CVE-2023-32736

CVSS 3.1 Score 7.3 of 10 (high)

Details

Published Nov 12, 2024

CWE ID 502

Summary

CVE-2023-32736 is a vulnerability that affects multiple Siemens automation software products, including SIMATIC S7-PLCSIM, STEP 7 Safety, WinCC, SIMOCODE ES, SIMOTION SCOUT TIA, and TIA Portal Cloud. The issue lies in the improper input sanitization when parsing user settings. An attacker can exploit this type confusion vulnerability to execute arbitrary code within the affected application. Products with versions prior to V16 Update 8, V17 Update 8, V18 Update 5, and V4.6.0.1 for TIA Portal Cloud are vulnerable. Users are advised to upgrade to the latest secure versions as soon as possible.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/0dvQxq
https://www.cve.org/CVERecord?id=CVE-2023-32736
https://nvd.nist.gov/vuln/detail/CVE-2023-32736

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

US Violent Extremists Likely Shifting Focus to Targeted Physical Threats in 2025

DRAT V2: Updated DRAT Emerges in TAG-140’s Arsenal

Threats to the 2025 NATO Summit

Know What Matters

For Customers

For Partners

CVE-2023-32736

CVSS 3.1 Score 7.3 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations