Unrated severityNVD Advisory· Published Oct 10, 2023· Updated Sep 19, 2024

CVE-2023-37194

Description

A vulnerability has been identified in SIMATIC CP 1604 (All versions), SIMATIC CP 1616 (All versions), SIMATIC CP 1623 (All versions), SIMATIC CP 1626 (All versions), SIMATIC CP 1628 (All versions). The kernel memory of affected devices is exposed to user-mode via direct memory access (DMA) which could allow a local attacker with administrative privileges to execute arbitrary code on the host system without any restrictions.

Affected products

Siemens Foundation/Cp 1604 Firmwarecpe-rescue
Range: All versions
Siemens Foundation/Cp 1616 Firmwarecpe-rescue
Range: All versions
Siemens/SIMATIC CP 1623v5
Range: All versions
Siemens Foundation/Simatic Cp 1626 Firmwarecpe-rescue
Range: All versions
Siemens/SIMATIC CP 1628v5
Range: All versions

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

cert-portal.siemens.com/productcert/pdf/ssa-784849.pdfmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000