CVE-2023-30755
CVSS 3.1 Score 4.4 of 10 (medium)
Details
Summary
CVE-2023-30755 is a vulnerability affecting multiple Siemens products, including SIMATIC CP 1242-7 V2 and its SIPLUS variants, as well as various versions of SIMATIC CP 1243-1 and HMI Comfort Panels, among others (all versions < V3.5.20). This vulnerability arises from the web server's improper handling of shutdown or reboot requests, potentially allowing remote attackers with elevated privileges to cause a denial of service by disrupting resource management. The severity of this vulnerability is rated as medium with a CVSS base score of 4.4, requiring high privileges for exploitation without user interaction. Remediation involves upgrading the affected devices to versions equal to or greater than V3.5.20 for the CPs and V2.4.8 for the TIM variants to mitigate the risk associated with this vulnerability. Organizations utilizing these devices may face significant availability impacts if an attack were to occur, emphasizing the importance of timely updates and security measures.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.