Skip to main content

CSA will never ask you to transfer money or disclose banking details. Stay vigilant.

If unsure, call the 24/7 ScamShield Helpline at 1799 to check. www.scamshield.gov.sg

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Critical Vulnerabilities in Siemens Products
Alerts

Critical Vulnerabilities in Siemens Products

17 January 2024

Siemens has released security updates addressing critical vulnerabilities (CVE-2023-51438 and CVE-2023-49621) in their SIMATIC IPC and SIMATIC NC 4100 products. The vulnerabilities have a Common Vulnerability Scoring System (CVSS) score of 10 and 9.8 out of 10, respectively.

The critical vulnerabilities are:

  • CVE-2023-51438: An improper input validation vulnerability could allow an attacker to gain unauthorised access to vulnerable devices or systems.

  • CVE-2023-49621: An improper management of default admin credentials could allow a remote attacker to gain unauthorised root access or perform denial-of-service (DoS) attacks.

The critical vulnerabilities affect the following products:

  • CVE-2023-51438: maxViewStorageManager versions before 4.14.00.26068

  • CVE-2023-49621: SIMATIC CN 4100 versions before 2.7

Users and administrators of affected product versions are advised to upgrade to the latest versions immediately.

More information is available here:

https://nvd.nist.gov/vuln/detail/CVE-2023-51438

https://nvd.nist.gov/vuln/detail/CVE-2023-49621

https://cert-portal.siemens.com/productcert/html/ssa-702935.html

https://cert-portal.siemens.com/productcert/html/ssa-777015.html

Back to top