CVE-2023-28829

Description

A vulnerability has been identified in SIMATIC NET PC Software V14 (All versions), SIMATIC NET PC Software V15 (All versions), SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC WinCC (All versions < V8.0), SINAUT Software ST7sc (All versions). Before SIMATIC WinCC V8, legacy OPC services (OPC DA (Data Access), OPC HDA (Historical Data Access), and OPC AE (Alarms & Events)) were used per default. These services were designed on top of the Windows ActiveX and DCOM mechanisms and do not implement state-of-the-art security mechanisms for authentication and encryption of contents.

References

Link	Tags
https://cert-portal.siemens.com/productcert/pdf/ssa-508677.pdf	patch vendor advisory

Frequently Asked Questions

What is the severity of CVE-2023-28829?: CVE-2023-28829 has been scored as a low severity vulnerability.
How to fix CVE-2023-28829?: To fix CVE-2023-28829, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2023-28829 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2023-28829 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-28829?: CVE-2023-28829 affects Siemens SIMATIC NET PC Software V14, Siemens SIMATIC NET PC Software V15, Siemens SIMATIC PCS 7 V8.2, Siemens SIMATIC PCS 7 V9.0, Siemens SIMATIC PCS 7 V9.1, Siemens SIMATIC WinCC, Siemens SINAUT Software ST7sc.

Description

Category

CWE-477 – Use of Obsolete Function

References

Frequently Asked Questions