THREATINT

We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Fathom (Privacy friendly web analytics)
Zendesk (Helpdesk and Chat)

Ok

Home | EN
Support
CVE
PUBLISHED

CVE-2023-32737

Assignersiemens
Reserved2023-05-12
Published2024-07-09
Updated2024-07-09

Description

A vulnerability has been identified in SIMATIC STEP 7 Safety V18 (All versions < V18 Update 2). Affected applications do not properly restrict the .NET BinaryFormatter when deserializing user-controllable input. This could allow an attacker to cause a type confusion and execute arbitrary code within the affected application. This is the same issue that exists for .NET BinaryFormatter https://docs.microsoft.com/en-us/visualstudio/code-quality/ca2300.



MEDIUM: 6.3CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
HIGH: 7.0CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-502: Deserialization of Untrusted Data

Product status

Default status
unknown

Any version before V18 Update 2
affected

References

https://cert-portal.siemens.com/productcert/html/ssa-313039.html

cve.org CVE-2023-32737

nvd.nist.gov CVE-2023-32737

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2023-32737
© Copyright 2024 THREATINT. Made in Cyprus with +