- Home
- Alerts & Advisories
- Alerts
- Critical Vulnerabilities in Siemens Products
Critical Vulnerabilities in Siemens Products
17 January 2024
Siemens has released security updates addressing critical vulnerabilities (CVE-2023-51438 and CVE-2023-49621) in their SIMATIC IPC and SIMATIC NC 4100 products. The vulnerabilities have a Common Vulnerability Scoring System (CVSS) score of 10 and 9.8 out of 10, respectively.
The critical vulnerabilities are:
CVE-2023-51438: An improper input validation vulnerability could allow an attacker to gain unauthorised access to vulnerable devices or systems.
CVE-2023-49621: An improper management of default admin credentials could allow a remote attacker to gain unauthorised root access or perform denial-of-service (DoS) attacks.
The critical vulnerabilities affect the following products:
CVE-2023-51438: maxViewStorageManager versions before 4.14.00.26068
CVE-2023-49621: SIMATIC CN 4100 versions before 2.7
Users and administrators of affected product versions are advised to upgrade to the latest versions immediately.
More information is available here:
https://nvd.nist.gov/vuln/detail/CVE-2023-51438
https://nvd.nist.gov/vuln/detail/CVE-2023-49621
https://cert-portal.siemens.com/productcert/html/ssa-702935.html
https://cert-portal.siemens.com/productcert/html/ssa-777015.html