U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Vulnerability Change Records for CVE-2023-38380

Change History

New CVE Received from Siemens AG 12/12/2023 7:15:11 AM

Action Type Old Value New Value
Added Description

								
							
							
						
A vulnerability has been identified in SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-1 (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-7 LTE (All versions), SIMATIC CP 1243-8 IRC (All versions), SIMATIC CP 1543-1 (All versions), SINAMICS S210 (6SL5...) (All versions >= V6.1 < V6.1 HF2), SIPLUS NET CP 1543-1 (All versions). The webserver implementation of the affected products does not correctly release allocated memory after it has been used.

An attacker with network access could use this vulnerability to cause a denial-of-service condition in the webserver of the affected product.
Added CVSS V3.1

								
							
							
						
Siemens AG AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Added CWE

								
							
							
						
Siemens AG CWE-401
Added Reference

								
							
							
						
Siemens AG https://cert-portal.siemens.com/productcert/pdf/ssa-693975.pdf [No types assigned]