CVE-2023-32735

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Jul 9, 2024

CWE ID 502

Summary

CVE-2023-32735 is a newly identified vulnerability affecting various Siemens automation software versions, including SIMATIC STEP 7 Safety, SIMATIC WinCC, SIMOTION SCOUT TIA, SINAMICS Startdrive, and SIRIUS Safety ES. The issue lies in the .NET BinaryFormatter's improper handling of deserializing hardware configuration profiles. This flaw, known as Type Confusion, can enable attackers to execute arbitrary code within the affected applications. This vulnerability is similar to CA2300, a Microsoft Code Analysis security guideline for .NET BinaryFormatter deserialization risks. Affected software versions include those prior to V16 Update 7 for SIMATIC STEP 7 Safety series, V17 Update 7 for SIMATIC WinCC Unified series, and various other updates for other software listed in the CVE description.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future

Note: This is just a basic overview providing quick insights into CVE-2023-32735 information. Gain full access to comprehensive CVE data, third party vulnerabilities, compromised credentials and more with Recorded Future

Gain complete coverage of your cyber, third party, and physical attack surface
Proactively mitigate threats before they turn into costly attacks
Make fast, effective, data-driven decisions

Book your demo

Sign in

Back to Vulnerability Database