CVE-2023-32735
CVSS 3.1 Score 6.5 of 10 (medium)
Details
Summary
CVE-2023-32735 is a newly identified vulnerability affecting various Siemens automation software versions, including SIMATIC STEP 7 Safety, SIMATIC WinCC, SIMOTION SCOUT TIA, SINAMICS Startdrive, and SIRIUS Safety ES. The issue lies in the .NET BinaryFormatter's improper handling of deserializing hardware configuration profiles. This flaw, known as Type Confusion, can enable attackers to execute arbitrary code within the affected applications. This vulnerability is similar to CA2300, a Microsoft Code Analysis security guideline for .NET BinaryFormatter deserialization risks. Affected software versions include those prior to V16 Update 7 for SIMATIC STEP 7 Safety series, V17 Update 7 for SIMATIC WinCC Unified series, and various other updates for other software listed in the CVE description.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Advisories, Assessments, and Mitigations
Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future
- Gain complete coverage of your cyber, third party, and physical attack surface
- Proactively mitigate threats before they turn into costly attacks
- Make fast, effective, data-driven decisions