SSA-962515: Out of Bounds Read Vulnerability in Industrial Products

Discussion about security topics in WinCC OA!
Search
Advanced search
Post Reply
2 posts • Page 1 of 1
setschel
Posts: 10
Joined: Thu Oct 14, 2021 12:50 pm

SSA-962515: Out of Bounds Read Vulnerability in Industrial Products

Post by setschel »

Hello,

according to
https://cert-portal.siemens.com/product ... 62515.html
there is a CVE (CVE-2023-46280) which affects all WinCC OA versions 3.17, 3.18 (up to P025) and 3.19 (up to P010).

Vulnerability description according to link above: "This could allow an attacker to cause a Blue Screen of Death (BSOD) crash of the underlying Windows kernel".

Is this vulnerability also relevant for the WinCC OA versions 3.17, 3.18 < P025 and 3.19 < P010 running on a linux system?

We are using Oracle Linux 9.3 (WinCC OA V3.19), Oracle Linux 8.7 (WinCC OA V3.18) and CentOS 8 (WinCC OA V3.17).

Kind regards
Top
setschel
Posts: 10
Joined: Thu Oct 14, 2021 12:50 pm

Re: SSA-962515: Out of Bounds Read Vulnerability in Industrial Products

Post by setschel »

We got already an answer via siemens support portal:

"This vulnerability only affects Windows operating system"

Sorry for the inconvenience.

Kind regards
Top
Post Reply
2 posts • Page 1 of 1

Return to “Security”