2 Pn Firmware
Simatic S7-1500 Cpu 1514Spt F-2 Pn Firmware
Simatic S7-1500 Cpu 1514Spt-2 Pn Firmware
Affected Vendors
References (8)
Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-280603.pdf
Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-592380.pdf
Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-280603.pdf
Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-592380.pdf
54
/ 100
high-risk
Severity
26/34 · High
Exploitability
0/34 · Minimal
Exposure
28/34 · Critical