CVE-2023-32735
CVSS 3.1 Score 6.5 of 10 (medium)
Details
Summary
CVE-2023-32735 is a newly identified vulnerability affecting various Siemens automation software versions, including SIMATIC STEP 7 Safety, SIMATIC WinCC, SIMOTION SCOUT TIA, SINAMICS Startdrive, and SIRIUS Safety ES. The issue lies in the .NET BinaryFormatter's improper handling of deserializing hardware configuration profiles. This flaw, known as Type Confusion, can enable attackers to execute arbitrary code within the affected applications. This vulnerability is similar to CA2300, a Microsoft Code Analysis security guideline for .NET BinaryFormatter deserialization risks. Affected software versions include those prior to V16 Update 7 for SIMATIC STEP 7 Safety series, V17 Update 7 for SIMATIC WinCC Unified series, and various other updates for other software listed in the CVE description.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.