7.5
CVE-2023-35920
- EPSS 0.73%
- Published 11.07.2023 10:15:10
- Last modified 21.11.2024 08:08:58
- Source productcert@siemens.com
- Teams watchlist Login
- Open Login
A vulnerability has been identified in SIMATIC MV540 H (All versions < V3.3.4), SIMATIC MV540 S (All versions < V3.3.4), SIMATIC MV550 H (All versions < V3.3.4), SIMATIC MV550 S (All versions < V3.3.4), SIMATIC MV560 U (All versions < V3.3.4), SIMATIC MV560 X (All versions < V3.3.4). Affected devices cannot properly process specially crafted IP packets sent to the devices. This could allow an unauthenticated remote attacker to cause a denial of service condition. The affected devices must be restarted manually.
Data is provided by the National Vulnerability Database (NVD)
Siemens ≫ Simatic Mv540 H Firmware Version < 3.3.4
Siemens ≫ Simatic Mv540 S Firmware Version < 3.3.4
Siemens ≫ Simatic Mv550 H Firmware Version < 3.3.4
Siemens ≫ Simatic Mv550 S Firmware Version < 3.3.4
Siemens ≫ Simatic Mv560 U Firmware Version < 3.3.4
Siemens ≫ Simatic Mv560 X Firmware Version < 3.3.4
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.73% | 0.714 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| productcert@siemens.com | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
CWE-400 Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.