8.6

CVE-2023-36521

A vulnerability has been identified in SIMATIC MV540 H (All versions < V3.3.4), SIMATIC MV540 S (All versions < V3.3.4), SIMATIC MV550 H (All versions < V3.3.4), SIMATIC MV550 S (All versions < V3.3.4), SIMATIC MV560 U (All versions < V3.3.4), SIMATIC MV560 X (All versions < V3.3.4). The result synchronization server of the affected products contains a
vulnerability that may lead to a denial of service condition. An attacker may
cause a denial of service situation of all socket-based communication of the
affected products if the result server is enabled.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SiemensSimatic Mv540 H Firmware Version < 3.3.4
   SiemensSimatic Mv540 H Version-
SiemensSimatic Mv540 S Firmware Version < 3.3.4
   SiemensSimatic Mv540 S Version-
SiemensSimatic Mv550 H Firmware Version < 3.3.4
   SiemensSimatic Mv550 H Version-
SiemensSimatic Mv550 S Firmware Version < 3.3.4
   SiemensSimatic Mv550 S Version-
SiemensSimatic Mv560 U Firmware Version < 3.3.4
   SiemensSimatic Mv560 U Version-
SiemensSimatic Mv560 X Firmware Version < 3.3.4
   SiemensSimatic Mv560 X Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.52% 0.402
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
productcert@siemens.com 8.6 3.9 4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
CWE-770 Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.

https://cert-portal.siemens.com/productcert/pdf/ssa-561322.pdf
Vendor Advisory