CVE-2023-30756

Description

A vulnerability has been identified in SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-1 (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-7 LTE (All versions < V3.5.20), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions < V3.5.20), SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions), SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions), SIMATIC WinCC Runtime Advanced (All versions), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions < V2.4.8), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions < V2.4.8). The web server of the affected devices do not properly handle certain errors when using the Expect HTTP request header, resulting in NULL dereference. This could allow a remote attacker with no privileges to cause a denial of service condition in the system.

Category

8.2
CVSS
Severity: High
CVSS 4.0 •
CVSS 3.1 •
EPSS 0.17%
Affected: Siemens SIMATIC CP 1242-7 V2 (incl. SIPLUS variants)
Affected: Siemens SIMATIC CP 1243-1 (incl. SIPLUS variants)
Affected: Siemens SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants)
Affected: Siemens SIMATIC CP 1243-1 IEC (incl. SIPLUS variants)
Affected: Siemens SIMATIC CP 1243-7 LTE
Affected: Siemens SIMATIC CP 1243-8 IRC
Affected: Siemens SIMATIC HMI Comfort Panels (incl. SIPLUS variants)
Affected: Siemens SIMATIC IPC DiagBase
Affected: Siemens SIMATIC IPC DiagMonitor
Affected: Siemens SIMATIC WinCC Runtime Advanced
Affected: Siemens SIPLUS TIM 1531 IRC
Affected: Siemens TIM 1531 IRC
Published at:
Updated at:

References

Link Tags
https://cert-portal.siemens.com/productcert/html/ssa-423808.html

Frequently Asked Questions

What is the severity of CVE-2023-30756?
CVE-2023-30756 has been scored as a high severity vulnerability.
How to fix CVE-2023-30756?
To fix CVE-2023-30756, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2023-30756 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2023-30756 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-30756?
CVE-2023-30756 affects Siemens SIMATIC CP 1242-7 V2 (incl. SIPLUS variants), Siemens SIMATIC CP 1243-1 (incl. SIPLUS variants), Siemens SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants), Siemens SIMATIC CP 1243-1 IEC (incl. SIPLUS variants), Siemens SIMATIC CP 1243-7 LTE, Siemens SIMATIC CP 1243-8 IRC, Siemens SIMATIC HMI Comfort Panels (incl. SIPLUS variants), Siemens SIMATIC IPC DiagBase, Siemens SIMATIC IPC DiagMonitor, Siemens SIMATIC WinCC Runtime Advanced, Siemens SIPLUS TIM 1531 IRC, Siemens TIM 1531 IRC.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.